1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
|
PublicDateAtUSN: 2015-08-25
Candidate: CVE-2015-5225
PublicDate: 2015-11-06
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5225
http://www.ubuntu.com/usn/usn-2724-1
Description:
Buffer overflow in the vnc_refresh_server_surface function in the VNC
display driver in QEMU before 2.4.0.1 allows guest users to cause a denial
of service (heap memory corruption and process crash) or possibly execute
arbitrary code on the host via unspecified vectors, related to refreshing
the server display surface.
Ubuntu-Description:
Notes:
mdeslaur> introduced by:
mdeslaur> http://git.qemu.org/?p=qemu.git;a=commit;h=bea60dd7679364493a0d7f5b
mdeslaur> so precise and trusty are not affected
Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1255896
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796465
Priority: medium
Discovered-by: Qinghao Tang and Mr. Zuozhi
Assigned-to: mdeslaur
Patches_qemu-kvm:
upstream_qemu-kvm: needs-triage
precise_qemu-kvm: not-affected (code not present)
trusty_qemu-kvm: DNE
vivid_qemu-kvm: DNE
devel_qemu-kvm: DNE
Patches_qemu:
other: https://lists.gnu.org/archive/html/qemu-devel/2015-08/msg02495.html
upstream_qemu: needs-triage
precise_qemu: DNE
trusty_qemu: not-affected (code not present)
vivid_qemu: released (1:2.2+dfsg-5expubuntu9.4)
devel_qemu: released (1:2.3+dfsg-5ubuntu4)
|