Bug 466890 (CVE-2008-4539) - CVE-2008-4539 kvm/qemu/xen: Incomplete upstream fix for CVE-2007-1320
Summary: CVE-2008-4539 kvm/qemu/xen: Incomplete upstream fix for CVE-2007-1320
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2008-4539
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 467680 467681 467682 467683
Blocks: CVE-2007-1320
TreeView+ depends on / blocked
 
Reported: 2008-10-14 11:37 UTC by Jan Lieskovsky
Modified: 2019-09-29 12:26 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2010-12-24 00:14:17 UTC


Attachments (Terms of Use)
Proposed actualized upstream qemu patch to resolve the Cirrus LGD-54XX "bitblt" heap overflow (CVE-2007-1320) (967 bytes, patch)
2008-10-14 11:37 UTC, Jan Lieskovsky
no flags Details | Diff

Description Jan Lieskovsky 2008-10-14 11:37:30 UTC
Created attachment 320281 [details]
Proposed actualized upstream qemu patch to resolve the Cirrus LGD-54XX "bitblt" heap overflow (CVE-2007-1320)

Jan Niehusmann discovered that the upstream fix for the CVE-2007-1320 is
incomplete and still allows local users to cause a heap-based buffer overlow,
when connecting via the VNC console.

Steps to reproduce:

No reproducer.

Upstream qemu patch for the initial CVE-2007-1320 issue:
 https://svn.pardus.org.tr/pardus/2007/applications/emulators/qemu/files/CVE-2007-1320.patch

Proposed upstream correction of this patch - see attachment.

Comment 3 Tomas Hoger 2008-11-11 14:57:30 UTC
QEMU upstream commit:
http://git.kernel.dk/?p=qemu.git;a=commitdiff;h=65d35a09979e63541afc5bfc595b9f1b1b4ae069

More on current status of this issue and original CVE-2007-1320 wrt Fedora
qemu/kvm packages is in:
  https://bugzilla.redhat.com/show_bug.cgi?id=237342#c20

Comment 4 Fedora Update System 2008-12-22 19:51:46 UTC
kvm-65-15.fc9 has been submitted as an update for Fedora 9.
http://admin.fedoraproject.org/updates/kvm-65-15.fc9

Comment 5 Fedora Update System 2008-12-24 12:58:04 UTC
kvm-65-15.fc9 has been pushed to the Fedora 9 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 6 Fedora Update System 2008-12-24 18:40:43 UTC
kvm-65-15.fc9 has been pushed to the Fedora 9 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.