Bug 40634

Summary: qemu-kvm: multiple issues (4.1)
Product: UCS Reporter: Arvid Requate <requate>
Component: Security updatesAssignee: Philipp Hahn <hahn>
Status: CLOSED FIXED QA Contact: Erik Damrose <damrose>
Severity: normal    
Priority: P3 CC: gohmann, walkenhorst
Version: UCS 4.1Flags: requate: Patch_Available+
Target Milestone: UCS 4.1-2-errata   
Hardware: Other   
OS: Linux   
See Also: https://forge.univention.org/bugzilla/show_bug.cgi?id=40920
What kind of report is it?: Security Issue What type of bug is this?: ---
Who will be affected by this bug?: --- How will those affected feel about the bug?: ---
User Pain: Enterprise Customer affected?:
School Customer affected?: ISV affected?:
Waiting Support: Flags outvoted (downgraded) after PO Review:
Ticket number: Bug group (optional): Security
Max CVSS v3 score:
Bug Depends on:    
Bug Blocks: 40635, 42552    

Description Arvid Requate univentionstaff 2016-02-10 19:36:38 CET 
Upstream Debian package version 1.1.2+dfsg-6+deb7u12 fixes these issues:

* pcnet: heap overflow vulnerability in loopback mode (CVE-2015-7504) (XSA-162)

* net: pcnet: heap overflow vulnerability in loopback mode (CVE-2015-7504)

* Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU, when a guest NIC has a larger MTU, allows remote attackers to cause a denial of service (guest OS crash) or execute arbitrary code via a large packet. (CVE-2015-7512)

* Qemu: net: eepro100: infinite loop in processing command block list (CVE-2015-8345)

* vnc: avoid floating point exception (CVE-2015-8504)

* usb: infinite loop in ehci_advance_state results in DoS (CVE-2015-8558)

* net: ne2000: OOB r/w in ioport operations (CVE-2015-8743)

* ide: ahci use-after-free vulnerability in aio port commands (CVE-2016-1568)

* nvram: OOB r/w access in processing firmware configurations (CVE-2016-1714)

* i386: null pointer dereference in vapic_write() (CVE-2016-1922)
Comment 1 Arvid Requate univentionstaff 2016-02-17 15:34:06 CET 
The same issues effect the "qemu" package and have been fixed in version 1.1.2+dfsg-6a+deb7u12 of that package.
Comment 2 Arvid Requate univentionstaff 2016-03-17 16:29:00 CET 
1.1.2+dfsg-6+deb7u12 changelog also mentions this as fixed:

* virtio-net: possible remote DoS (CVE-2015-7295)
Comment 3 Philipp Hahn univentionstaff 2016-05-11 17:28:41 CEST 
repo_admin.py --cherrypick -r 4.0 -s errata4.0-5 --releasedest 4.1 --dest errata4.1-2 -p qemu-kvm --ignore-patch
repo_admin.py --cherrypick -r 4.0 -s errata4.0-5 --releasedest 4.1 --dest errata4.1-2 -p qemu --ignore-patch

r16502 | Bug #40634: qemu UCS-4.1-2

Package: qemu-kvm
Version: 1.1.2+dfsg-6.51.201605111106
Branch: ucs_4.1-0
Scope: errata4.1-2

=> SELECT binver,site,major,minor,patch,scope FROM binpkg WHERE binpkg='qemu-kvm' AND arch='amd64' AND site<>'testing' AND site<>'test' AND major=4 ORDER BY 1,3,4,5 ASC;
            binver            | site | major | minor | patch | scope  
------------------------------+------+-------+-------+-------+--------
 1.1.2+dfsg-6.36.201411131534 | ftp  |     4 |     0 |     0 | 
 1.1.2+dfsg-6.36.201411131534 | apt  |     4 |     0 |     0 | 
 1.1.2+dfsg-6.43.201501191249 | apt  |     4 |     0 |     0 | errata
 1.1.2+dfsg-6.43.201501191249 | ftp  |     4 |     0 |     0 | errata
 1.1.2+dfsg-6.43.201501191249 | ftp  |     4 |     0 |     1 | 
 1.1.2+dfsg-6.43.201501191249 | apt  |     4 |     0 |     1 | 
 1.1.2+dfsg-6.44.201505131916 | ftp  |     4 |     0 |     1 | errata
 1.1.2+dfsg-6.44.201505131916 | ftp  |     4 |     0 |     2 | errata
 1.1.2+dfsg-6.47.201506231351 | apt  |     4 |     0 |     2 | errata
 1.1.2+dfsg-6.47.201506231351 | ftp  |     4 |     0 |     2 | errata
 1.1.2+dfsg-6.47.201506231351 | ftp  |     4 |     0 |     3 | 
 1.1.2+dfsg-6.47.201506231351 | apt  |     4 |     0 |     3 | 
 1.1.2+dfsg-6.48.201510271706 | apt  |     4 |     0 |     3 | errata
 1.1.2+dfsg-6.48.201510271706 | ftp  |     4 |     0 |     3 | errata
 1.1.2+dfsg-6.48.201510271706 | ftp  |     4 |     0 |     4 | 
 1.1.2+dfsg-6.48.201510271706 | apt  |     4 |     0 |     4 | 
 1.1.2+dfsg-6.50.201605111104 | apt  |     4 |     0 |     5 | errata
 1.1.2+dfsg-6.51.201605111106 | apt  |     4 |     1 |     2 | errata
(18 Zeilen)


Package: qemu
Version: 1.1.2+dfsg-6a.49.201605111538
Branch: ucs_4.1-0
Scope: errata4.1-2

=> SELECT binver,site,major,minor,patch,scope FROM binpkg WHERE binpkg='qemu' AND arch='amd64' AND site<>'testing' AND site<>'test' AND major=4 ORDER BY 1,3,4,5 ASC;
            binver             | site | major | minor | patch | scope  
-------------------------------+------+-------+-------+-------+--------
 1.1.2+dfsg-6a.44.201411131204 | apt  |     4 |     0 |     0 | 
 1.1.2+dfsg-6a.44.201411131204 | ftp  |     4 |     0 |     0 | 
 1.1.2+dfsg-6a.45.201502031112 | ftp  |     4 |     0 |     1 | 
 1.1.2+dfsg-6a.45.201502031112 | apt  |     4 |     0 |     1 | 
 1.1.2+dfsg-6a.46.201605111506 | apt  |     4 |     0 |     5 | errata
 1.1.2+dfsg-6a.47.201511030926 | ftp  |     4 |     1 |     0 | 
 1.1.2+dfsg-6a.47.201511030926 | apt  |     4 |     1 |     0 | 
 1.1.2+dfsg-6a.49.201605111538 | apt  |     4 |     1 |     2 | errata
(8 Zeilen)

r69262 | Bug #40634: qemu[-kvm] UCS_4.1-2 YAML
 qemu-kvm.yaml
 qemu.yaml
Comment 4 Erik Damrose univentionstaff 2016-05-12 11:17:22 CEST 
Note: tested with libvirt update from bug #40317
OK: start, stop, snapshot, snapshot-revert, start migrated instance, VNC
OK: qemu.yaml qemu-kvm.yaml
Verified