Debian Bug report logs -
#901017
qemu: CVE-2018-11806: slirp: heap buffer overflow while reassembling fragmented datagrams
Reply or subscribe to this bug.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, team@security.debian.org, Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>
:
Bug#901017
; Package src:qemu
.
(Fri, 08 Jun 2018 03:42:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>
:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, team@security.debian.org, Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>
.
(Fri, 08 Jun 2018 03:42:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: qemu
Version: 1:2.12+dfsg-3
Severity: grave
Tags: patch security upstream
Forwarded: https://lists.gnu.org/archive/html/qemu-devel/2018-06/msg01012.html
Hi,
The following vulnerability was published for qemu.
CVE-2018-11806[0]:
slirp: heap buffer overflow while reassembling fragmented datagrams
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-11806
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11806
[1] https://lists.gnu.org/archive/html/qemu-devel/2018-06/msg01012.html
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
Marked as found in versions qemu/1:2.1+dfsg-11.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Fri, 08 Jun 2018 03:45:03 GMT) (full text, mbox, link).
Reply sent
to Michael Tokarev <mjt@tls.msk.ru>
:
You have taken responsibility.
(Wed, 12 Dec 2018 09:18:11 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>
:
Bug acknowledged by developer.
(Wed, 12 Dec 2018 09:18:12 GMT) (full text, mbox, link).
Message #12 received at 901017-close@bugs.debian.org (full text, mbox, reply):
Source: qemu
Source-Version: 1:3.1+dfsg-1
We believe that the bug you reported is fixed in the latest version of
qemu, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 901017@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Tokarev <mjt@tls.msk.ru> (supplier of updated qemu package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sun, 02 Dec 2018 19:10:27 +0300
Source: qemu
Binary: qemu qemu-system qemu-block-extra qemu-system-data qemu-system-common qemu-system-gui qemu-system-misc qemu-system-arm qemu-system-mips qemu-system-ppc qemu-system-sparc qemu-system-x86 qemu-user qemu-user-static qemu-user-binfmt qemu-utils qemu-guest-agent qemu-kvm
Architecture: source
Version: 1:3.1+dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>
Changed-By: Michael Tokarev <mjt@tls.msk.ru>
Description:
qemu - fast processor emulator, dummy package
qemu-block-extra - extra block backend modules for qemu-system and qemu-utils
qemu-guest-agent - Guest-side qemu-system agent
qemu-kvm - QEMU Full virtualization on x86 hardware
qemu-system - QEMU full system emulation binaries
qemu-system-arm - QEMU full system emulation binaries (arm)
qemu-system-common - QEMU full system emulation binaries (common files)
qemu-system-data - QEMU full system emulation (data files)
qemu-system-gui - QEMU full system emulation binaries (user interface and audio sup
qemu-system-mips - QEMU full system emulation binaries (mips)
qemu-system-misc - QEMU full system emulation binaries (miscellaneous)
qemu-system-ppc - QEMU full system emulation binaries (ppc)
qemu-system-sparc - QEMU full system emulation binaries (sparc)
qemu-system-x86 - QEMU full system emulation binaries (x86)
qemu-user - QEMU user mode emulation binaries
qemu-user-binfmt - QEMU user mode binfmt registration for qemu-user
qemu-user-static - QEMU user mode emulation binaries (static version)
qemu-utils - QEMU utilities
Closes: 795486 813658 901017 902501 902725 907500 908682 910431 911468 911469 911470 911499 912535 914599 914604 914727 915884
Changes:
qemu (1:3.1+dfsg-1) unstable; urgency=medium
.
