VNC server implementation in Quick Emulator(QEMU) was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client. If the client did not consume these updates, VNC server allocates growing memory to hold onto this data. A malicious VNC client could use this flaw to cause DoS on the remote server host. Upstream fix(es): ----------------- -> https://lists.gnu.org/archive/html/qemu-devel/2017-12/msg03715.html -> https://lists.gnu.org/archive/html/qemu-devel/2017-12/msg03713.html -> https://lists.gnu.org/archive/html/qemu-devel/2017-12/msg03711.html Thread: ------- -> https://lists.gnu.org/archive/html/qemu-devel/2017-12/msg03705.html Reference: ---------- -> http://www.openwall.com/lists/oss-security/2017/12/19/4
Acknowledgments: Name: Daniel Berrange (Red Hat)
Created qemu tracking bugs for this issue: Affects: fedora-all [bug 1527386] Created xen tracking bugs for this issue: Affects: fedora-all [bug 1527385]
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2018:0816 https://access.redhat.com/errata/RHSA-2018:0816
This issue has been addressed in the following products: Red Hat Virtualization 4 for RHEL-7 Via RHSA-2018:1104 https://access.redhat.com/errata/RHSA-2018:1104
This issue has been addressed in the following products: Red Hat OpenStack Platform 10.0 (Newton) Red Hat OpenStack Platform 11.0 (Ocata) Red Hat OpenStack Platform 8.0 (Liberty) Red Hat OpenStack Platform 9.0 (Mitaka) Red Hat OpenStack Platform 12.0 (Pike) Via RHSA-2018:1113 https://access.redhat.com/errata/RHSA-2018:1113
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2018:3062 https://access.redhat.com/errata/RHSA-2018:3062