Debian Bug report logs -
#921525
CVE-2019-6778 slirp: heap buffer overflow in tcp_emu()
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>:
Bug#921525; Package src:qemu.
(Wed, 06 Feb 2019 14:18:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Michael Tokarev <mjt@tls.msk.ru>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>.
(Wed, 06 Feb 2019 14:18:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: qemu
Version: 1:2.8+dfsg-6
Severity: important
Tags: security upstream patch
From P J P <ppandit@redhat.com>:
A heap buffer overflow issue was found in the SLiRP networking implementation of the QEMU emulator. It occurs in tcp_emu() routine while emulating Identification protocol and copying message data to a socket buffer.
A user/process could use this flaw to crash the Qemu process on the host resulting in DoS or potentially execute arbitrary code with privileges of the QEMU process.
Upstream patch:
---------------
-> https://lists.gnu.org/archive/html/qemu-devel/2019-01/msg03132.html
This issue was reported by Kira from Tencent Keen Security Lab.
CVE-2019-6778 assigned via -> http://cveform.mitre.org/
Reply sent
to Michael Tokarev <mjt@tls.msk.ru>:
You have taken responsibility.
(Wed, 06 Feb 2019 15:09:35 GMT) (full text, mbox, link).
Notification sent
to Michael Tokarev <mjt@tls.msk.ru>:
Bug acknowledged by developer.
(Wed, 06 Feb 2019 15:09:35 GMT) (full text, mbox, link).
Message #12 received at 921525-close@bugs.debian.org (full text, mbox, reply):
Source: qemu
Source-Version: 1:3.1+dfsg-3
We believe that the bug you reported is fixed in the latest version of
qemu, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 921525@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Tokarev <mjt@tls.msk.ru> (supplier of updated qemu package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 06 Feb 2019 12:23:01 +0300
Source: qemu
Binary: qemu qemu-system qemu-block-extra qemu-system-data qemu-system-common qemu-system-gui qemu-system-misc qemu-system-arm qemu-system-mips qemu-system-ppc qemu-system-sparc qemu-system-x86 qemu-user qemu-user-static qemu-user-binfmt qemu-utils qemu-guest-agent qemu-kvm
Architecture: source
Version: 1:3.1+dfsg-3
Distribution: unstable
Urgency: medium
Maintainer: Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>
Changed-By: Michael Tokarev <mjt@tls.msk.ru>
Description:
qemu - fast processor emulator, dummy package
qemu-block-extra - extra block backend modules for qemu-system and qemu-utils
qemu-guest-agent - Guest-side qemu-system agent
qemu-kvm - QEMU Full virtualization on x86 hardware
qemu-system - QEMU full system emulation binaries
qemu-system-arm - QEMU full system emulation binaries (arm)
qemu-system-common - QEMU full system emulation binaries (common files)
qemu-system-data - QEMU full system emulation (data files)
qemu-system-gui - QEMU full system emulation binaries (user interface and audio sup
qemu-system-mips - QEMU full system emulation binaries (mips)
qemu-system-misc - QEMU full system emulation binaries (miscellaneous)
qemu-system-ppc - QEMU full system emulation binaries (ppc)
qemu-system-sparc - QEMU full system emulation binaries (sparc)
qemu-system-x86 - QEMU full system emulation binaries (x86)
qemu-user - QEMU user mode emulation binaries
qemu-user-binfmt - QEMU user mode binfmt registration for qemu-user
qemu-user-static - QEMU user mode emulation binaries (static version)
qemu-utils - QEMU utilities
Closes: 881527 889885 892945 901407 913103 916279 916442 918378 919668 920032 920222 921525
Changes:
qemu (1:3.1+dfsg-3) unstable; urgency=medium
.
