CVE-2017-2615

Priority
Description
Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support
is vulnerable to an out-of-bounds access issue. It could occur while
copying VGA data via bitblt copy in backward mode. A privileged user inside
a guest could use this flaw to crash the QEMU process resulting in DoS or
potentially execute arbitrary code on the host with privileges of QEMU
process on the host.
Notes
 sarnold> apparently introduced by the fix for CVE-2014-8106
Package
Source: qemu (LP Ubuntu Debian)
Upstream:needed
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):released (2.0.0+dfsg-2ubuntu1.33)
Ubuntu 16.04 LTS (Xenial Xerus):released (1:2.5+dfsg-5ubuntu10.11)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (1:2.8+dfsg-3ubuntu2)
Ubuntu 18.10 (Cosmic Cuttlefish):not-affected (1:2.8+dfsg-3ubuntu2)
Ubuntu 19.04 (Disco Dingo):not-affected (1:2.8+dfsg-3ubuntu2)
Patches:
Upstream:http://git.qemu-project.org/?p=qemu.git;a=commit;h=62d4c6bd5263bb8413a06c80144fc678df6dfb64
Package
Upstream:needed
Ubuntu 12.04 ESM (Precise Pangolin):needed
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Package
Source: xen (LP Ubuntu Debian)
Upstream:needed
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needed)
Ubuntu 14.04 LTS (Trusty Tahr):released (4.4.2-0ubuntu0.14.04.11)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (uses system qemu)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (uses system qemu)
Ubuntu 18.10 (Cosmic Cuttlefish):not-affected (uses system qemu)
Ubuntu 19.04 (Disco Dingo):not-affected (uses system qemu)
More Information

Updated: 2019-01-14 21:25:40 UTC (commit 51f9b73af244ba86b9321e46e526586c25a8e060)