* new upstream release (3.1)
* Security bugs fixed by upstream:
Closes: #910431, CVE-2018-10839:
integer overflow leads to buffer overflow issue
Closes: #911468, CVE-2018-17962
pcnet: integer overflow leads to buffer overflow
Closes: #911469, CVE-2018-17963
net: ignore packets with large size
Closes: #908682, CVE-2018-3639
qemu should be able to pass the ssbd cpu flag
Closes: #901017, CVE-2018-11806
m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow
via incoming fragmented datagrams
Closes: #902725, CVE-2018-12617
qmp_guest_file_read in qemu-ga has an integer overflow
Closes: #907500, CVE-2018-15746
qemu-seccomp might allow local OS guest users to cause a denial of service
Closes: #915884, CVE-2018-16867
dev-mtp: path traversal in usb_mtp_write_data of the MTP
Closes: #911499, CVE-2018-17958
Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c
because an incorrect integer data type is used
Closes: #911470, CVE-2018-18438
integer overflows because IOReadHandler and its associated functions
use a signed integer data type for a size value
Closes: #912535, CVE-2018-18849
lsi53c895a: OOB msg buffer access leads to DoS
Closes: #914604, CVE-2018-18954
pnv_lpc_do_eccb function in hw/ppc/pnv_lpc.c in Qemu before 3.1
allows out-of-bounds write or read access to PowerNV memory
Closes: #914599, CVE-2018-19364
Use-after-free due to race condition while updating fid path
Closes: #914727, CVE-2018-19489
9pfs: crash due to race condition in renaming files
* remove patches which were applied upstream
* add new manpage qemu-cpu-models.7
* qemu-system-ppcemb is gone, use qemu-system-ppc[64]
* do-not-link-everything-with-xen.patch (trivial)
* get-orig-source: handle 3.x and 4.x, and remove roms again, as
upstream wants us to use separate source packages for that stuff
* move generated data from qemu-system-data back to qemu-system-common
* d/control: enable spice on arm64 (Closes: #902501)
(probably should enable on all)
* d/control: change git@salsa urls to https
* add qemu-guest-agent.service (Closes: #795486)
* enable opengl support and virglrenderer (Closes: #813658)
* simplify d/rules just a little bit
* build-depend on libudev-dev, for qga
Checksums-Sha1:
a65a31436ea02a77c21bff8f7afa02ae05938a26 5967 qemu_3.1+dfsg-1.dsc
b6a6c31d146b13e14af253d6dc25f16ccad7d060 8705368 qemu_3.1+dfsg.orig.tar.xz
a07b0298ac2fe6be7ee5e9540fd6fc6d9c1b20ee 72160 qemu_3.1+dfsg-1.debian.tar.xz
2233f07915fcbb0daa421fca2674a139941f832b 16084 qemu_3.1+dfsg-1_source.buildinfo
Checksums-Sha256:
c1b9ec8e25ff07877505291d8c0ef235f7b81117a9a706bdf76deba857c09484 5967 qemu_3.1+dfsg-1.dsc
2f277942759dd3eed21f7e00edfeab52b4f58d6f2f22d4f7e1a8aa4dc54c80d7 8705368 qemu_3.1+dfsg.orig.tar.xz
62ccd57796c3a43d99aac37ffac4b24b7188216f719ff50b0e1ce84f058ccca5 72160 qemu_3.1+dfsg-1.debian.tar.xz
4f53f5acac8637a3716dbd1ea4380d7c08a8c1d15a1de581095963b1e76b560b 16084 qemu_3.1+dfsg-1_source.buildinfo
Files:
059657635379ae27ba846df240e16b54 5967 otherosfs optional qemu_3.1+dfsg-1.dsc
b17f33786c89d547150490811a40f0b2 8705368 otherosfs optional qemu_3.1+dfsg.orig.tar.xz
62ef7391f798ccbd2b4d5f7928033522 72160 otherosfs optional qemu_3.1+dfsg-1.debian.tar.xz
13fd8a8bb95fc80a05de9f1cb33a50ce 16084 otherosfs optional qemu_3.1+dfsg-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQFDBAEBCAAtFiEEe3O61ovnosKJMUsicBtPaxppPlkFAlwQzGwPHG1qdEB0bHMu
bXNrLnJ1AAoJEHAbT2saaT5Z+zUH/1AG3gTlCfodSE7V0FW8268LUMpsJS7mpZ/p
4K8GUdAXtH6TWN1n4vfbUeCaO+dJYHT2g0dTFqwKhJoLElhcCFH8F2pcVQPJfPQQ
YLYQIR/5Mijs+cHIpbzc7KO4Jj2umLOe0GZtEnmbXvBNGRf9/KImb8nRzSitVJSX
qlRSLsr5tLVIgBxGJynPCWYLzwAnvv6chSNBT7e/1vBvo87B1l3gL7ibRdIF3CFJ
s4mYqyYQvIwlEgOE1UKswSunQjcbjZY2ATy0DAxZw5E0ec8etX3cl/tCH8Hq6aSZ
lpDOsBZu/rRukrF3Rt7GSSPCsoLXwWUYa9mRnEsTBWzcw0pJKmc=
=1I7Y
-----END PGP SIGNATURE-----
Reply sent
to Michael Tokarev <mjt@tls.msk.ru>
:
You have taken responsibility.
