On 24 March 2015 at 15:51, Gerd Hoffmann <kra...@redhat.com> wrote: > On Mo, 2015-03-23 at 22:58 +0000, Daniel P. Berrange wrote: >> The VNC websockets protocol decoder has two places where it did >> not correctly limit its resource usage when processing data from >> the client. This can be abused by a malicious client to cause QEMU >> to consume all system memory, unless it is otherwise limited by >> ulimits and/or cgroups. These problems can be triggered in the >> websockets layer before the VNC protocol actually starts, so no >> client authentication will have taken place at this point. > > Hmm, with patch 1/2 applied novnc disconnects frequently. Boot messages > on the text (framebuffer) console seems to work fine. But after logging > in via gdm and trying to do stuff in gnome shell problems are starting.
Any further progress here? Ideally I'd like to get a fix for this CVE into rc2... thanks -- PMM
