1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
|
PublicDateAtUSN: 2014-02-20
Candidate: CVE-2013-4149
PublicDate: 2014-11-04
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4149
http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00394.html
http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00396.html
http://www.ubuntu.com/usn/usn-2342-1
Description:
Buffer overflow in virtio_net_load function in net/virtio-net.c in QEMU
1.3.0 through 1.7.x before 1.7.2 might allow remote attackers to execute
arbitrary code via a large MAC table.
Ubuntu-Description:
Notes:
Bugs:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=739589
Priority: low
Discovered-by: Michael S. Tsirkin, Anthony Liguori and Michael Roth
Assigned-to: mdeslaur
Patches_qemu-kvm:
upstream_qemu-kvm: needed
lucid_qemu-kvm: not-affected (code not present)
precise_qemu-kvm: not-affected (code not present)
quantal_qemu-kvm: ignored (reached end-of-life)
saucy_qemu-kvm: DNE
trusty_qemu-kvm: DNE
devel_qemu-kvm: DNE
Patches_qemu:
upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=98f93ddd84800f207889491e0b5d851386b459cf
upstream_qemu: needed
lucid_qemu: DNE
precise_qemu: DNE
quantal_qemu: DNE
saucy_qemu: ignored (reached end-of-life)
trusty_qemu: released (2.0.0+dfsg-2ubuntu1.3)
devel_qemu: not-affected (2.1+dfsg-2ubuntu1)
|