Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-2894: bochs guest OS local user DoS https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=241799 bugzilla(a)redhat.com changed: What |Removed |Added ---------------------------------------------------------------------------- Product|Fedora Extras |Fedora ------- Additional Comments From j.w.r.degoede(a)hhs.nl 2007-07-18 13:37 EST ------- Since upstream isn't making any progress with regards to this, I've investigated this a bit further. This CVS stems from someone doing virtual machine / pc research and the original report mentions not one but 2 vulnerabilities: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2893 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2894 2893 is a reproducible, most likely exploitable, buffer overflow in the ne2000 driver. For which a fix is in CVS, I will issue a fixed package for this shortly 2894 is a report of a divide by zero error in the floppy, which the researcher managed to trigger once by feeding random bytes to the emulated floppy controller. This is not reproducable, and upstream has audited the code and can not find any divide by zero conditions, so I'm assuming this issue is moot. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-2894: bochs guest OS local user DoS https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=241799 updates(a)fedoraproject.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |CLOSED Resolution| |ERRATA Fixed In Version| |2.3-5.fc7 -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-2894: bochs guest OS local user DoS https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=241799 j.w.r.degoede(a)hhs.nl changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|ERRATA |CURRENTRELEASE Fixed In Version|2.3-5.fc7 |2.3-5 ------- Additional Comments From j.w.r.degoede(a)hhs.nl 2007-08-02 18:13 EST ------- The FC-6 version was fixed at the same time as the F-7 version, but no bodhi, so no anouncement, closing again. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-2894: bochs guest OS local user DoS https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=241799 ------- Additional Comments From updates(a)fedoraproject.org 2007-08-24 01:41 EST ------- bochs-2.3-7.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.