1
PublicDateAtUSN: 2015-08-25
2
Candidate: CVE-2015-5225
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5225
6
https://usn.ubuntu.com/usn/usn-2724-1
8
Buffer overflow in the vnc_refresh_server_surface function in the VNC
9
display driver in QEMU before 2.4.0.1 allows guest users to cause a denial
10
of service (heap memory corruption and process crash) or possibly execute
11
arbitrary code on the host via unspecified vectors, related to refreshing
12
the server display surface.
15
mdeslaur> introduced by:
16
mdeslaur> http://git.qemu.org/?p=qemu.git;a=commit;h=bea60dd7679364493a0d7f5b
17
mdeslaur> so precise and trusty are not affected
19
https://bugzilla.redhat.com/show_bug.cgi?id=1255896
20
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796465
22
Discovered-by: Qinghao Tang and Mr. Zuozhi
26
upstream_qemu-kvm: needs-triage
27
precise_qemu-kvm: not-affected (code not present)
33
other: https://lists.gnu.org/archive/html/qemu-devel/2015-08/msg02495.html
34
upstream_qemu: needs-triage
36
trusty_qemu: not-affected (code not present)
37
vivid_qemu: released (1:2.2+dfsg-5expubuntu9.4)
38
devel_qemu: released (1:2.3+dfsg-5ubuntu4)