qemu: CVE-2019-12155: qxl: null pointer dereference while releasing speice resources

Debian Bug report logs - #929353
qemu: CVE-2019-12155: qxl: null pointer dereference while releasing speice resources

Reply or subscribe to this bug.

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: qemu: CVE-2019-12155: qxl: null pointer dereference while releasing speice resources

Date: Wed, 22 May 2019 10:00:01 +0200

Source: qemu
Version: 1:3.1+dfsg-7
Severity: important
Tags: patch security upstream

Hi,

The following vulnerability was published for qemu.

CVE-2019-12155[0]:
qxl: null pointer dereference while releasing spice resources

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2019-12155
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12155
[1] https://www.openwall.com/lists/oss-security/2019/05/22/1
[2] https://git.qemu.org/?p=qemu.git;a=commit;h=d52680fc932efb8a2f334cc6993e705ed1e31e99

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Message #10 received at 929353-close@bugs.debian.org (full text, mbox, reply):

From: Michael Tokarev <mjt@tls.msk.ru>

To: 929353-close@bugs.debian.org

Subject: Bug#929353: fixed in qemu 1:3.1+dfsg-8

Date: Tue, 28 May 2019 07:18:46 +0000

Source: qemu
Source-Version: 1:3.1+dfsg-8

We believe that the bug you reported is fixed in the latest version of
qemu, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 929353@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Tokarev <mjt@tls.msk.ru> (supplier of updated qemu package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 27 May 2019 07:49:25 +0300
Source: qemu
Binary: qemu qemu-system qemu-block-extra qemu-system-data qemu-system-common qemu-system-gui qemu-system-misc qemu-system-arm qemu-system-mips qemu-system-ppc qemu-system-sparc qemu-system-x86 qemu-user qemu-user-static qemu-user-binfmt qemu-utils qemu-guest-agent qemu-kvm
Architecture: source
Version: 1:3.1+dfsg-8
Distribution: unstable
Urgency: high
Maintainer: Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>
Changed-By: Michael Tokarev <mjt@tls.msk.ru>
Description:
 qemu       - fast processor emulator, dummy package
 qemu-block-extra - extra block backend modules for qemu-system and qemu-utils
 qemu-guest-agent - Guest-side qemu-system agent
 qemu-kvm   - QEMU Full virtualization on x86 hardware
 qemu-system - QEMU full system emulation binaries
 qemu-system-arm - QEMU full system emulation binaries (arm)
 qemu-system-common - QEMU full system emulation binaries (common files)
 qemu-system-data - QEMU full system emulation (data files)
 qemu-system-gui - QEMU full system emulation binaries (user interface and audio sup
 qemu-system-mips - QEMU full system emulation binaries (mips)
 qemu-system-misc - QEMU full system emulation binaries (miscellaneous)
 qemu-system-ppc - QEMU full system emulation binaries (ppc)
 qemu-system-sparc - QEMU full system emulation binaries (sparc)
 qemu-system-x86 - QEMU full system emulation binaries (x86)
 qemu-user  - QEMU user mode emulation binaries
 qemu-user-binfmt - QEMU user mode binfmt registration for qemu-user
 qemu-user-static - QEMU user mode emulation binaries (static version)
 qemu-utils - QEMU utilities
Closes: 927439 927763 929067 929261 929353
Changes:
 qemu (1:3.1+dfsg-8) unstable; urgency=high
 .
   * sun4u-add-power_mem_read-routine-CVE-2019-5008.patch
     fixes a null-pointer dereference in sparc/sun4u emulated hw
     Closes: #927439, CVE-2019-5008
   * enable-md-no.patch & enable-md-clear.patch
     mitigation for MDS (Microarchitectural Data Sampling) issues
     Closes: #929067,
     CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
   * qxl-check-release-info-object-CVE-2019-12155.patch
     fixes null-pointer deref in qxl cleanup code
     Closes: #929353, CVE-2019-12155
   * aarch42-exception-return-to-switch-from-hyp-mon.patch
     fixes booting U-Boot in UEFI mode on aarch42
     Closes: #927763
   * stop qemu-system-common pre-depending on adduser
     Closes: #929261
Checksums-Sha1:
 6d93e2ebaaa5a4ae25d8029970ec552cbd48b803 6120 qemu_3.1+dfsg-8.dsc
 36a8b215dccf1466557e6d61e26da222ed892efd 87704 qemu_3.1+dfsg-8.debian.tar.xz
 5e5b48914604bf01806ac6ae8af17e5934922bd9 16386 qemu_3.1+dfsg-8_source.buildinfo
Checksums-Sha256:
 75c62145aefd0a2fd3da3531063a5537aa067ec3295c8118e213e28b8b7d8d1b 6120 qemu_3.1+dfsg-8.dsc
 da5b20a6f91c7309b41c809374572282c6addc828838c487158aa46ef8350607 87704 qemu_3.1+dfsg-8.debian.tar.xz
 80739736ddbab9aaa611484e8e90bdb0aa07a9e11b772d6065e630388350ccd1 16386 qemu_3.1+dfsg-8_source.buildinfo
Files:
 8f6cf6785bcd3343cb45f267d0b54adf 6120 otherosfs optional qemu_3.1+dfsg-8.dsc
 9f48a84ab4f55d8dc81b380dfb9e395d 87704 otherosfs optional qemu_3.1+dfsg-8.debian.tar.xz
 3f3475a16a609e4809d8ca91b37100ca 16386 otherosfs optional qemu_3.1+dfsg-8_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQFDBAEBCAAtFiEEe3O61ovnosKJMUsicBtPaxppPlkFAlzrbwAPHG1qdEB0bHMu
bXNrLnJ1AAoJEHAbT2saaT5Z960IAKe0Mwf1xMZRqGGN96lx2cjsiT6fkORjbZsz
VRGpbXVRYU+S6iVZCsN2RkIsKz3gY2q1J6msQLIhBx7iypiAIcJ+/AyJTKngklPd
PNITaSM0W0c23XCzV2+dxKO+Sxsk/X7R+99cfDHcZuivrBFN2wILpLLEd7rdjx0t
QMj9/1lxtRG8gZxkKpHuha1u39DxWCRDd0mMnFk2wqetsijZ64RIDmkJXSjJEDIz
1xLn/b0TzzCPqqbt50Ykq91A96ybobka6SVM5D1nvtsyf6jYitjHriTj4L/4uImC
UnZ6TVnzG/Hr9O5xRqc5TZJvutq/lI/HezUUcYAUkTTcFlqT1D0=
=mC66
-----END PGP SIGNATURE-----

