CVE-2018-5748 (https://nvd.nist.gov/vuln/detail/CVE-2018-5748): qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply. CVE-2018-5683 (https://nvd.nist.gov/vuln/detail/CVE-2018-5683): The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation. CVE-2017-18043 (https://nvd.nist.gov/vuln/detail/CVE-2017-18043): Integer overflow in the macro ROUND_UP (n, d) in Quick Emulator (Qemu) allows a user to cause a denial of service (Qemu process crash). CVE-2017-18030 (https://nvd.nist.gov/vuln/detail/CVE-2017-18030): The cirrus_invalidate_region function in hw/display/cirrus_vga.c in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds array access and QEMU process crash) via vectors related to negative pitch. CVE-2017-17381 (https://nvd.nist.gov/vuln/detail/CVE-2017-17381): The Virtio Vring implementation in QEMU allows local OS guest users to cause a denial of service (divide-by-zero error and QEMU process crash) by unsetting vring alignment while updating Virtio rings. CVE-2017-15124 (https://nvd.nist.gov/vuln/detail/CVE-2017-15124): VNC server implementation in Quick Emulator (QEMU) 2.11.0 and older was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client. If the client did not consume these updates, VNC server allocates growing memory to hold onto this data. A malicious remote VNC client could use this flaw to cause DoS to the server host.
Security, CVE-2018-5748 is a libvirt issue, it has nothing to do with qemu. Please open a new security bug for this one.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=725631c3eee62d147ea634c969ab90d1c70f5612 commit 725631c3eee62d147ea634c969ab90d1c70f5612 Author: Matthias Maier <tamiko@gentoo.org> AuthorDate: 2018-02-11 20:16:02 +0000 Commit: Matthias Maier <tamiko@gentoo.org> CommitDate: 2018-02-11 20:27:01 +0000 app-emulation/qemu: version bump to 2.11.0, important security fixes - Added slot operator for libnfs - Added patch for glibc-2.27 compatibility - Added patch for CVE-2017-16845 - Backported upstream msr / spec ctrl patches: 6cfbc54e89 i386: Add EPYC-IBPB CPU model ac96c41354 i386: Add new -IBRS versions of Intel CPU models 1b3420e1c4 i386: Add FEAT_8000_0008_EBX CPUID feature word a2381f0934 i386: Add spec-ctrl CPUID bit a33a2cfe2f i386: Add support for SPEC_CTRL MSR - CVEs addressed by bump: CVE-2017-17381 CVE-2017-18030 CVE-2017-18043 - CVEs addressed by patchset: CVE-2017-15124 CVE-2017-16845 CVE-2018-5683 - CVE-2018-5748 is a libvirt vulnerability, not a qemu issue... Bug: https://bugs.gentoo.org/638506 Bug: https://bugs.gentoo.org/643432 Bug: https://bugs.gentoo.org/646814 Closes: https://bugs.gentoo.org/641100 Closes: https://bugs.gentoo.org/646568 Closes: https://bugs.gentoo.org/646710 Package-Manager: Portage-2.3.24, Repoman-2.3.6 app-emulation/qemu/Manifest | 2 + .../qemu/files/qemu-2.11.0-glibc-2.27.patch | 54 ++ app-emulation/qemu/qemu-2.11.0.ebuild | 803 +++++++++++++++++++++ 3 files changed, 859 insertions(+)}
(In reply to Matthias Maier from comment #1) > Security, > > CVE-2018-5748 is a libvirt issue, it has nothing to do with qemu. Please > open a new security bug for this one. Thank you Matthias, bug 647338 was created for libvirt. Please confirm stabilization call by CCing arches when ready.
Arches, please stabilize =app-emulation/qemu-2.11.0 Target-keywords: amd64 x86
amd64 stable
x86 stable
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f1930d8b843ff1fd0296c6757b540f0ab5e27044 commit f1930d8b843ff1fd0296c6757b540f0ab5e27044 Author: Matthias Maier <tamiko@gentoo.org> AuthorDate: 2018-02-12 22:47:34 +0000 Commit: Matthias Maier <tamiko@gentoo.org> CommitDate: 2018-02-12 22:48:29 +0000 app-emulation/qemu: drop vulnerable version Bug: https://bugs.gentoo.org/646814 Package-Manager: Portage-2.3.24, Repoman-2.3.6 app-emulation/qemu/Manifest | 1 - .../qemu/files/qemu-2.10.1-CVE-2017-15268.patch | 54 -- .../qemu/files/qemu-2.10.1-CVE-2017-15289.patch | 58 -- app-emulation/qemu/qemu-2.10.1-r1.ebuild | 800 --------------------- 4 files changed, 913 deletions(-)}
This issue was resolved and addressed in GLSA 201804-08 at https://security.gentoo.org/glsa/201804-08 by GLSA coordinator Aaron Bauman (b-man).
