From ${URL} : Qemu emulator built with the NE2000 NIC emulation support is vulnerable to an infinite loop issue. It could occur when receiving packets over the network. A privileged user inside guest could use this flaw to crash the Qemu instance resulting in DoS. Upstream patch: --------------- -> https://lists.gnu.org/archive/html/qemu-devel/2016-02/msg00340.html @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
*** Bug 576264 has been marked as a duplicate of this bug. ***
fix is still under debate. referenced patch is an incomplete fix.
(In reply to SpanKY from comment #2) > fix is still under debate. referenced patch is an incomplete fix. I didn't full understand. Do you mean that this commit http://git.qemu.org/?p=qemu.git;a=commitdiff;h=415ab35a441eca767d033a2702223e785b9d5190 is an incomplete fix?
(In reply to Agostino Sarubbo from comment #3) he posted: > Okay. Though I'm not sure if it's the right place for it, because more > than buffer is full, it says buffer does not exist. but if that's all they plan on merging for now, then i guess that's it.
i've added that to 2.5.0-r3 now https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5ffdef327ca2184359715dccb7a74373ef3d6a78
@arches, please stabilize: =app-emulation/qemu-2.5.0-r3
I apologize for the bug spam but a little more digging lead to a tested patch. (In reply to SpanKY from comment #4) > (In reply to Agostino Sarubbo from comment #3) > > he posted: > > Okay. Though I'm not sure if it's the right place for it, because more > > than buffer is full, it says buffer does not exist. > > but if that's all they plan on merging for now, then i guess that's it. @Mike, here is the tested patch for your review and implementation. Thank you. https://lists.gnu.org/archive/html/qemu-devel/2016-02/msg05546.html
(In reply to Aaron Bauman from comment #7) that was the one Agostino & i were discussing and is already merged ...
(In reply to SpanKY from comment #8) > (In reply to Aaron Bauman from comment #7) > > that was the one Agostino & i were discussing and is already merged ... My apologies. I should have caught that. @arches, please stabilize: =app-emulation/qemu-2.5.0-r3
amd64 stable
x86 stable. Maintainer(s), please cleanup.
@maintainers, please cleanup or let us know if there is more time needed.
CVE-2016-2841 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2841): The ne2000_receive function in the NE2000 NIC emulation support (hw/net/ne2000.c) in QEMU before 2.5.1 allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via crafted values for the PSTART and PSTOP registers, involving ring buffer control.
commit 01e6cb9bcad3046a7223e31c4b533485d6ca0877 Author: Matthias Maier <tamiko@gentoo.org> Date: Sun Sep 4 22:58:05 2016 -0500 app-emulation/qemu: remove vulnerable 2.5.0 Package-Manager: portage-2.2.28
This issue was resolved and addressed in GLSA 201609-01 at https://security.gentoo.org/glsa/201609-01 by GLSA coordinator Yury German (BlueKnight).
