[v2.7] qemu: overflow in the virtio_net_handle_mac function (CVE-2014-0150)
Integer overflow in the virtio_net_handle_mac function in hw/net/virtio-net.c in QEMU 2.0 and earlier allows local guest users to execute arbitrary code via a MAC addresses table update request, which triggers a heap-based buffer overflow.
•MLIST:[Qemu-devel] 20140411 Re: [PATCH for-2.0] virtio-net: fix
guest-triggerable buffer overrun
•URL: http://article.gmane.org/gmane.comp.emulators.qemu/266768
•MLIST:[Qemu-devel] 20140411 [PATCH for-2.0] virtio-net: fix
guest-triggerable buffer overrun
•URL: http://thread.gmane.org/gmane.comp.emulators.qemu/266713
•CONFIRM: https://bugzilla.redhat.com/show\_bug.cgi?id=1078846
•UBUNTU:USN-2182-1
•URL: http://www.ubuntu.com/usn/USN-2182-1
•SECUNIA:57878
•URL: http://secunia.com/advisories/57878
•SECUNIA:58191
•URL: http://secunia.com/advisories/58191
(from redmine: issue id 2902, created on 2014-05-20, closed on 2014-05-23)
- Relations:
- parent #2899 (closed)
- Changesets:
- Revision c7c3fd90 by Natanael Copa on 2014-05-21T13:32:51Z:
main/qemu: upgrade to 1.6.2 and security fix CVE-2014-0150
fixes #2902