Message #15 received at 929353-close@bugs.debian.org (full text, mbox, reply):

From: Michael Tokarev <mjt@tls.msk.ru>

To: 929353-close@bugs.debian.org

Subject: Bug#929353: fixed in qemu 1:2.8+dfsg-6+deb9u6

Date: Mon, 03 Jun 2019 10:02:18 +0000

Source: qemu
Source-Version: 1:2.8+dfsg-6+deb9u6

We believe that the bug you reported is fixed in the latest version of
qemu, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 929353@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Tokarev <mjt@tls.msk.ru> (supplier of updated qemu package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 29 May 2019 14:39:09 +0300
Source: qemu
Binary: qemu qemu-system qemu-block-extra qemu-system-common qemu-system-misc qemu-system-arm qemu-system-mips qemu-system-ppc qemu-system-sparc qemu-system-x86 qemu-user qemu-user-static qemu-user-binfmt qemu-utils qemu-guest-agent qemu-kvm
Architecture: source
Version: 1:2.8+dfsg-6+deb9u6
Distribution: stretch-security
Urgency: medium
Maintainer: Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>
Changed-By: Michael Tokarev <mjt@tls.msk.ru>
Description:
 qemu       - fast processor emulator
 qemu-block-extra - extra block backend modules for qemu-system and qemu-utils
 qemu-guest-agent - Guest-side qemu-system agent
 qemu-kvm   - QEMU Full virtualization on x86 hardware
 qemu-system - QEMU full system emulation binaries
 qemu-system-arm - QEMU full system emulation binaries (arm)
 qemu-system-common - QEMU full system emulation binaries (common files)
 qemu-system-mips - QEMU full system emulation binaries (mips)
 qemu-system-misc - QEMU full system emulation binaries (miscellaneous)
 qemu-system-ppc - QEMU full system emulation binaries (ppc)
 qemu-system-sparc - QEMU full system emulation binaries (sparc)
 qemu-system-x86 - QEMU full system emulation binaries (x86)
 qemu-user  - QEMU user mode emulation binaries
 qemu-user-binfmt - QEMU user mode binfmt registration for qemu-user
 qemu-user-static - QEMU user mode emulation binaries (static version)
 qemu-utils - QEMU utilities
Closes: 901017 902725 911499 912535 914599 914604 914727 916397 921525 922635 929067 929353
Changes:
 qemu (1:2.8+dfsg-6+deb9u6) stretch-security; urgency=medium
 .
   [ Moritz Mühlenhoff <jmm@debian.org> ]
   * slirp-correct-size-computation-concatenating-mbuf-CVE-2018-11806.patch
     (Closes: #901017, CVE-2018-11806)
   * qga-check-bytes-count-read-by-guest-file-read-CVE-2018-12617.patch
     (Closes: #902725, CVE-2018-12617)
   * usb-mtp-use-O_NOFOLLOW-and-O_CLOEXEC-CVE-2018-16872.patch
     (Closes: #916397, CVE-2018-16872)
