| Summary: | <app-emulation/qemu-2.0.0: multiple vulnerabilities (CVE-2014-{0142,0143,0144,0145,0146,0147}) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | cardoe, himbeere, qemu+disabled |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://www.openwall.com/lists/oss-security/2014/03/26/8 | ||
| Whiteboard: | B2 [glsa] | ||
| Package list: | Runtime testing required: | --- | |
*** Bug 506564 has been marked as a duplicate of this bug. *** these are all fixed in the 2.0.0 release This issue was resolved and addressed in GLSA 201408-17 at http://security.gentoo.org/glsa/glsa-201408-17.xml by GLSA coordinator Kristian Fiskerstrand (K_F). This issue was resolved and addressed in GLSA 201408-17 at http://security.gentoo.org/glsa/glsa-201408-17.xml by GLSA coordinator Kristian Fiskerstrand (K_F). |
From ${URL} : Hi, Several missing input validation bugs in QEMU's disk image format code have been fixed. CVEs are as follows: parallels: Sanity check for s->tracks (CVE-2014-0142) parallels: Fix catalog size integer overflow (CVE-2014-0143) qcow2: Check maximum L1 size in qcow2_snapshot_load_tmp() (CVE-2014-0143) qcow2: Fix L1 allocation size in qcow2_snapshot_load_tmp() (CVE-2014-0145) qcow2: Fix NULL dereference in qcow2_open() error path (CVE-2014-0146) block: Limit request size (CVE-2014-0143) dmg: prevent chunk buffer overflow (CVE-2014-0145) dmg: sanitize chunk length and sectorcount (CVE-2014-0145) qcow2: Fix new L1 table size check (CVE-2014-0143) qcow2: Avoid integer overflow in get_refcount (CVE-2014-0143) qcow2: Don't rely on free_cluster_index in alloc_refcount_block() (CVE-2014-0147) qcow2: Validate active L1 table offset and size (CVE-2014-0144) qcow2: Validate snapshot table offset/size (CVE-2014-0144) qcow2: Check refcount table size (CVE-2014-0144) qcow2: Check backing_file_offset (CVE-2014-0144) qcow2: Check header_length (CVE-2014-0144) curl: check data size before memcpy to local buffer. (CVE-2014-0144) vhdx: Bounds checking for block_size and logical_sector_size (CVE-2014-0148) vdi: add bounds checks for blocks_in_image and disk_size header fields (CVE-2014-0144) vpc: Validate block size (CVE-2014-0142) vpc/vhd: add bounds check for max_table_entries and block_size (CVE-2014-0144) bochs: Check extent_size header field (CVE-2014-0142) bochs: Check catalog_size header field (CVE-2014-0143) bochs: Use unsigned variables for offsets and sizes (CVE-2014-0147) block/cloop: refuse images with bogus offsets (CVE-2014-0144) block/cloop: refuse images with huge offsets arrays (CVE-2014-0144) block/cloop: prevent offsets_size integer overflow (CVE-2014-0143) block/cloop: validate block_size header field (CVE-2014-0144) Patches are available here: https://lists.gnu.org/archive/html/qemu-devel/2014-03/msg04994.html Patches will be in the upcoming QEMU 2.0 release and a QEMU 1.7.2 stable release is also planned. You are welcome to join #qemu on irc.oftc.net or the qemu-devel@...gnu.org mailing list if you need more information. @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.