Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <alpine.LFD.2.20.1508220141170.14543@wniryva>
Date: Sat, 22 Aug 2015 01:45:07 +0530 (IST)
From: P J P <ppandit@...hat.com>
To: oss security list <oss-security@...ts.openwall.com>
Subject: CVE-2015-5225 Qemu: ui: vnc: heap memory corruption issue

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

    Hello,

Qemu emulator built with the VNC display driver support is vulnerable to a 
buffer overflow flaw leading to a heap memory corruption issue. It could occur 
while refreshing the server display surface via routine 
vnc_refresh_server_surface().

A privileged guest user could use this flaw to corrupt the heap memory and 
crash the Qemu process instance OR potentially use it to execute arbitrary 
code on the host.

Upstream fix:
- -------------
   -> https://lists.gnu.org/archive/html/qemu-devel/2015-08/msg02495.html

Issue introduced by:
- --------------------
   -> http://git.qemu.org/?p=qemu.git;a=commit;h=bea60dd7679364493a0d7f5b


Thank you.
- --
Prasad J Pandit / Red Hat Product Security Team
47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJV14bLAAoJEN0TPTL+WwQfRZsP/iEpjrdXOKwwf3PUmJafvLBj
yg7SxSHhrg0CFbD8zpNCD8u5/umTSH+VyCZaU0B+gVbctCqRe5zl3WOI/Q4zFOv9
desKe49REGgEY140F/V7aJxVkb4jf9F819H5tlyO/bH49Mexp/5VrggQ7mSMFUbS
F1CcXZcOguIDMyrP7a98QCJKTZfzuy8UCHLDjc9WupjsNKnJ8Wux/cN+eZiE3c08
PwVQOg49PJH6z/c5pJovv7j5A6ic4FacaHYdUloszRmTR4zZCdCcmNNguCHphlo9
rsJzvVgdF2+lzPvgxwDK41qswg2SngUQKb/OeCxZqjBusplD4Ke67C+WDaYVAMip
AkPBmm/ut9Ki06zMl53FbirShDxFySJG5FXLDMWoSMEBfv9MuNkbc98jRNMjNwYW
ARYFwVuLTWourvr4Zk69BmTbitLe+DvY2j5k6593X+I1T7ZTqBl52mp7AslU6zBt
JQ4Oknhelg7Qlr8CAiHoYR3vql5NABenBne7PY2VTdS9fAkKObIJN8dKIqZgZQNY
N1pMeOoROn7GqDNJq7yJF9jcut5DwC5eiVjcxqS6Efm2X1Q5XmW7l37u7rodEg8y
PzJxXZeFKH+1VYTc6t/BU9qUQyWbVhRpXqSUFSsWCTx4Mnkfe2SioNSwUwgHQvK+
cD0hqfRIoZmFIjA90/G6
=wD0r
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.