Bugzilla – Bug 1073489
VUL-0: CVE-2017-15124 kvm,qemu: Memory exhaustion through framebuffer update request message in VNC server
Last modified: 2019-04-26 21:26:43 UTC
rh#1525195 A flaw was found in QEMU VNC server. A remote client can trigger an unbounded memory usage through the framebuffer update request message leading to denial of service. Upstream patch set: ------------------- -> https://lists.gnu.org/archive/html/qemu-devel/2017-12/msg03715.html -> https://lists.gnu.org/archive/html/qemu-devel/2017-12/msg03713.html -> https://lists.gnu.org/archive/html/qemu-devel/2017-12/msg03711.html Thread: -> https://lists.gnu.org/archive/html/qemu-devel/2017-12/msg03705.html References: https://bugzilla.redhat.com/show_bug.cgi?id=1525195 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15124 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15124
Patch is pulled into upstream commit 7398166ddf7c6dbbc9cae6ac69bb2feda14b40ac Merge: a3380cf658 30b80fd526 Author: Peter Maydell <peter.maydell@linaro.org> Date: Fri Jan 12 16:01:30 2018 +0000 Merge remote-tracking branch 'remotes/kraxel/tags/vnc-20180112-pull-request' into staging
SUSE-SU-2018:0762-1: An update that solves 8 vulnerabilities and has four fixes is now available. Category: security (important) Bug References: 1040202,1068032,1068613,1070144,1071228,1073489,1074572,1076114,1076775,1076813,1082276,1083291 CVE References: CVE-2017-15119,CVE-2017-15124,CVE-2017-16845,CVE-2017-17381,CVE-2017-18043,CVE-2017-5715,CVE-2018-5683,CVE-2018-7550 Sources used: SUSE Linux Enterprise Server 12-SP3 (src): qemu-2.9.1-6.12.1 SUSE Linux Enterprise Desktop 12-SP3 (src): qemu-2.9.1-6.12.1 SUSE CaaS Platform ALL (src): qemu-2.9.1-6.12.1
openSUSE-SU-2018:0780-1: An update that solves 8 vulnerabilities and has four fixes is now available. Category: security (important) Bug References: 1040202,1068032,1068613,1070144,1071228,1073489,1074572,1076114,1076775,1076813,1082276,1083291 CVE References: CVE-2017-15119,CVE-2017-15124,CVE-2017-16845,CVE-2017-17381,CVE-2017-18043,CVE-2017-5715,CVE-2018-5683,CVE-2018-7550 Sources used: openSUSE Leap 42.3 (src): qemu-2.9.1-41.1, qemu-linux-user-2.9.1-41.1, qemu-testsuite-2.9.1-41.1
SUSE-SU-2018:0831-1: An update that solves 9 vulnerabilities and has four fixes is now available. Category: security (important) Bug References: 1040202,1068032,1068613,1070144,1071228,1073489,1076114,1076179,1076775,1076814,1082276,1083291,1085598 CVE References: CVE-2017-15119,CVE-2017-15124,CVE-2017-16845,CVE-2017-17381,CVE-2017-18030,CVE-2017-18043,CVE-2017-5715,CVE-2018-5683,CVE-2018-7550 Sources used: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src): qemu-2.6.2-41.37.1 SUSE Linux Enterprise Server 12-SP2 (src): qemu-2.6.2-41.37.1 SUSE Linux Enterprise Desktop 12-SP2 (src): qemu-2.6.2-41.37.1
Personal bug clean up. Free free to reopen it if you have further questions.