   * rtl8139-fix-possible-out-of-bound-access-CVE-2018-17958.patch
     (Closes: #911499, CVE-2018-17958)
   * lsi53c895a-check-message-length-value-is-valid-CVE-2018-18849.patch
     (Closes: #912535, CVE-2018-18849)
   * ppc-pnv-check-size-before-data-buffer-access-CVE-2018-18954.patch
     (Closes: #914604, CVE-2018-18954)
   * 9p-write-lock-path-in-v9fs-co_open2.patch
     9p-take-write-lock-on-fid-path-updates-CVE-2018-19364.patch
     (Closes: #914599, CVE-2018-19364)
   * 9p-fix-QEMU-crash-when-renaming-files-CVE-2018-19489.patch
     (Closes: #914727, CVE-2018-19489)
   * i2c-ddc-fix-oob-read-CVE-2019-3812.patch
     (Closes: #922635, CVE-2019-3812)
   * slirp-check-data-length-while-emulating-ident-function-CVE-2019-6778.patch
     (Closes: #921525, CVE-2019-6778)
   * slirp-check-sscanf-result-when-emulating-ident-CVE-2019-9824.patch
     (Closes: CVE-2019-9824)
 .
   [ Michael Tokarev ]
   * enable-md-clear.patch
     define new CPUID for MDS
     (Closes: #929067)
     (Closes: CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091)
   * qxl-check-release-info-object-CVE-2019-12155.patch
     fixes null-pointer deref in qxl cleanup code
     (Closes: #929353, CVE-2019-12155)
Checksums-Sha1:
 77f1affa75e189d4d4fd18afabecb85029f95ad2 5579 qemu_2.8+dfsg-6+deb9u6.dsc
 a95daacb4ec953c972e6f06fc20b8b2311e13c99 160688 qemu_2.8+dfsg-6+deb9u6.debian.tar.xz
 5ab201d41676fc348109796dab1b77e7ace9a6d6 10688 qemu_2.8+dfsg-6+deb9u6_source.buildinfo
Checksums-Sha256:
 3c478c5b3cf794795c042bfaab007c4c938850461bb675b7bd3935ac4f896857 5579 qemu_2.8+dfsg-6+deb9u6.dsc
 0bf185c3a72d400e82785a82ce91fd7128f87676e7ffa07eeec0c813deb54a19 160688 qemu_2.8+dfsg-6+deb9u6.debian.tar.xz
 faa2372a78580657b43f9f223af24feec00f4f5d7ab0fc9ab6a31bc070d007d5 10688 qemu_2.8+dfsg-6+deb9u6_source.buildinfo
Files:
 f13b237940ede0bf4c7945642471bcbc 5579 otherosfs optional qemu_2.8+dfsg-6+deb9u6.dsc
 6a4872d066b015bdf56e33abdb8de50d 160688 otherosfs optional qemu_2.8+dfsg-6+deb9u6.debian.tar.xz
 a9009de8c777f4dc0e21ba5e2486a0cd 10688 otherosfs optional qemu_2.8+dfsg-6+deb9u6_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQFDBAEBCAAtFiEEe3O61ovnosKJMUsicBtPaxppPlkFAlzudGgPHG1qdEB0bHMu
bXNrLnJ1AAoJEHAbT2saaT5Zt4AIAMZySkKhcHSGSv5vncIrNwXFB9kz8+cnpQnl
BSEclrxy9FskwVuakN7tyHHB9GrhPfnascHbd0+mJIJffWeIr6RxNrcdAEJxspos
xcEVx/0PDe6agrziFMjdciQAbbp/LCsS3p2FLvsIs5q4bD2xjYIKamxBXj48npd5
H1Q+fe/cm4MPiGwhYMhKD4M3nZ6FLafCats1KSMPIJqCAOZDke8PxtEu9Zs23n+q
dQZT3et0ufLFtUCvQJCt/kObetJyKEemBtWmHt0mg27tAmPD8DaU8rC8jMo0WZ8w
v+nAsGPGtqEJsHyFHuK+/b89eCUZTaigbQNVcaRG3mOvpSqX+Zs=
=PcmR
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.