[go: up one dir, main page]
Bug 960334 (CVE-2015-8619) - VUL-1: CVE-2015-8619: qemu: stack based OOB write in hmp_sendkey routine
Summary: VUL-1: CVE-2015-8619: qemu: stack based OOB write in hmp_sendkey routine
Status: RESOLVED FIXED
Alias: CVE-2015-8619
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P4 - Low : Minor
Target Milestone: ---
Assignee: Lin Ma
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/160035/
Whiteboard: CVSSv2:RedHat:CVE-2015-8619:2.9:(AV:A...
Keywords:
Depends on:
Blocks:
 
Reported: 2015-12-29 14:29 UTC by Victor Pereira
Modified: 2016-07-11 16:24 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Victor Pereira 2015-12-29 14:29:11 UTC 
rh#1283926

Qemu emulator built with the Human Monitor Interface(HMP) support is vulnerable to an OOB write issue. It occurs while processing 'sendkey' command in hmp_sendkey routine, if the command argument is longer than the 'keyname_buf' buffer size.

A user/process could use this flaw to crash the Qemu process instance resulting in DoS.

Upstream fix:
-------------
  -> https://lists.gnu.org/archive/html/qemu-devel/2015-12/msg02930.html


References:
http://www.openwall.com/lists/oss-security/2015/12/23/1
https://bugzilla.redhat.com/show_bug.cgi?id=1283926
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8619
http://seclists.org/oss-sec/2015/q4/567
http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-8619.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8619
Comment 1 Swamp Workflow Management 2015-12-29 23:00:42 UTC 
bugbot adjusting priority
Comment 2 Bruce Rogers 2016-02-04 22:35:12 UTC 
SLE11-SP3 MR # 93194
SLE11-SP4 MR # 93198
Comment 3 Lin Ma 2016-03-09 06:32:27 UTC 
Close it as fixed
Comment 4 Swamp Workflow Management 2016-03-24 12:13:39 UTC 
SUSE-SU-2016:0873-1: An update that solves 43 vulnerabilities and has 5 fixes is now available.

Category: security (important)
Bug References: 864391,864655,864769,864805,864811,877642,897654,901508,902737,924018,928393,945404,945989,954872,956829,957162,957698,957988,958007,958009,958491,958523,958917,959005,959332,959387,959695,960334,960707,960725,960835,960861,960862,961332,961358,961691,962320,963782,963923,964413,965315,965317,967012,967013,967969,969121,969122,969350
CVE References: CVE-2013-4533,CVE-2013-4534,CVE-2013-4537,CVE-2013-4538,CVE-2013-4539,CVE-2014-0222,CVE-2014-3640,CVE-2014-3689,CVE-2014-7815,CVE-2014-9718,CVE-2015-1779,CVE-2015-5278,CVE-2015-6855,CVE-2015-7512,CVE-2015-7549,CVE-2015-8345,CVE-2015-8504,CVE-2015-8550,CVE-2015-8554,CVE-2015-8555,CVE-2015-8558,CVE-2015-8567,CVE-2015-8568,CVE-2015-8613,CVE-2015-8619,CVE-2015-8743,CVE-2015-8744,CVE-2015-8745,CVE-2015-8817,CVE-2015-8818,CVE-2016-1568,CVE-2016-1570,CVE-2016-1571,CVE-2016-1714,CVE-2016-1922,CVE-2016-1981,CVE-2016-2198,CVE-2016-2270,CVE-2016-2271,CVE-2016-2391,CVE-2016-2392,CVE-2016-2538,CVE-2016-2841
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    xen-4.5.2_06-7.1
SUSE Linux Enterprise Server 12-SP1 (src):    xen-4.5.2_06-7.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    xen-4.5.2_06-7.1
Comment 5 Swamp Workflow Management 2016-04-01 11:16:26 UTC 
openSUSE-SU-2016:0914-1: An update that solves 26 vulnerabilities and has 5 fixes is now available.

