Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Mon, 8 Sep 2014 12:39:19 +0530 (IST)
From: P J P <ppandit@...hat.com>
To: oss security list <oss-security@...ts.openwall.com>
Subject: CVE-2014-3615 Qemu: information leakage when guest sets high
 resolution

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

    Hello,

An information leakage flaw was found in Qemu's VGA emulator. It could lead to
leaking host memory bytes to a VNC client. It could occur when a guest GOP
driver attempts to set a high display resolution.

A privileged user/program able to set such high resolution could use this flaw
to leak host memory bytes.

Upstream fixes:
- ---------------
    -> http://git.qemu.org/?p=qemu.git;a=commit;h=c1b886c45dc70f247300f549dce9833f3fa2def5
    -> http://git.qemu.org/?p=qemu.git;a=commit;h=ab9509cceabef28071e41bdfa073083859c949a7

Thank you.
- --
Prasad J Pandit / Red Hat Product Security Team
47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJUDVYfAAoJEN0TPTL+WwQf3qsQALTsOCpDNXMBnRJ8ziz7pVLA
Uoepy8fFeCxMELy7ZleGRDThCGzDeH4XCoHZ0prnV17I8imwHXvzWJKktzQSfXos
y1LUvhxLpbUUwxyiGD/3iNXCzKLDdIXIUJd2+VB5BQUmJ5INhy25Za2/qFV3jhhb
JHrYlzFJYD7LKnFzLlGtlYjRa6VF5+yCP0MlGmYV9ENbKOiFOhc+aB7MJkab2dYQ
3qQd0LRXoU4Ms8cvh51EPes3nUy6UlfQhBnbfc97M5lvm/1hnRN6UN/UDCNpsjZ/
yJT7rSqpEmAEk5UrhLOE52jZMdthFMz2Z84DVbu48dLrwg/ei0wXslV3ROpQmvsU
jsxjyw/fzMAL2XXjqiqCe31X5dFmEPRJjROJcNE68xoifS+7y4VDRzHUNOK/jJAS
cp4bHJii7p96aF2ACBbu16M13ax83q9/cH+HmKib7qGRgAnyfqRrn3kVn3PdIFJD
yCji5dlmczLmrYG8NFYW9edB6XD9evX5RZijWHkMYdf9Q0FJcWL1eQnvWtNelvKC
96PcZaXlYzgyy1Qd1+1zdmO2r/G45FplsG6VX0cRXEz8e6/sDRGd2IoEFKmkoQcA
AU+wsPn8d3sZ0YDHAgFkn3g9O5RRAtR5fh2jSWQRjuVXyqaKfEAeVWr3utupAuf3
P47T1YbVkKCXbnQQoDCq
=Q6KC
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.