(Mon, 03 Jun 2019 10:03:03 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>
:
Bug acknowledged by developer.
(Mon, 03 Jun 2019 10:03:03 GMT) (full text, mbox, link).
Message #17 received at 901017-close@bugs.debian.org (full text, mbox, reply):
Source: qemu
Source-Version: 1:2.8+dfsg-6+deb9u6
We believe that the bug you reported is fixed in the latest version of
qemu, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 901017@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Tokarev <mjt@tls.msk.ru> (supplier of updated qemu package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 29 May 2019 14:39:09 +0300
Source: qemu
Binary: qemu qemu-system qemu-block-extra qemu-system-common qemu-system-misc qemu-system-arm qemu-system-mips qemu-system-ppc qemu-system-sparc qemu-system-x86 qemu-user qemu-user-static qemu-user-binfmt qemu-utils qemu-guest-agent qemu-kvm
Architecture: source
Version: 1:2.8+dfsg-6+deb9u6
Distribution: stretch-security
Urgency: medium
Maintainer: Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>
Changed-By: Michael Tokarev <mjt@tls.msk.ru>
Description:
qemu - fast processor emulator
qemu-block-extra - extra block backend modules for qemu-system and qemu-utils
qemu-guest-agent - Guest-side qemu-system agent
qemu-kvm - QEMU Full virtualization on x86 hardware
qemu-system - QEMU full system emulation binaries
qemu-system-arm - QEMU full system emulation binaries (arm)
qemu-system-common - QEMU full system emulation binaries (common files)
qemu-system-mips - QEMU full system emulation binaries (mips)
qemu-system-misc - QEMU full system emulation binaries (miscellaneous)
qemu-system-ppc - QEMU full system emulation binaries (ppc)
qemu-system-sparc - QEMU full system emulation binaries (sparc)
qemu-system-x86 - QEMU full system emulation binaries (x86)
qemu-user - QEMU user mode emulation binaries
qemu-user-binfmt - QEMU user mode binfmt registration for qemu-user
qemu-user-static - QEMU user mode emulation binaries (static version)
qemu-utils - QEMU utilities
Closes: 901017 902725 911499 912535 914599 914604 914727 916397 921525 922635 929067 929353
Changes:
qemu (1:2.8+dfsg-6+deb9u6) stretch-security; urgency=medium
.
