CVE-2008-2382

Common Vulnerabilities and Exposures

CVE-2008-2382 at MITRE

Details

The protocol_client_msg function in vnc.c in the VNC server in (1) Qemu 0.9.1 and earlier and (2) KVM kvm-79 and earlier allows remote attackers to cause a denial of service (infinite loop) via a certain message.

Novell Bugzilla entry: 461565,464142

SUSE Security Advisories:

SUSE-SR:2009:002, published Mon, 19 Jan 2009 14:00:00 +0000
SUSE-SR:2009:002 , published Mon, 19 Jan 2009 14:00:00 +0000
SUSE-SR:2009:008 , published Mon, 06 Apr 2009 15:00:00 +0000

Product(s)	Fixed package version(s)	References
openSUSE 10.3	`qemu >= 0.10.1-0.1`
openSUSE 11.0	`qemu-debuginfo >= 0.10.1-0.1` `qemu-debugsource >= 0.10.1-0.1`	SAT Patch Nr: 691
openSUSE 11.0	`qemu >= 0.10.1-0.1`	SAT Patch Nr: 691
openSUSE 11.1	`qemu-debuginfo >= 0.10.1-0.1.1` `qemu-debugsource >= 0.10.1-0.1.1`	SAT Patch Nr: 691
openSUSE 11.1	`qemu >= 0.10.1-0.1.1`	SAT Patch Nr: 691
openSUSE 11.0	`kvm-debuginfo >= 63-31.2` `kvm-debugsource >= 63-31.2`	SAT Patch Nr: 412
openSUSE 11.0	`kvm >= 63-31.2`	SAT Patch Nr: 412
openSUSE 11.1	`kvm-debuginfo >= 78-6.5.1` `kvm-debugsource >= 78-6.5.1`	SAT Patch Nr: 412
openSUSE 11.1	`kvm >= 78-6.5.1`	SAT Patch Nr: 412
SLE SDK 10 SP2 for IPF SLE SDK 10 SP2 for X86-64 SLE SDK 10 SP2 for x86 SUSE Linux Enterprise Desktop Thin Client for x86	`qemu >= 0.8.2-37.9`	sles10-sp2-sdk. ia64 SUSE Linux Enterprise Thin Client 10 SP2 x86 sles10-sp2-sdk. x86 sles10-sp2-sdk. x86-64 ZYPP Patch Nr: 6127
SLES 11 DEBUGINFO	`qemu-debuginfo >= 0.10.1-0.1.1` `qemu-debugsource >= 0.10.1-0.1.1`	sle11-debuginfo. x86 sle11-debuginfo. x86-64 sle11-debuginfo. x86-64 sle11-debuginfo. x86 SAT Patch Nr: 692
SLE 11	`qemu >= 0.10.1-0.1.1`	sle11-debuginfo. x86 sle11-debuginfo. x86-64 sle11-debuginfo. x86-64 sle11-debuginfo. x86 SAT Patch Nr: 692