[Secure-testing-team] Bug#880836: qemu: CVE-2017-15268: I/O: potential memory exhaustion via websock connection to VNC
Salvatore Bonaccorso
carnil at debian.org
Sat Nov 4 23:17:12 UTC 2017
Source: qemu
Version: 1:2.10.0+dfsg-2
Severity: important
Tags: patch security upstream
Control: found -1 1:2.8+dfsg-6
Hi,
the following vulnerability was published for qemu.
CVE-2017-15268[0]:
| Qemu through 2.10.0 allows remote attackers to cause a memory leak by
| triggering slow data-channel read operations, related to
| io/channel-websock.c.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-15268
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15268
[1] https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=a7b20a8efa28e5f22c26c06cd06c2f12bc863493
Regards,
Salvatore
More information about the Secure-testing-team
mailing list