Date: Fri, 16 Oct 2009 15:10:12 -0400 (EDT) From: Josh Bressers <bressers@...hat.com> To: oss-security@...ts.openwall.com Subject: Re: QEMU VNC use-after-free Use CVE-2009-3616 for this. Thanks. -- JB ----- "Tomas Hoger" <thoger@...hat.com> wrote: > Hi! > > Use-after-free / double-free problems were reported for QEMU's VNC > server: > > https://bugzilla.redhat.com/show_bug.cgi?id=501131 > https://bugzilla.redhat.com/show_bug.cgi?id=505641 > > Problem can cause QEMU process (and hence virtual machine) to crash > (which is not security in most use cases, as VNC access means console > access for the virtual machine), but if used for code execution, it > can > mean guest -> host escape. > > Versions in between the following two commits are affected: > > http://git.savannah.gnu.org/cgit/qemu.git/commit/?id=753b405331 > http://git.savannah.gnu.org/cgit/qemu.git/commit/?id=198a0039c5 > > -- > Tomas Hoger / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