Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 664740 (CVE-2018-15746) - <app-emulation/qemu-3.1.0: seccomp: blacklist is not applied to all threads
Summary: <app-emulation/qemu-3.1.0: seccomp: blacklist is not applied to all threads
Status: RESOLVED FIXED
Alias: CVE-2018-15746
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: http://www.openwall.com/lists/oss-sec...
Whiteboard: B3 [noglsa cve]
Keywords:
Depends on: CVE-2018-20123
Blocks:
  Show dependency tree
 
Reported: 2018-08-28 12:15 UTC by Agostino Sarubbo
Modified: 2019-03-27 04:11 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2018-08-28 12:15:23 UTC
From ${URL} :

An issue was found in the way QEMU implements Seccomp sandboxing. In that, all 
QEMU threads are not bound by the sandbox. A guest user/process maybe be able 
to use this flaw to crash a guest resulting in DoS.

Upstream patch:
---------------
   -> https://lists.gnu.org/archive/html/qemu-devel/2018-08/msg04892.html

Reference:
----------
   -> https://lists.gnu.org/archive/html/qemu-devel/2018-08/msg02289.html

'CVE-2018-15746' assigned via -> https://cveform.mitre.org/


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Larry the Git Cow gentoo-dev 2018-12-19 21:47:09 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=40e4d2a3c32609b313962224ee9d2a96075734b8

commit 40e4d2a3c32609b313962224ee9d2a96075734b8
Author:     Matthias Maier <tamiko@gentoo.org>
AuthorDate: 2018-12-19 21:11:21 +0000
Commit:     Matthias Maier <tamiko@gentoo.org>
CommitDate: 2018-12-19 21:46:41 +0000

    app-emulation/qemu: version bump to 3.1.0
    
     - use RESTRICT=strip, bug #651422
    
     - switch to tar.xz, bug #666726
    
     - add missing use constraints, bug #664474
    
       qemu_softmmu_targets_riscv32? ( fdt )
       qemu_softmmu_targets_riscv64? ( fdt )
    
     - 3.1.0 already contains patches for CVE-2018-15746
    
     - applied patch for CVE-2018-20123
    
     - disable bt subsystem entirely as a "workaround" for CVE-2018-19665.
    
       Upstream deprecated the subsystem in November and states that it had
       been dysfunctional for years with likely no users.
    
    Bug: https://bugs.gentoo.org/664740
    Bug: https://bugs.gentoo.org/672346
    Bug: https://bugs.gentoo.org/673108
    Closes: https://bugs.gentoo.org/651422
    Closes: https://bugs.gentoo.org/664474
    Closes: https://bugs.gentoo.org/666726
    Package-Manager: Portage-2.3.52, Repoman-2.3.12
    Signed-off-by: Matthias Maier <tamiko@gentoo.org>

 app-emulation/qemu/Manifest                        |   1 +
 .../qemu/files/qemu-3.1.0-CVE-2018-20123.patch     |  35 +
 app-emulation/qemu/files/qemu-binfmt.initd.head    |   2 +-
 app-emulation/qemu/qemu-2.12.0-r3.ebuild           |   2 +-
 app-emulation/qemu/qemu-2.12.1.ebuild              |   2 +-
 app-emulation/qemu/qemu-3.1.0.ebuild               | 821 +++++++++++++++++++++
 6 files changed, 860 insertions(+), 3 deletions(-)
Comment 2 Yury German Gentoo Infrastructure gentoo-dev Security 2019-03-27 04:11:56 UTC
GLSA Vote: No
Arches and Maintainer(s), Thank you for your work.