Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2016-9603

A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process.

Related bugs and status

CVE-2016-9603 (Candidate) is related to these bugs:

Bug #1647389: Regression: Live migrations can still crash after CVE-2016-5403 fix

Summary				In	Importance	Status
	1647389	Regression: Live migrations can still crash after CVE-2016-5403 fix		qemu (Ubuntu)	High	Fix Released
	1647389	Regression: Live migrations can still crash after CVE-2016-5403 fix		qemu (Ubuntu Xenial)	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: https://bugzilla.redha...
MLIST: [debian-lts-announce] ...
CONFIRM: https://support.citrix...
GENTOO: GLSA-201706-03
REDHAT: RHSA-2017:0980
REDHAT: RHSA-2017:0981
REDHAT: RHSA-2017:0982
REDHAT: RHSA-2017:0983
REDHAT: RHSA-2017:0984
REDHAT: RHSA-2017:0985
REDHAT: RHSA-2017:0987
REDHAT: RHSA-2017:0988
REDHAT: RHSA-2017:1205
REDHAT: RHSA-2017:1206
REDHAT: RHSA-2017:1441
BID: 96893
SECTRACK: 1038023
MLIST: [debian-lts-announce] ...