Source: qemu Version: 1:2.8+dfsg-6 Severity: important Tags: security upstream patch
>From P J P <ppan...@redhat.com>: A heap buffer overflow issue was found in the SLiRP networking implementation of the QEMU emulator. It occurs in tcp_emu() routine while emulating Identification protocol and copying message data to a socket buffer. A user/process could use this flaw to crash the Qemu process on the host resulting in DoS or potentially execute arbitrary code with privileges of the QEMU process. Upstream patch: --------------- -> https://lists.gnu.org/archive/html/qemu-devel/2019-01/msg03132.html This issue was reported by Kira from Tencent Keen Security Lab. CVE-2019-6778 assigned via -> http://cveform.mitre.org/
