26.03.2015 16:47, Moritz Muehlenhoff wrote: > Source: qemu > Severity: important > Tags: security > > Hi Michael, > two security issues in qemu (you're probably aware, but let's track this > through a bug):
Yes indeed, I've seen them on oss-sec and on qemu-devel. Wanted to submit two bugreports but you was faster ;) > CVE-2015-1779: > https://lists.gnu.org/archive/html/qemu-devel/2015-03/msg04894.html This one is about websockets, a rarely used feature. There was an interesting comment about the patch series down in the thread, here: https://lists.gnu.org/archive/html/qemu-devel/2015-03/msg04995.html So I'm not sure yet whenever it's a good idea to apply the series before upstream decides what to do. This does not affect wheezy and before because websockets aren't implemented there, but it affects wheezy-backports. > malicious PRDT flow from guest to host (no CVE ID yet): > CVE request: http://www.openwall.com/lists/oss-security/2015/03/24/4 > http://git.qemu.org/?p=qemu.git;a=commitdiff;h=3251bdcf1c67427d964517053c3d185b46e618e8 This one affects wheezy too. But it isn't really that much of a security issue, I wonder why they keep assigning CVEs for these things (maybe that's the reason why this one hasn't got a CVE# yet?). Qemu either leaks memory or loops infinitely. Memory leakage can be easily mitigated using some kind of resource limits in security-sensitive environments, and looping can trivially be done inside the virtual machine just fine, achieving the same effect. So I don't think this needs to be backported to wheezy at least. I'll fix this for jessie, hopefully the CVE-2015-1779 case will see some light soon. Thanks! /mjt -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]

