| Summary: | <app-emulation/qemu-2.10.0: Slirp: use-after-free when sending response | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | minor | CC: | qemu+disabled |
| Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1486400 | ||
| Whiteboard: | B3 [noglsa cve] | ||
| Package list: |
=app-emulation/qemu-2.10.0
|
Runtime testing required: | Yes |
| Bug Depends on: | |||
| Bug Blocks: | 628498, 629316 | ||
Upstream patch applied to 2.10.0 version bump commit ecbdc929ac2d3b34812aa3b3ac07054198a0547c Author: Matthias Maier <tamiko@gentoo.org> Date: Thu Aug 31 20:31:14 2017 -0500 app-emulation/qemu: version bump to 2.10.0, bug #629350 This version bump also addresses a number of security issues CVE-2017-12809, bug #628498 CVE-2017-13673, bug #629316 CVE-2017-13711, bug #629350 Package-Manager: Portage-2.3.6, Repoman-2.3.3 Let's stabilize in a couple of days, not immediately. Arches, please stabilize app-emulation/qemu-2.10.0 amd64 tested, ok amd64 stable Qemu 2.10 breaks Windows guests. Broke mine Win10. Thread on qemu-devel: https://lists.gnu.org/archive/html/qemu-devel/2017-09/msg01695.html Qemu 2.10 breaks Windows guests. Broke mine Win10. Thread on qemu-devel: https://lists.gnu.org/archive/html/qemu-devel/2017-09/msg01695.html x86 stable @ Maintainer(s): Please cleanup and drop <app-emulation/qemu-2.10.0! The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d18e62cc49c851c9d5cd857913318f8c90488f50 commit d18e62cc49c851c9d5cd857913318f8c90488f50 Author: Matthias Maier <tamiko@gentoo.org> AuthorDate: 2017-11-12 19:42:32 +0000 Commit: Matthias Maier <tamiko@gentoo.org> CommitDate: 2017-11-12 19:43:52 +0000 app-emulation/qemu: drop vulnerable, bug #629350 Bug: https://bugs.gentoo.org/629350 Package-Manager: Portage-2.3.8, Repoman-2.3.4 app-emulation/qemu/Manifest | 1 - app-emulation/qemu/qemu-2.9.0-r56.ebuild | 793 ------------------------------ app-emulation/qemu/qemu-2.9.0-r57.ebuild | 796 ------------------------------- 3 files changed, 1590 deletions(-)} Security, please vote on glsa. (In reply to Matthias Maier from comment #10) > Security, please vote on glsa. Thank you tamiko. Closing as fixed GLSA Vote: No |
From ${URL} : Quick emulator(Qemu) built with the Slirp networking support is vulnerable to an use-after-free issue. It occurs due to Socket referenced from multiple packets is freed while responding to a message. A user/process could use this flaw to crash the Qemu process on the host resulting in DoS. Upstream patch: --------------- -> https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg05201.html Reference: ---------- -> http://www.openwall.com/lists/oss-security/2017/08/29/6 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.