Univention Bugzilla – Full Text Bug Listing |
Summary: | qemu-kvm: Buffer overflows (3.1) | ||
---|---|---|---|
Product: | UCS | Reporter: | Moritz Muehlenhoff <jmm> |
Component: | Security updates | Assignee: | Security maintainers <security-maintainers> |
Status: | CLOSED WONTFIX | QA Contact: | |
Severity: | normal | ||
Priority: | P3 | ||
Version: | UCS 3.0 | ||
Target Milestone: | UCS 3.1-x-errata | ||
Hardware: | Other | ||
OS: | Linux | ||
What kind of report is it?: | --- | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | ||
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | ||
Max CVSS v3 score: |
Description
Moritz Muehlenhoff
2013-01-02 17:12:44 CET
There a long range of security issues which will not be backported to UCS 3.x: CVE-2013-4148 CVE-2013-4149 CVE-2013-4150 CVE-2013-4151 CVE-2013-4526 CVE-2013-4527 CVE-2013-4529 CVE-2013-4530 CVE-2013-4531 CVE-2013-4532 CVE-2013-4533 CVE-2013-4534 CVE-2013-4535 CVE-2013-4536 CVE-2013-4537 CVE-2013-4538 CVE-2013-4539 CVE-2013-4540 CVE-2013-4541 CVE-2013-4542 CVE-2013-6399 These are all about saving/restoring the status of VMs. This would allow theoretical attacks where malformed status files of a VM are migrated to a different host and triggering code execution. In UCS all UVMM nodes are under the control of the administrator. Buffer overflow in virtio-net (CVE-2014-0150) Buffer overflow in processing SMART commands in the emulated IDE adaptor (CVE-2014-2894) CVE-2014-0142: Denial of service through division by zero in parallels driver CVE-2014-0143: Integer overflows in various block drivers CVE-2014-0144: Memory corruption in various block drivers CVE-2014-0145: Buffer overflows in block drivers CVE-2014-0146: NULL pointer dereference in qcow driver CVE-2014-0147: Missing input sanitising in qcow driver CVE-2014-0182 virtio: out-of-bounds buffer write on state load with invalid config_len The maintenance with bug and security fixes for UCS 3.1-x has ended on 31st of May 2014. The maintenance of the UCS 3.x major series is continued by UCS 3.2-x that is supplied with bug and security fixes. Customers still on UCS 3.1-x are encouraged to update to UCS 3.2. Please contact your partner or Univention for any questions. |