1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
|
PublicDateAtUSN: 2014-11-07
Candidate: CVE-2014-3640
PublicDate: 2014-11-07
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3640
http://www.ubuntu.com/usn/usn-2409-1
Description:
The sosendto function in slirp/udp.c in QEMU before 2.1.2 allows local
users to cause a denial of service (NULL pointer dereference) by sending a
udp packet with a value of 0 in the source port and address, which triggers
access of an uninitialized socket.
Ubuntu-Description:
Notes:
Bugs:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762532
Priority: low
Discovered-by: Xavier Mehrenberger and Stephane Duverger
Assigned-to: mdeslaur
Patches_qemu-kvm:
upstream_qemu-kvm: needs-triage
lucid_qemu-kvm: released (0.12.3+noroms-0ubuntu9.25)
precise_qemu-kvm: released (1.0+noroms-0ubuntu14.19)
trusty_qemu-kvm: DNE
utopic_qemu-kvm: DNE
devel_qemu-kvm: DNE
Patches_qemu:
upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=01f7cecf0037997cb0e58ec0d56bf9b5a6f7cb2a
upstream_qemu: needs-triage
lucid_qemu: DNE
precise_qemu: DNE
trusty_qemu: released (2.0.0+dfsg-2ubuntu1.7)
utopic_qemu: released (2.1+dfsg-4ubuntu6.1)
devel_qemu: released (2.1+dfsg-4ubuntu9)
|