| Summary: | <app-emulation/qemu-2.9.0-r55: slirp: out-of-bounds read while parsing dhcp options | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | minor | Flags: | stable-bot:
sanity-check+
|
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1472611 | ||
| Whiteboard: | B3 [noglsa cve] | ||
| Package list: |
=app-emulation/qemu-2.9.0-r56
=sys-firmware/edk2-ovmf-2017_pre20170505
=sys-firmware/seabios-1.10.2
|
Runtime testing required: | No |
| Bug Depends on: | |||
| Bug Blocks: | 621184, 621292, 623016, 624088, 625390 | ||
commit e67f10960bca69fdede54d77eb54c4ab72b98d08 Author: Matthias Maier <tamiko@gentoo.org> Date: Wed Jul 26 12:10:46 2017 -0500 app-emulation/qemu: security fixes CVE-2017-11334, bug #621292 CVE-2017-11434, bug #625614 CVE-2017-9503, bug #621184 CVE-2017-9524, bug #621292 Package-Manager: Portage-2.3.6, Repoman-2.3.3 @arches, please stabilize. An automated check of this bug failed - repoman reported dependency errors (41 lines truncated):
> dependency.bad app-emulation/qemu/qemu-2.9.0-r56.ebuild: DEPEND: amd64(default/linux/amd64/13.0) ['~sys-firmware/edk2-ovmf-2017_pre20170505[binary]', '~sys-firmware/seabios-1.10.2[binary,seavgabios]', 'sys-firmware/edk2-ovmf', '>=sys-firmware/seabios-1.10.2[seavgabios]']
> dependency.bad app-emulation/qemu/qemu-2.9.0-r56.ebuild: RDEPEND: amd64(default/linux/amd64/13.0) ['~sys-firmware/edk2-ovmf-2017_pre20170505[binary]', '~sys-firmware/seabios-1.10.2[binary,seavgabios]', 'sys-firmware/edk2-ovmf', '>=sys-firmware/seabios-1.10.2[seavgabios]']
> dependency.bad app-emulation/qemu/qemu-2.9.0-r56.ebuild: DEPEND: amd64(default/linux/amd64/13.0/desktop) ['~sys-firmware/edk2-ovmf-2017_pre20170505[binary]', '~sys-firmware/seabios-1.10.2[binary,seavgabios]', 'sys-firmware/edk2-ovmf', '>=sys-firmware/seabios-1.10.2[seavgabios]']
Updated package list. An automated check of this bug succeeded - the previous repoman errors are now resolved. (In reply to Matthias Maier from comment #4) > Updated package list. thanks. commit 64084b9d4552b611da76774bedf98f180067f43d (HEAD -> master, origin/master, origin/HEAD) Author: Matthias Maier <tamiko@gentoo.org> Date: Thu Aug 31 20:09:04 2017 -0500 app-emulation/qemu: drop vulnerable 2.9.0-r2, bug #625614 Package-Manager: Portage-2.3.6, Repoman-2.3.3 commit bf14d3508d91a707aa4615c5a2d7940fc94b1f5a Author: Matthias Maier <tamiko@gentoo.org> Date: Thu Aug 31 20:07:37 2017 -0500 app-emulation/qemu: stabilize on amd64, x86, bug #625614 Package-Manager: Portage-2.3.6, Repoman-2.3.3 commit 076cda37021c624dff310d7b26ada9a47e51fe3e Author: Matthias Maier <tamiko@gentoo.org> Date: Thu Aug 31 20:06:08 2017 -0500 sys-firmware/seabios: stabilize on amd64, x86, bug #625614 Package-Manager: Portage-2.3.6, Repoman-2.3.3 commit edfe027b092f6558fa96ff761c91547fd2d5a7a9 Author: Matthias Maier <tamiko@gentoo.org> Date: Thu Aug 31 20:04:00 2017 -0500 sys-firmware/edk2-ovmf: stabilize on amd64, x86, bug #625614 Package-Manager: Portage-2.3.6, Repoman-2.3.3 @Arches please test and mark stable. Gentoo Security Padawan ChrisADR already stabilized by tamiko. GLSA Vote: No |
From ${URL} : Quick emulator(Qemu) built with the BOOTP/DHCP Server support is vulnerable to an OOB read issue. It could occur while parsing the DHCP options and vendor extensions options sent by a client. A user/process could use this flaw to potentially crash the Qemu process on the host resulting in DoS. Upstream patch: --------------- -> https://lists.gnu.org/archive/html/qemu-devel/2017-07/msg05001.html Reference: ---------- -> http://www.openwall.com/lists/oss-security/2017/07/19/2 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.