Univention Bugzilla – Bug 29907
qemu-kvm: Buffer overflows (3.1)
Last modified: 2019-04-11 19:24:52 CEST
Buffer overflow in the e1000 driver (CVE-2012-6075)
There a long range of security issues which will not be backported to UCS 3.x: CVE-2013-4148 CVE-2013-4149 CVE-2013-4150 CVE-2013-4151 CVE-2013-4526 CVE-2013-4527 CVE-2013-4529 CVE-2013-4530 CVE-2013-4531 CVE-2013-4532 CVE-2013-4533 CVE-2013-4534 CVE-2013-4535 CVE-2013-4536 CVE-2013-4537 CVE-2013-4538 CVE-2013-4539 CVE-2013-4540 CVE-2013-4541 CVE-2013-4542 CVE-2013-6399 These are all about saving/restoring the status of VMs. This would allow theoretical attacks where malformed status files of a VM are migrated to a different host and triggering code execution. In UCS all UVMM nodes are under the control of the administrator.
Buffer overflow in virtio-net (CVE-2014-0150)
Buffer overflow in processing SMART commands in the emulated IDE adaptor (CVE-2014-2894)
CVE-2014-0142: Denial of service through division by zero in parallels driver CVE-2014-0143: Integer overflows in various block drivers CVE-2014-0144: Memory corruption in various block drivers CVE-2014-0145: Buffer overflows in block drivers CVE-2014-0146: NULL pointer dereference in qcow driver CVE-2014-0147: Missing input sanitising in qcow driver
CVE-2014-0182 virtio: out-of-bounds buffer write on state load with invalid config_len
The maintenance with bug and security fixes for UCS 3.1-x has ended on 31st of May 2014. The maintenance of the UCS 3.x major series is continued by UCS 3.2-x that is supplied with bug and security fixes. Customers still on UCS 3.1-x are encouraged to update to UCS 3.2. Please contact your partner or Univention for any questions.