Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sun,  6 Mar 2016 22:02:33 -0500 (EST)
From: cve-assign@...re.org
To: ppandit@...hat.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE request Qemu: rng-random: arbitrary stack based allocation leading to corruption

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> Qemu emulator built with the Pseudo Random Number Generator(PRNG) back-end
> support is vulnerable to an arbitrary stack based allocation and memory
> corruption via random bytes issue. It could occur when a guest requests for
> entropy for random number generation.
> 
> A user/process inside guest could use this flaw to crash the Qemu process
> resulting in DoS.
> 
> http://git.qemu.org/?p=qemu.git;a=commit;h=60253ed1e6ec6d8e5ef2efe7bf755f475dce9956
> https://bugzilla.redhat.com/show_bug.cgi?id=1314676

Use CVE-2016-2858.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJW3O35AAoJEL54rhJi8gl5acsQAMefBsEuYvfXohM+VMnzH9/9
qzD/KVyihYS9iqwifB/oETNIBWV/A4ltyC4nMBy//ImoJCEzZJIvr7hB17vQj19e
V2DuIu2/nV9UZssqcZnZegWaaVE65/gNcT7h7rHu7EUXWChgB0ZowLTRUlq37QWs
Sx5lAc131dWrxeioz9QY7e3DFYCquNGHvE/sYmNgtIZcr7mROkTeHk83p33DVgbG
dqB6Hu5wyXoiD8+jBNrwgaSYwhg7C6/qNEisWyZmLODSN/8J8+di+9zcgT8KFpX8
TEvj/NvansVZcR3bJfm6QYeFiDi/r7lSPJNO3siPO6HgD6yR/qYhIDILqb2o7/MI
lmd5toI6FGC4ZZgumXsIrTjkvDt1yHrgmJZFYQs2dMVdNdsWMB9jXNmC9wqV2Oq7
1gltAcv1WxlgC7OqZYwFUbux3FvFWKuJXwtLP9OnkA/ki8r7SQAE5en7to8y5SLZ
dMA6CsymQi3Sz4y6M8k0bckKBDmPbFHOQfrSI6MWbgWYv0ye5+9d/3dRzVUZivNO
pLV8VAUtIJ5oKFR5hGKrRLCqKBpRHnns26/M8eqw31vURCtTJ8NogVspYWW44xPL
hdeUJg/OBwvHi1XxKzLbMW6+PFdq4iXtYlagu/oaAGG3uFwJXp0S1vobpXtbhKBu
MiU4kIAeWzk3hS1cb2GM
=qXaI
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