[ Michael Tokarev ]
* mention #696289 closed by 2.10
* move ovmf to recommends on debian and update aarch ovmf refs
(Closes: #889885)
* remove /dev/kvm permission handling (moved to systemd 239-6)
(Closes: #892945)
* build qemu-palcode using alpha cross-compiler
(Closes: #913103)
* fix path in qemu-guest-agent.service (#918378), fixs Bind[s]To
(Closes: #918378
* use int for sparc64 timeval.tv_usec
(Closes: #920032)
* build-depend on libglusterfs-dev not glusterfs-common
(Closes: #919668, #881527)
* add breaks: qemu-system-data to qemu-system-common,
to close #916279 completely (all this can be removed after buster)
(Closes: #916279)
* scsi-generic-avoid-possible-oob-access-to-r-buf-CVE-2019-6501.patch
(Closes: #920222, CVE-2019-6501)
* slirp-check-data-length-while-emulating-ident-function-CVE-2019-6778.patch
(Closes: #921525)
* pvrdma-release-device-resources-on-error-CVE-2018-20123.patch
(Closes: #916442, CVE-2018-20123)
* enable rdma and pvrdma, build-depend on
librdmacm-dev, libibverbs-dev, libibumad-dev
* sync debian/qemu-user-static.1 and debian/qemu-user.1 generate the latter
from the former (finally Closes: #901407)
* move ivshmem-server & ivshmem-client from qemu-utils to qemu-system-common
(the binaries are also specific to qemu-system, not useable alone)
* move qemu-pr-helper from qemu-utils to qemu-system-common -
this is an internal qemu-system helper, with possible socket activation,
not intended for use outside of qemu-system
.
[ Christian Ehrhardt ]
* qemu-guest-agent: freeze-hook to ignore dpkg files (packaging changes)
Checksums-Sha1:
da1d5534154ec9311bccd64a6ef8386afb81d60f 6120 qemu_3.1+dfsg-3.dsc
de89565e70b77300575bf6a74c11f0d170c2bdb8 82652 qemu_3.1+dfsg-3.debian.tar.xz
913c2f13d59d3118df2bd9d5ed525907cf4d38d4 16381 qemu_3.1+dfsg-3_source.buildinfo
Checksums-Sha256:
95e36c31959ad65627467ade4e69dde307860df5382b59bdf579b26a961a6266 6120 qemu_3.1+dfsg-3.dsc
6c1ccc131e59d6387c6f37be263f2a528895443646ec32159c41abf5dd71a812 82652 qemu_3.1+dfsg-3.debian.tar.xz
4708a20d6111a6d8eb34b73d3f6bfa0a532001b89b3d071eae6ce3a6ed495e4d 16381 qemu_3.1+dfsg-3_source.buildinfo
Files:
bf5e175fc0c9e87126b383b998665cfa 6120 otherosfs optional qemu_3.1+dfsg-3.dsc
bfc662b1cf7bb71a02e644a9fb85acc1 82652 otherosfs optional qemu_3.1+dfsg-3.debian.tar.xz
367b7f156d180504d19b8030bc1e07a6 16381 otherosfs optional qemu_3.1+dfsg-3_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQFDBAEBCAAtFiEEe3O61ovnosKJMUsicBtPaxppPlkFAlxa7mEPHG1qdEB0bHMu
bXNrLnJ1AAoJEHAbT2saaT5ZHPcH/irm4PoCiW2YpuqioEiv4jb9+Vtffndugoix
i59LgCW0xUuiHJXRPK6ZY32Wjcvkb43ZbzAQYiZmh6NVoS3RZJccv3h6O/fSaQJ6
2CQpIqtXkoXw82WJ6kOEfq5dj1tcyRNSxL504JsfaJ8ns5T5EemSMV4jsxocckBF
zW9bR9Cd40wbkcF6Q2NkFhZARQmcUj1pFjx0WqMhTco3AHSeFspLDe1OW06DqMWK
W7uoP8ITTUnM4BqIXQVIoV0VY7ocNz+0ElPQInkwzf+iBPBIgaPlmtbafTIwDqTZ
UYnj2HhABaP6M2T3oStKMsISGhJs/qKJ0x9CeXLcPB1U7pMow20=
=EGC1
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sat, 04 May 2019 07:26:29 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 14:51:32 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon