1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
|
PublicDateAtUSN: 2017-05-03
Candidate: CVE-2017-8379
PublicDate: 2017-05-23
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8379
https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg05599.html
http://www.ubuntu.com/usn/usn-3289-1
Description:
Memory leak in the keyboard input event handlers support in QEMU (aka Quick
Emulator) allows local guest OS privileged users to cause a denial of
service (host memory consumption) by rapidly generating large keyboard
events.
Ubuntu-Description:
Notes:
mdeslaur> trusty and earlier don't support keyboard delays
Bugs:
Priority: low
Discovered-by: Jiang Xin
Assigned-to:
Patches_qemu-kvm:
upstream_qemu-kvm: needs-triage
precise_qemu-kvm: not-affected (code not present)
precise/esm_qemu-kvm: not-affected (code not present)
trusty_qemu-kvm: DNE
vivid/ubuntu-core_qemu-kvm: DNE
vivid/stable-phone-overlay_qemu-kvm: DNE
xenial_qemu-kvm: DNE
yakkety_qemu-kvm: DNE
zesty_qemu-kvm: DNE
devel_qemu-kvm: DNE
Patches_qemu:
upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=fa18f36a461984eae50ab957e47ec78dae3c14fc
upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=05c6638b203fd7d8bbfa88ac6e6198e32ed0506f
upstream_qemu: needs-triage
precise_qemu: DNE
precise/esm_qemu: DNE
trusty_qemu: not-affected (code not present)
vivid/ubuntu-core_qemu: DNE
vivid/stable-phone-overlay_qemu: DNE
xenial_qemu: released (1:2.5+dfsg-5ubuntu10.14)
yakkety_qemu: released (1:2.6.1+dfsg-0ubuntu5.5)
zesty_qemu: released (1:2.8+dfsg-3ubuntu2.2)
devel_qemu: released (1:2.8+dfsg-3ubuntu3)
|