Bug 29907 - qemu-kvm: Buffer overflows (3.1)
qemu-kvm: Buffer overflows (3.1)
Status: CLOSED WONTFIX
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 3.0
Other Linux
: P3 normal (vote)
: UCS 3.1-x-errata
Assigned To: Security maintainers
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2013-01-02 17:12 CET by Moritz Muehlenhoff
Modified: 2019-04-11 19:24 CEST (History)
0 users

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Moritz Muehlenhoff univentionstaff 2013-01-02 17:12:44 CET
Buffer overflow in the e1000 driver (CVE-2012-6075)
Comment 1 Moritz Muehlenhoff univentionstaff 2014-03-14 14:30:25 CET
There a long range of security issues which will not be backported to UCS 3.x:

CVE-2013-4148 CVE-2013-4149 CVE-2013-4150 CVE-2013-4151 CVE-2013-4526 CVE-2013-4527 CVE-2013-4529 CVE-2013-4530 CVE-2013-4531 CVE-2013-4532 CVE-2013-4533 CVE-2013-4534 CVE-2013-4535 CVE-2013-4536 CVE-2013-4537 CVE-2013-4538 CVE-2013-4539 CVE-2013-4540 CVE-2013-4541 CVE-2013-4542 CVE-2013-6399

These are all about saving/restoring the status of VMs. This would allow theoretical attacks where malformed status files of a VM are migrated to a different host and triggering code execution. In UCS all UVMM nodes are under the control of the administrator.
Comment 2 Moritz Muehlenhoff univentionstaff 2014-04-14 07:48:14 CEST
Buffer overflow in virtio-net (CVE-2014-0150)
Comment 3 Moritz Muehlenhoff univentionstaff 2014-04-22 07:47:26 CEST
Buffer overflow in processing SMART commands in the emulated IDE adaptor (CVE-2014-2894)
Comment 4 Moritz Muehlenhoff univentionstaff 2014-04-22 08:39:52 CEST
CVE-2014-0142: Denial of service through division by zero in parallels driver
CVE-2014-0143: Integer overflows in various block drivers
CVE-2014-0144: Memory corruption in various block drivers
CVE-2014-0145: Buffer overflows in block drivers
CVE-2014-0146: NULL pointer dereference in qcow driver
CVE-2014-0147: Missing input sanitising in qcow driver
Comment 5 Moritz Muehlenhoff univentionstaff 2014-04-22 09:20:56 CEST
CVE-2014-0182 virtio: out-of-bounds buffer write on state load with invalid config_len
Comment 6 Moritz Muehlenhoff univentionstaff 2014-06-02 07:59:18 CEST
The maintenance with bug and security fixes for UCS 3.1-x has ended on 31st of May 2014.

The maintenance of the UCS 3.x major series is continued by UCS 3.2-x that is supplied with bug and security fixes.

Customers still on UCS 3.1-x are encouraged to update to UCS 3.2. Please contact your partner or Univention for any questions.