Bug 40634 - qemu-kvm: multiple issues (4.1)
qemu-kvm: multiple issues (4.1)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 4.1
Other Linux
: P3 normal (vote)
: UCS 4.1-2-errata
Assigned To: Philipp Hahn
Erik Damrose
:
Depends on:
Blocks: 40635 42552
  Show dependency treegraph
 
Reported: 2016-02-10 19:36 CET by Arvid Requate
Modified: 2016-10-05 12:46 CEST (History)
2 users (show)

See Also:
What kind of report is it?: Security Issue
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Ticket number:
Bug group (optional): Security
Max CVSS v3 score:
requate: Patch_Available+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Arvid Requate univentionstaff 2016-02-10 19:36:38 CET
Upstream Debian package version 1.1.2+dfsg-6+deb7u12 fixes these issues:

* pcnet: heap overflow vulnerability in loopback mode (CVE-2015-7504) (XSA-162)

* net: pcnet: heap overflow vulnerability in loopback mode (CVE-2015-7504)

* Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU, when a guest NIC has a larger MTU, allows remote attackers to cause a denial of service (guest OS crash) or execute arbitrary code via a large packet. (CVE-2015-7512)

* Qemu: net: eepro100: infinite loop in processing command block list (CVE-2015-8345)

* vnc: avoid floating point exception (CVE-2015-8504)

* usb: infinite loop in ehci_advance_state results in DoS (CVE-2015-8558)

* net: ne2000: OOB r/w in ioport operations (CVE-2015-8743)

* ide: ahci use-after-free vulnerability in aio port commands (CVE-2016-1568)

* nvram: OOB r/w access in processing firmware configurations (CVE-2016-1714)

* i386: null pointer dereference in vapic_write() (CVE-2016-1922)
Comment 1 Arvid Requate univentionstaff 2016-02-17 15:34:06 CET
The same issues effect the "qemu" package and have been fixed in version 1.1.2+dfsg-6a+deb7u12 of that package.
Comment 2 Arvid Requate univentionstaff 2016-03-17 16:29:00 CET
1.1.2+dfsg-6+deb7u12 changelog also mentions this as fixed:

* virtio-net: possible remote DoS (CVE-2015-7295)
Comment 3 Philipp Hahn univentionstaff 2016-05-11 17:28:41 CEST
repo_admin.py --cherrypick -r 4.0 -s errata4.0-5 --releasedest 4.1 --dest errata4.1-2 -p qemu-kvm --ignore-patch
repo_admin.py --cherrypick -r 4.0 -s errata4.0-5 --releasedest 4.1 --dest errata4.1-2 -p qemu --ignore-patch

r16502 | Bug #40634: qemu UCS-4.1-2

Package: qemu-kvm
Version: 1.1.2+dfsg-6.51.201605111106
Branch: ucs_4.1-0
Scope: errata4.1-2

=> SELECT binver,site,major,minor,patch,scope FROM binpkg WHERE binpkg='qemu-kvm' AND arch='amd64' AND site<>'testing' AND site<>'test' AND major=4 ORDER BY 1,3,4,5 ASC;
            binver            | site | major | minor | patch | scope  
------------------------------+------+-------+-------+-------+--------
 1.1.2+dfsg-6.36.201411131534 | ftp  |     4 |     0 |     0 | 
 1.1.2+dfsg-6.36.201411131534 | apt  |     4 |     0 |     0 | 
 1.1.2+dfsg-6.43.201501191249 | apt  |     4 |     0 |     0 | errata
 1.1.2+dfsg-6.43.201501191249 | ftp  |     4 |     0 |     0 | errata
 1.1.2+dfsg-6.43.201501191249 | ftp  |     4 |     0 |     1 | 
 1.1.2+dfsg-6.43.201501191249 | apt  |     4 |     0 |     1 | 
 1.1.2+dfsg-6.44.201505131916 | ftp  |     4 |     0 |     1 | errata
 1.1.2+dfsg-6.44.201505131916 | ftp  |     4 |     0 |     2 | errata
 1.1.2+dfsg-6.47.201506231351 | apt  |     4 |     0 |     2 | errata
 1.1.2+dfsg-6.47.201506231351 | ftp  |     4 |     0 |     2 | errata
 1.1.2+dfsg-6.47.201506231351 | ftp  |     4 |     0 |     3 | 
 1.1.2+dfsg-6.47.201506231351 | apt  |     4 |     0 |     3 | 
 1.1.2+dfsg-6.48.201510271706 | apt  |     4 |     0 |     3 | errata
 1.1.2+dfsg-6.48.201510271706 | ftp  |     4 |     0 |     3 | errata
 1.1.2+dfsg-6.48.201510271706 | ftp  |     4 |     0 |     4 | 
 1.1.2+dfsg-6.48.201510271706 | apt  |     4 |     0 |     4 | 
 1.1.2+dfsg-6.50.201605111104 | apt  |     4 |     0 |     5 | errata
 1.1.2+dfsg-6.51.201605111106 | apt  |     4 |     1 |     2 | errata
(18 Zeilen)


Package: qemu
Version: 1.1.2+dfsg-6a.49.201605111538
Branch: ucs_4.1-0
Scope: errata4.1-2

=> SELECT binver,site,major,minor,patch,scope FROM binpkg WHERE binpkg='qemu' AND arch='amd64' AND site<>'testing' AND site<>'test' AND major=4 ORDER BY 1,3,4,5 ASC;
            binver             | site | major | minor | patch | scope  
-------------------------------+------+-------+-------+-------+--------
 1.1.2+dfsg-6a.44.201411131204 | apt  |     4 |     0 |     0 | 
 1.1.2+dfsg-6a.44.201411131204 | ftp  |     4 |     0 |     0 | 
 1.1.2+dfsg-6a.45.201502031112 | ftp  |     4 |     0 |     1 | 
 1.1.2+dfsg-6a.45.201502031112 | apt  |     4 |     0 |     1 | 
 1.1.2+dfsg-6a.46.201605111506 | apt  |     4 |     0 |     5 | errata
 1.1.2+dfsg-6a.47.201511030926 | ftp  |     4 |     1 |     0 | 
 1.1.2+dfsg-6a.47.201511030926 | apt  |     4 |     1 |     0 | 
 1.1.2+dfsg-6a.49.201605111538 | apt  |     4 |     1 |     2 | errata
(8 Zeilen)

r69262 | Bug #40634: qemu[-kvm] UCS_4.1-2 YAML
 qemu-kvm.yaml
 qemu.yaml
Comment 4 Erik Damrose univentionstaff 2016-05-12 11:17:22 CEST
Note: tested with libvirt update from bug #40317
OK: start, stop, snapshot, snapshot-revert, start migrated instance, VNC
OK: qemu.yaml qemu-kvm.yaml
Verified