Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Sat, 22 Aug 2015 01:45:07 +0530 (IST)
From: P J P <ppandit@...hat.com>
To: oss security list <oss-security@...ts.openwall.com>
Subject: CVE-2015-5225 Qemu: ui: vnc: heap memory corruption issue

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

    Hello,

Qemu emulator built with the VNC display driver support is vulnerable to a 
buffer overflow flaw leading to a heap memory corruption issue. It could occur 
while refreshing the server display surface via routine 
vnc_refresh_server_surface().

A privileged guest user could use this flaw to corrupt the heap memory and 
crash the Qemu process instance OR potentially use it to execute arbitrary 
code on the host.

Upstream fix:
- -------------
   -> https://lists.gnu.org/archive/html/qemu-devel/2015-08/msg02495.html

Issue introduced by:
- --------------------
   -> http://git.qemu.org/?p=qemu.git;a=commit;h=bea60dd7679364493a0d7f5b


Thank you.
- --
Prasad J Pandit / Red Hat Product Security Team
47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJV14bLAAoJEN0TPTL+WwQfRZsP/iEpjrdXOKwwf3PUmJafvLBj
yg7SxSHhrg0CFbD8zpNCD8u5/umTSH+VyCZaU0B+gVbctCqRe5zl3WOI/Q4zFOv9
desKe49REGgEY140F/V7aJxVkb4jf9F819H5tlyO/bH49Mexp/5VrggQ7mSMFUbS
F1CcXZcOguIDMyrP7a98QCJKTZfzuy8UCHLDjc9WupjsNKnJ8Wux/cN+eZiE3c08
PwVQOg49PJH6z/c5pJovv7j5A6ic4FacaHYdUloszRmTR4zZCdCcmNNguCHphlo9
rsJzvVgdF2+lzPvgxwDK41qswg2SngUQKb/OeCxZqjBusplD4Ke67C+WDaYVAMip
AkPBmm/ut9Ki06zMl53FbirShDxFySJG5FXLDMWoSMEBfv9MuNkbc98jRNMjNwYW
ARYFwVuLTWourvr4Zk69BmTbitLe+DvY2j5k6593X+I1T7ZTqBl52mp7AslU6zBt
JQ4Oknhelg7Qlr8CAiHoYR3vql5NABenBne7PY2VTdS9fAkKObIJN8dKIqZgZQNY
N1pMeOoROn7GqDNJq7yJF9jcut5DwC5eiVjcxqS6Efm2X1Q5XmW7l37u7rodEg8y
PzJxXZeFKH+1VYTc6t/BU9qUQyWbVhRpXqSUFSsWCTx4Mnkfe2SioNSwUwgHQvK+
cD0hqfRIoZmFIjA90/G6
=wD0r
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