Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 505946 (CVE-2014-0142) - <app-emulation/qemu-2.0.0: multiple vulnerabilities (CVE-2014-{0142,0143,0144,0145,0146,0147})
Summary: <app-emulation/qemu-2.0.0: multiple vulnerabilities (CVE-2014-{0142,0143,0144...
Alias: CVE-2014-0142
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
Whiteboard: B2 [glsa]
: 506564 (view as bug list)
Depends on:
Reported: 2014-03-27 09:31 UTC by Agostino Sarubbo
Modified: 2014-08-31 11:30 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2014-03-27 09:31:56 UTC
From ${URL} :

Several missing input validation bugs in QEMU's disk image format code
have been fixed.

CVEs are as follows:
parallels: Sanity check for s->tracks (CVE-2014-0142)
parallels: Fix catalog size integer overflow (CVE-2014-0143)
qcow2: Check maximum L1 size in qcow2_snapshot_load_tmp() (CVE-2014-0143)
qcow2: Fix L1 allocation size in qcow2_snapshot_load_tmp() (CVE-2014-0145)
qcow2: Fix NULL dereference in qcow2_open() error path (CVE-2014-0146)
block: Limit request size (CVE-2014-0143)
dmg: prevent chunk buffer overflow (CVE-2014-0145)
dmg: sanitize chunk length and sectorcount (CVE-2014-0145)
qcow2: Fix new L1 table size check (CVE-2014-0143)
qcow2: Avoid integer overflow in get_refcount (CVE-2014-0143)
qcow2: Don't rely on free_cluster_index in alloc_refcount_block() (CVE-2014-0147)
qcow2: Validate active L1 table offset and size (CVE-2014-0144)
qcow2: Validate snapshot table offset/size (CVE-2014-0144)
qcow2: Check refcount table size (CVE-2014-0144)
qcow2: Check backing_file_offset (CVE-2014-0144)
qcow2: Check header_length (CVE-2014-0144)
curl: check data size before memcpy to local buffer.  (CVE-2014-0144)
vhdx: Bounds checking for block_size and logical_sector_size (CVE-2014-0148)
vdi: add bounds checks for blocks_in_image and disk_size header fields (CVE-2014-0144)
vpc: Validate block size (CVE-2014-0142)
vpc/vhd: add bounds check for max_table_entries and block_size (CVE-2014-0144)
bochs: Check extent_size header field (CVE-2014-0142)
bochs: Check catalog_size header field (CVE-2014-0143)
bochs: Use unsigned variables for offsets and sizes (CVE-2014-0147)
block/cloop: refuse images with bogus offsets (CVE-2014-0144)
block/cloop: refuse images with huge offsets arrays (CVE-2014-0144)
block/cloop: prevent offsets_size integer overflow (CVE-2014-0143)
block/cloop: validate block_size header field (CVE-2014-0144)

Patches are available here:

Patches will be in the upcoming QEMU 2.0 release and a QEMU 1.7.2
stable release is also planned.  You are welcome to join #qemu on or the mailing list if you need more

@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Agostino Sarubbo gentoo-dev 2014-04-02 14:20:58 UTC
*** Bug 506564 has been marked as a duplicate of this bug. ***
Comment 2 SpanKY gentoo-dev 2014-06-06 01:23:31 UTC
these are all fixed in the 2.0.0 release
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2014-08-30 01:09:24 UTC
This issue was resolved and addressed in
 GLSA 201408-17 at
by GLSA coordinator Kristian Fiskerstrand (K_F).
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2014-08-31 11:30:49 UTC
This issue was resolved and addressed in
 GLSA 201408-17 at
by GLSA coordinator Kristian Fiskerstrand (K_F).