Summary: | app-emulation/qemu-{0.11.1,kvm-1.0-r3} "process_tx_desc()" Buffer Overflow Vulnerability (CVE-2012-0029) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | lu_zero, qemu+disabled, slyfox |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://secunia.com/advisories/47740/ | ||
Whiteboard: | B1 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 373997 | ||
Bug Blocks: |
Description
Agostino Sarubbo
2012-01-24 13:09:32 UTC
@qemu: Sorry for extra works, please check if this vulnerability is verified also in 0.x version. - If yes we must stabilize a new revision that will contains the fix. - If not you should only bump an updated version of 1.x, no stabilization needed For qemu-kvm-1.0, this is fixed in qemu-kvm-1.0-r2. (In reply to comment #1) > @qemu: > > Sorry for extra works, please check if this vulnerability is verified also in > 0.x version. > - If yes we must stabilize a new revision that will contains the fix. > - If not you should only bump an updated version of 1.x, no stabilization > needed It affects all back versions as far as I can tell. Am I correct in thinking this is fixed in both qemu-1.0-r2 and qemu-kvm-1.0-r2? If so, shall we move forward with stabilization? Thanks! (In reply to comment #4) > Am I correct in thinking this is fixed in both qemu-1.0-r2 and qemu-kvm-1.0-r2? > If so, shall we move forward with stabilization? Thanks! Yes, you are correct. > > Am I correct in thinking this is fixed in both qemu-1.0-r2 and qemu-kvm-1.0-r2?
> > If so, shall we move forward with stabilization? Thanks!
>
> Yes, you are correct.
I ask for stable keywords for
=app-emulation/qemu-0.11.1-r1
for arches:
x86 amd64
It's a qemu-0.11.1 with security patch on top, so some QA problems
are still in place.
I am sticking with old 0.11.1 version as it's the latest version
supporting kqemu.
Well it was my intent (qemu-kvm maintainer) and lu_zero's (qemu maintainer) intent to drop app-emulation/qemu from the tree entirely with the release of app-emulation/qemu-kvm. qemu is staying around mostly for qemu-user usage. We might drop qemu and use just qemu-kvm and qemu-user-static since those are the main usages. CVE-2012-0029 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0029): Heap-based buffer overflow in the process_tx_desc function in the e1000 emulation (hw/e1000.c) in qemu-kvm 0.12, and possibly other versions, allows guest OS users to cause a denial of service (QEMU crash) and possibly execute arbitrary code via crafted legacy mode packets. Added to pending GLSA request. stabilize: app-emulation/qemu-kvm-1.0-r3 (as requested in bug #373997) target keywords: amd64 x86 Hi, this is not fixed in 1.0-r3, but in 1.0.1! http://wiki.qemu.org/ChangeLog/1.0#1.0.1 -> "e1000: bounds packet size against buffer size" -> http://repo.or.cz/w/qemu.git/commitdiff/d0ed2d2 Oh my. It's actually fixed with qemu-kvm-1.0-e1000-bounds-packet-size-against-buffer-size.patch, I just made a mistake when unpacking. Ignore the last message, sorry for bugspam. Moved to [glsa]. If I am puzzling this out correctly, we stabilized a fixed qemu-kvm, =app-emulation/qemu-kvm-1.0-r3, in bug 373997, and a fixed qemu, =app-emulation/qemu-0.11.1, via bug 356685. This issue was resolved and addressed in GLSA 201210-04 at http://security.gentoo.org/glsa/glsa-201210-04.xml by GLSA coordinator Stefan Behte (craig). |