CVE-2009-3616

Priority
Description
Multiple use-after-free vulnerabilities in vnc.c in the VNC server in QEMU
0.10.6 and earlier might allow guest OS users to execute arbitrary code on
the host OS by establishing a connection from a VNC client and then (1)
disconnecting during data transfer, (2) sending a message using incorrect
integer data types, or (3) using the Fuzzy Screen Mode protocol, related to
double free vulnerabilities.
Notes
jdstrandversions 0.9.1 and earlier are not affected. Need the following
commit to be affected:
http://git.savannah.gnu.org/cgit/qemu.git/commit/?id=753b405331. This came in
0.10.0 (from ChangeLog: 'Multiple VNC clients are now supported')
kvm-84 as included in Ubuntu 9.04 does not contain the affected
code (it has a pre-release version of qemu 0.10.0)
kvm-84 in hardy-backports and intrepid-backports are not affected
(they are based on kvm-84 from Ubuntu 9.04)
simply search for VncDisplay in vnc.c to see if might be affected
Package
Source: kvm (LP Ubuntu Debian)
Upstream:needs-triage
Package
Source: qemu (LP Ubuntu Debian)
Upstream:released (0.10.7)
Patches:
Upstream:http://git.savannah.gnu.org/cgit/qemu.git/commit/?h=stable-0.10&id=c2723a9606
Package
Upstream:released (0.11.0)
Patches:
Vendor:http://git.savannah.gnu.org/cgit/qemu.git/commit/?id=198a0039c5
More Information

Updated: 2020-01-29 19:36:10 UTC (commit 768ceb2fdee6790d707d0f681e1b54916744af1e)