FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2008-4539

This CVE name corresponds to:

Entered	Topic
2008-11-02	qemu -- Heap overflow in Cirrus emulation

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2008-4539 at cve.mitre.org

Details

Type	Candidate
Name	CVE-2008-4539
Phase	Assigned(20081013)

Description

Heap-based buffer overflow in the Cirrus VGA implementation in (1) KVM before kvm-82 and (2) QEMU on Debian GNU/Linux and Ubuntu might allow local users to gain privileges by using the VNC console for a connection, aka the LGD-54XX "bitblt" heap overflow. NOTE: this issue exists because of an incorrect fix for CVE-2007-1320.

References

Source	Reference
MLIST	[cvs-all] 20081102 cvs commit: ports/emulators/qemu Makefile ports/emulators/qemu/files patch-CVE-2008-4539 ports/emulators/qemu-devel Makefile ports/emulators/qemu-devel/files patch-CVE-2008-4539
MLIST	[debian-devel-changes] 20081101 Accepted qemu 0.9.1+svn20081101-1 (source amd64)
MLIST	[secure-testing-commits] 20081103 r10251 - data/CVE
CONFIRM	http://git.kernel.dk/?p=qemu.git;a=commitdiff;h=65d35a09979e63541afc5bfc595b9f1b1b4ae069
CONFIRM	https://bugzilla.redhat.com/show_bug.cgi?id=237342
CONFIRM	https://bugzilla.redhat.com/show_bug.cgi?id=448525
CONFIRM	https://bugzilla.redhat.com/show_bug.cgi?id=466890
CONFIRM	https://launchpad.net/ubuntu/jaunty/+source/qemu/0.9.1+svn20081112-1ubuntu1
CONFIRM	http://svn.savannah.gnu.org/viewvc/?view=rev&root=qemu&revision=5587
DEBIAN	DSA-1799
FEDORA	FEDORA-2008-11705
SUSE	SUSE-SR:2009:008
UBUNTU	USN-776-1
SECUNIA	25073
SECUNIA	29129
SECUNIA	33350
SECUNIA	34642
SECUNIA	35031
SECUNIA	35062
XF	qemu-kvm-cirrusvga-bo(47736)