CVE-2008-4539

Common Vulnerabilities and Exposures

CVE-2008-4539 at MITRE

Details

Heap-based buffer overflow in the Cirrus VGA implementation in (1) KVM before kvm-82 and (2) QEMU on Debian GNU/Linux and Ubuntu might allow local users to gain privileges by using the VNC console for a connection, aka the LGD-54XX "bitblt" heap overflow. NOTE: this issue exists because of an incorrect fix for CVE-2007-1320.

Novell Bugzilla entry: 435135,448551

SUSE Security Advisories:

SUSE-SR:2009:008 , published Mon, 06 Apr 2009 15:00:00 +0000

Product(s)	Fixed package version(s)	References
openSUSE 10.3	`qemu >= 0.10.1-0.1`
openSUSE 11.0	`qemu-debuginfo >= 0.10.1-0.1` `qemu-debugsource >= 0.10.1-0.1`	SAT Patch Nr: 691
openSUSE 11.0	`qemu >= 0.10.1-0.1`	SAT Patch Nr: 691
openSUSE 11.1	`qemu-debuginfo >= 0.10.1-0.1.1` `qemu-debugsource >= 0.10.1-0.1.1`	SAT Patch Nr: 691
openSUSE 11.1	`qemu >= 0.10.1-0.1.1`	SAT Patch Nr: 691
SLE SDK 10 SP2 for IPF SLE SDK 10 SP2 for X86-64 SLE SDK 10 SP2 for x86 SUSE Linux Enterprise Desktop Thin Client for x86	`qemu >= 0.8.2-37.9`	sles10-sp2-sdk. ia64 SUSE Linux Enterprise Thin Client 10 SP2 x86 sles10-sp2-sdk. x86 sles10-sp2-sdk. x86-64 ZYPP Patch Nr: 6127
SLES 11 DEBUGINFO	`qemu-debuginfo >= 0.10.1-0.1.1` `qemu-debugsource >= 0.10.1-0.1.1`	sle11-debuginfo. x86 sle11-debuginfo. x86-64 sle11-debuginfo. x86-64 sle11-debuginfo. x86 SAT Patch Nr: 692
SLE 11	`qemu >= 0.10.1-0.1.1`	sle11-debuginfo. x86 sle11-debuginfo. x86-64 sle11-debuginfo. x86-64 sle11-debuginfo. x86 SAT Patch Nr: 692