[ Moritz Mühlenhoff <jmm@debian.org> ]
* slirp-correct-size-computation-concatenating-mbuf-CVE-2018-11806.patch
(Closes: #901017, CVE-2018-11806)
* qga-check-bytes-count-read-by-guest-file-read-CVE-2018-12617.patch
(Closes: #902725, CVE-2018-12617)
* usb-mtp-use-O_NOFOLLOW-and-O_CLOEXEC-CVE-2018-16872.patch
(Closes: #916397, CVE-2018-16872)
* rtl8139-fix-possible-out-of-bound-access-CVE-2018-17958.patch
(Closes: #911499, CVE-2018-17958)
* lsi53c895a-check-message-length-value-is-valid-CVE-2018-18849.patch
(Closes: #912535, CVE-2018-18849)
* ppc-pnv-check-size-before-data-buffer-access-CVE-2018-18954.patch
(Closes: #914604, CVE-2018-18954)
* 9p-write-lock-path-in-v9fs-co_open2.patch
9p-take-write-lock-on-fid-path-updates-CVE-2018-19364.patch
(Closes: #914599, CVE-2018-19364)
* 9p-fix-QEMU-crash-when-renaming-files-CVE-2018-19489.patch
(Closes: #914727, CVE-2018-19489)
* i2c-ddc-fix-oob-read-CVE-2019-3812.patch
(Closes: #922635, CVE-2019-3812)
* slirp-check-data-length-while-emulating-ident-function-CVE-2019-6778.patch
(Closes: #921525, CVE-2019-6778)
* slirp-check-sscanf-result-when-emulating-ident-CVE-2019-9824.patch
(Closes: CVE-2019-9824)
.
[ Michael Tokarev ]
* enable-md-clear.patch
define new CPUID for MDS
(Closes: #929067)
(Closes: CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091)
* qxl-check-release-info-object-CVE-2019-12155.patch
fixes null-pointer deref in qxl cleanup code
(Closes: #929353, CVE-2019-12155)
Checksums-Sha1:
77f1affa75e189d4d4fd18afabecb85029f95ad2 5579 qemu_2.8+dfsg-6+deb9u6.dsc
a95daacb4ec953c972e6f06fc20b8b2311e13c99 160688 qemu_2.8+dfsg-6+deb9u6.debian.tar.xz
5ab201d41676fc348109796dab1b77e7ace9a6d6 10688 qemu_2.8+dfsg-6+deb9u6_source.buildinfo
Checksums-Sha256:
3c478c5b3cf794795c042bfaab007c4c938850461bb675b7bd3935ac4f896857 5579 qemu_2.8+dfsg-6+deb9u6.dsc
0bf185c3a72d400e82785a82ce91fd7128f87676e7ffa07eeec0c813deb54a19 160688 qemu_2.8+dfsg-6+deb9u6.debian.tar.xz
faa2372a78580657b43f9f223af24feec00f4f5d7ab0fc9ab6a31bc070d007d5 10688 qemu_2.8+dfsg-6+deb9u6_source.buildinfo
Files:
f13b237940ede0bf4c7945642471bcbc 5579 otherosfs optional qemu_2.8+dfsg-6+deb9u6.dsc
6a4872d066b015bdf56e33abdb8de50d 160688 otherosfs optional qemu_2.8+dfsg-6+deb9u6.debian.tar.xz
a9009de8c777f4dc0e21ba5e2486a0cd 10688 otherosfs optional qemu_2.8+dfsg-6+deb9u6_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQFDBAEBCAAtFiEEe3O61ovnosKJMUsicBtPaxppPlkFAlzudGgPHG1qdEB0bHMu
bXNrLnJ1AAoJEHAbT2saaT5Zt4AIAMZySkKhcHSGSv5vncIrNwXFB9kz8+cnpQnl
BSEclrxy9FskwVuakN7tyHHB9GrhPfnascHbd0+mJIJffWeIr6RxNrcdAEJxspos
xcEVx/0PDe6agrziFMjdciQAbbp/LCsS3p2FLvsIs5q4bD2xjYIKamxBXj48npd5
H1Q+fe/cm4MPiGwhYMhKD4M3nZ6FLafCats1KSMPIJqCAOZDke8PxtEu9Zs23n+q
dQZT3et0ufLFtUCvQJCt/kObetJyKEemBtWmHt0mg27tAmPD8DaU8rC8jMo0WZ8w
v+nAsGPGtqEJsHyFHuK+/b89eCUZTaigbQNVcaRG3mOvpSqX+Zs=
=PcmR
-----END PGP SIGNATURE-----
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 13:40:59 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.