Bug 466890 - (CVE-2008-4539) CVE-2008-4539 kvm/qemu/xen: Incomplete upstream fix for CVE-2007-1320
CVE-2008-4539 kvm/qemu/xen: Incomplete upstream fix for CVE-2007-1320
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
source=vendorsec,reported=20081003,pu...
: Security
Depends On: 467680 467681 467682 467683
Blocks: CVE-2007-1320
  Show dependency treegraph
 
Reported: 2008-10-14 07:37 EDT by Jan Lieskovsky
Modified: 2016-03-01 04:27 EST (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-12-23 19:14:17 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Proposed actualized upstream qemu patch to resolve the Cirrus LGD-54XX "bitblt" heap overflow (CVE-2007-1320) (967 bytes, patch)
2008-10-14 07:37 EDT, Jan Lieskovsky
no flags Details | Diff

  None (edit)
Description Jan Lieskovsky 2008-10-14 07:37:30 EDT
Created attachment 320281 [details]
Proposed actualized upstream qemu patch to resolve the Cirrus LGD-54XX "bitblt" heap overflow (CVE-2007-1320)

Jan Niehusmann discovered that the upstream fix for the CVE-2007-1320 is
incomplete and still allows local users to cause a heap-based buffer overlow,
when connecting via the VNC console.

Steps to reproduce:

No reproducer.

Upstream qemu patch for the initial CVE-2007-1320 issue:
 https://svn.pardus.org.tr/pardus/2007/applications/emulators/qemu/files/CVE-2007-1320.patch

Proposed upstream correction of this patch - see attachment.
Comment 3 Tomas Hoger 2008-11-11 09:57:30 EST
QEMU upstream commit:
http://git.kernel.dk/?p=qemu.git;a=commitdiff;h=65d35a09979e63541afc5bfc595b9f1b1b4ae069

More on current status of this issue and original CVE-2007-1320 wrt Fedora
qemu/kvm packages is in:
  https://bugzilla.redhat.com/show_bug.cgi?id=237342#c20
Comment 4 Fedora Update System 2008-12-22 14:51:46 EST
kvm-65-15.fc9 has been submitted as an update for Fedora 9.
http://admin.fedoraproject.org/updates/kvm-65-15.fc9
Comment 5 Fedora Update System 2008-12-24 07:58:04 EST
kvm-65-15.fc9 has been pushed to the Fedora 9 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 6 Fedora Update System 2008-12-24 13:40:43 EST
kvm-65-15.fc9 has been pushed to the Fedora 9 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.