CVE-2017-13672

Priority
Low
Description
QEMU (aka Quick Emulator), when built with the VGA display emulator
support, allows local guest OS privileged users to cause a denial of
service (out-of-bounds read and QEMU process crash) via vectors involving
display update.
References
Bugs
Notes
 mdeslaur> artful has first commit, not the two others
 mdeslaur> complex backport, not going to fix this in xenial and earlier
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):ignored
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 17.10 (Artful Aardvark):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Package
Source: qemu (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):ignored
Ubuntu 16.04 LTS (Xenial Xerus):ignored
Ubuntu 17.10 (Artful Aardvark):released (1:2.10+dfsg-0ubuntu3.5)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (1:2.11+dfsg-1ubuntu1)
Patches:
Upstream:https://git.qemu.org/?p=qemu.git;a=commit;h=3d90c6254863693a6b13d918d2b8682e08bbc681
Upstream:https://git.qemu.org/?p=qemu.git;a=commit;h=28f77de26a4f9995458ddeb9d34bb06c0193bdc9
Upstream:https://git.qemu.org/?p=qemu.git;a=commit;h=115788d7a70e9ae255511ca00fc69cce06967472
More Information

Updated: 2018-02-20 22:14:42 UTC (commit 14231)