-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Package: qemu Version: 2.1+dfsg-4 Severity: important Tags: security, fixed-upstream
Hi, When guest sends udp packet with source port and source addr 0, uninitialized socket is picked up when looking for matching and already created udp sockets, and later passed to sosendto() where NULL pointer dereference is hit during so->slirp->vnetwork_mask.s_addr access. Fix this by checking that the socket is not just a socket stub. Please see this discussion for more information: http://lists.nongnu.org/archive/html/qemu-devel/2014-09/msg03543.html - --- Henri Salo -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlQhGTkACgkQXf6hBi6kbk/46gCfbwwiaD3Zdfbo5z57NihRYfvJ J34An0KG/kIRMQlB9CYUgcwM9net67oc =7klY -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
