26.03.2015 16:47, Moritz Muehlenhoff wrote:
> Source: qemu
> Severity: important
> Tags: security
> 
> Hi Michael,
> two security issues in qemu (you're probably aware, but let's track this 
> through a bug):

Yes indeed, I've seen them on oss-sec and on qemu-devel.  Wanted to
submit two bugreports but you was faster ;)

> CVE-2015-1779:
> https://lists.gnu.org/archive/html/qemu-devel/2015-03/msg04894.html

This one is about websockets, a rarely used feature.  There was an
interesting comment about the patch series down in the thread, here:

https://lists.gnu.org/archive/html/qemu-devel/2015-03/msg04995.html

So I'm not sure yet whenever it's a good idea to apply the series
before upstream decides what to do.

This does not affect wheezy and before because websockets aren't
implemented there, but it affects wheezy-backports.

> malicious PRDT flow from guest to host (no CVE ID yet):
> CVE request: http://www.openwall.com/lists/oss-security/2015/03/24/4
> http://git.qemu.org/?p=qemu.git;a=commitdiff;h=3251bdcf1c67427d964517053c3d185b46e618e8

This one affects wheezy too.  But it isn't really that much of a
security issue, I wonder why they keep assigning CVEs for these
things (maybe that's the reason why this one hasn't got a CVE#
yet?).  Qemu either leaks memory or loops infinitely.  Memory
leakage can be easily mitigated using some kind of resource limits
in security-sensitive environments, and looping can trivially be
done inside the virtual machine just fine, achieving the same
effect.  So I don't think this needs to be backported to wheezy
at least.

I'll fix this for jessie, hopefully the CVE-2015-1779 case will
see some light soon.

Thanks!

/mjt


-- 
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]

Reply via email to