Debian Bug report logs -
#809313
CVE-2015-8701: net: rocker: incorrect array bounds check
Reported by: Michael Tokarev <mjt@tls.msk.ru>
Date: Tue, 29 Dec 2015 09:21:06 UTC
Severity: important
Tags: patch, security, upstream
Found in version qemu/1:2.4+dfsg-1
Fixed in version qemu/1:2.5+dfsg-3
Done: Michael Tokarev <mjt@tls.msk.ru>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>:
Bug#809313; Package src:qemu.
(Tue, 29 Dec 2015 09:21:09 GMT) (full text, mbox, link).
Acknowledgement sent
to Michael Tokarev <mjt@tls.msk.ru>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>.
(Tue, 29 Dec 2015 09:21:09 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: qemu
Version: 1:2.4+dfsg-1
Severity: important
Tags: security patch upstream
CVE-2015-8701 has been reported against qemu.
http://www.openwall.com/lists/oss-security/2015/12/28/6 :
Qemu emulator built with the Rocker switch emulation support is vulnerable
to an off-by-one error. It happens while processing transmit(tx) descriptors
in 'tx_consume' routine, if a descriptor was to have more than allowed
(ROCKER_TX_FRAGS_MAX=16) fragments.
A privileged user inside guest could use this flaw to cause memory leakage
on the host or crash the Qemu process instance resulting in DoS issue.
Upstream patch:
- ---------------
-> https://lists.gnu.org/archive/html/qemu-devel/2015-12/msg04629.html
Reference:
- ----------
-> https://bugzilla.redhat.com/show_bug.cgi?id=1286971
This issue was discovered by Mr Qinghao Tang of Qihoo 360 Inc.
rocker is an ethernet switch device introduced after qemu 2.3.
Added tag(s) pending.
Request was from <mjt@tls.msk.ru>
to control@bugs.debian.org.
(Sun, 10 Jan 2016 08:12:21 GMT) (full text, mbox, link).
Reply sent
to Michael Tokarev <mjt@tls.msk.ru>:
You have taken responsibility.
(Sun, 10 Jan 2016 09:39:17 GMT) (full text, mbox, link).
Notification sent
to Michael Tokarev <mjt@tls.msk.ru>:
Bug acknowledged by developer.
(Sun, 10 Jan 2016 09:39:17 GMT) (full text, mbox, link).
Message #12 received at 809313-close@bugs.debian.org (full text, mbox, reply):
Source: qemu
Source-Version: 1:2.5+dfsg-3
We believe that the bug you reported is fixed in the latest version of
qemu, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 809313@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Tokarev <mjt@tls.msk.ru> (supplier of updated qemu package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sun, 10 Jan 2016 10:59:46 +0300
Source: qemu
Binary: qemu qemu-system qemu-block-extra qemu-system-common qemu-system-misc qemu-system-arm qemu-system-mips qemu-system-ppc qemu-system-sparc qemu-system-x86 qemu-user qemu-user-static qemu-user-binfmt qemu-utils qemu-guest-agent qemu-kvm
Architecture: source
Version: 1:2.5+dfsg-3
Distribution: unstable
Urgency: high
Maintainer: Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>
Changed-By: Michael Tokarev <mjt@tls.msk.ru>
Description:
qemu - fast processor emulator
qemu-block-extra - extra block backend modules for qemu-system and qemu-utils
qemu-guest-agent - Guest-side qemu-system agent
qemu-kvm - QEMU Full virtualization on x86 hardware
qemu-system - QEMU full system emulation binaries
qemu-system-arm - QEMU full system emulation binaries (arm)
qemu-system-common - QEMU full system emulation binaries (common files)
qemu-system-mips - QEMU full system emulation binaries (mips)
qemu-system-misc - QEMU full system emulation binaries (miscelaneous)
qemu-system-ppc - QEMU full system emulation binaries (ppc)
qemu-system-sparc - QEMU full system emulation binaries (sparc)
qemu-system-x86 - QEMU full system emulation binaries (x86)
qemu-user - QEMU user mode emulation binaries
qemu-user-binfmt - QEMU user mode binfmt registration for qemu-user
qemu-user-static - QEMU user mode emulation binaries (static version)
qemu-utils - QEMU utilities
Closes: 808145 809232 809313
Changes:
qemu (1:2.5+dfsg-3) unstable; urgency=high
.
[ Aurelien Jarno ]
* debian/copyright: fix a spelling error reported by lintian: dependecy -> dependency.
.
[ Michael Tokarev ]
* net-vmxnet3-avoid-memory-leakage-in-activate_device-CVE-2015-8567-CVE-2015-8568.patch
(Closes: #808145, CVE-2015-8567, CVE-2015-8568)
* scsi-initialise-info-object-with-appropriate-size-CVE-2015-8613.patch
(Closes: #809232, CVE-2015-8613)
* net-rocker-fix-an-incorrect-array-bounds-check-CVE-2015-8701.patch
(Closes: #809313, CVE-2015-8701)
Checksums-Sha1:
a4f9e78e9e91a8af1b01bd4b45f0e81b8322b3d8 5373 qemu_2.5+dfsg-3.dsc
98daa24800c0ce7f9fd1c5206a2133a51238b90b 65796 qemu_2.5+dfsg-3.debian.tar.xz
Checksums-Sha256:
9b603402456356d0fb862afd7858a62026d55074da4ee2d8c8ca0948d9cd1f21 5373 qemu_2.5+dfsg-3.dsc
2dfe3f81ad142e98b5e392c77c937f02b0c55a13526a0d872aeae412aa19135d 65796 qemu_2.5+dfsg-3.debian.tar.xz
Files:
4d64d5ca1449d486fe3905c94b8c425d 5373 otherosfs optional qemu_2.5+dfsg-3.dsc
359aa08f0e2bc8b002166a89399b0de6 65796 otherosfs optional qemu_2.5+dfsg-3.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJWkg+ZAAoJEL7lnXSkw9fbyI4H/19R4Hr535vQQQKSPYP9yj51
aJc8LgGFEHXFMrtcsoHhy2WC3aN8rI3O04mn+fPxMpQrKOjmLaDa6FNZAu50jNn7
2N98aFgjE35APoCwK1I+U+ZGRE6+9DkSYF0DuMFcU9p5laQH/W9p/PsDeNCPsmMm
ZzDsVmqDzdZJevWW8xwAASQ+hiC364jmocijSj+YyMMtp4uADeaWGYV1N+jut+lF
aFwyhP/syvccXDSKFTyfTLrm1fI0UfW+fWlz6qHGAVwKgDdUlellcUuaiHSYvMVz
gZ5oxBCSu9J9KM6FUSWIxgoH2Y3Zn/WCTf249vDcM6/uqP50yCeSg46EpCA3XK8=
=inB7
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Wed, 02 Mar 2016 07:26:55 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 15:04:57 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon