Red Hat Bugzilla – Bug 466890
CVE-2008-4539 kvm/qemu/xen: Incomplete upstream fix for CVE-2007-1320
Last modified: 2016-03-01 04:27:05 EST
Created attachment 320281 [details]
Proposed actualized upstream qemu patch to resolve the Cirrus LGD-54XX "bitblt" heap overflow (CVE-2007-1320)
Jan Niehusmann discovered that the upstream fix for the CVE-2007-1320 is
incomplete and still allows local users to cause a heap-based buffer overlow,
when connecting via the VNC console.
Steps to reproduce:
Upstream qemu patch for the initial CVE-2007-1320 issue:
Proposed upstream correction of this patch - see attachment.
QEMU upstream commit:
More on current status of this issue and original CVE-2007-1320 wrt Fedora
qemu/kvm packages is in:
kvm-65-15.fc9 has been submitted as an update for Fedora 9.
kvm-65-15.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.