Category: security (important)
Bug References: 864391,864655,864769,864805,877642,901508,902737,924018,928393,945404,945989,954872,956829,957162,957698,959332,959695,960334,960707,960725,960835,960861,961332,961358,961691,963782,963923,964413,967012,967013,967969
CVE References: CVE-2013-4533,CVE-2013-4537,CVE-2013-4538,CVE-2013-4539,CVE-2014-0222,CVE-2014-3689,CVE-2014-7815,CVE-2014-9718,CVE-2015-1779,CVE-2015-5278,CVE-2015-6855,CVE-2015-7512,CVE-2015-8345,CVE-2015-8613,CVE-2015-8619,CVE-2015-8743,CVE-2015-8744,CVE-2015-8745,CVE-2016-1568,CVE-2016-1570,CVE-2016-1714,CVE-2016-1981,CVE-2016-2198,CVE-2016-2391,CVE-2016-2392,CVE-2016-2538
Sources used:
openSUSE Leap 42.1 (src):    xen-4.5.2_06-12.1

Product List: openSUSE Leap 42.1
Comment 6 Swamp Workflow Management 2016-04-05 15:12:55 UTC 
SUSE-SU-2016:0955-1: An update that solves 46 vulnerabilities and has 5 fixes is now available.

Category: security (important)
Bug References: 864391,864655,864673,864678,864682,864769,864805,864811,877642,897654,901508,902737,924018,928393,945404,945989,954872,956829,957162,957988,958007,958009,958491,958523,958917,959005,959387,959695,959928,960334,960707,960725,960835,960861,960862,961332,961358,961691,962320,963782,963923,964413,965315,965317,967012,967013,967630,967969,969121,969122,969350
CVE References: CVE-2013-4527,CVE-2013-4529,CVE-2013-4530,CVE-2013-4533,CVE-2013-4534,CVE-2013-4537,CVE-2013-4538,CVE-2013-4539,CVE-2014-0222,CVE-2014-3640,CVE-2014-3689,CVE-2014-7815,CVE-2014-9718,CVE-2015-1779,CVE-2015-5278,CVE-2015-6855,CVE-2015-7512,CVE-2015-7549,CVE-2015-8345,CVE-2015-8504,CVE-2015-8550,CVE-2015-8554,CVE-2015-8555,CVE-2015-8558,CVE-2015-8567,CVE-2015-8568,CVE-2015-8613,CVE-2015-8619,CVE-2015-8743,CVE-2015-8744,CVE-2015-8745,CVE-2015-8817,CVE-2015-8818,CVE-2016-1568,CVE-2016-1570,CVE-2016-1571,CVE-2016-1714,CVE-2016-1922,CVE-2016-1981,CVE-2016-2198,CVE-2016-2270,CVE-2016-2271,CVE-2016-2391,CVE-2016-2392,CVE-2016-2538,CVE-2016-2841
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    xen-4.4.4_02-32.1
SUSE Linux Enterprise Server 11-SP4 (src):    xen-4.4.4_02-32.1
SUSE Linux Enterprise Desktop 11-SP4 (src):    xen-4.4.4_02-32.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    xen-4.4.4_02-32.1
Comment 7 Swamp Workflow Management 2016-04-08 17:11:18 UTC 
openSUSE-SU-2016:0995-1: An update that fixes 33 vulnerabilities is now available.

Category: security (important)
Bug References: 944463,944697,945989,956829,960334,960707,960725,960835,960861,960862,961332,961358,961691,962335,962360,962611,962627,962632,962642,962758,963782,964413,964431,964452,964644,964925,964929,964950,965156,965315,965317,967012,967969
CVE References: CVE-2013-4529,CVE-2013-4530,CVE-2013-4533,CVE-2013-4534,CVE-2013-4537,CVE-2013-4538,CVE-2013-4539,CVE-2014-0222,CVE-2014-3689,CVE-2014-7815,CVE-2014-9718,CVE-2015-1779,CVE-2015-5239,CVE-2015-5278,CVE-2015-6815,CVE-2015-6855,CVE-2015-7512,CVE-2015-8345,CVE-2015-8613,CVE-2015-8619,CVE-2015-8743,CVE-2015-8744,CVE-2015-8745,CVE-2016-1568,CVE-2016-1570,CVE-2016-1571,CVE-2016-1714,CVE-2016-1981,CVE-2016-2198,CVE-2016-2270,CVE-2016-2271,CVE-2016-2392,CVE-2016-2538
Sources used:
openSUSE 13.2 (src):    xen-4.4.4_02-43.1
Comment 8 Swamp Workflow Management 2016-06-13 11:10:58 UTC 
SUSE-SU-2016:1560-1: An update that solves 37 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 886378,895528,901508,928393,934069,940929,944463,947159,958491,958917,959005,959386,960334,960708,960725,960835,961332,961333,961358,961556,961691,962320,963782,964413,967969,969121,969122,969350,970036,970037,975128,975136,975700,976109,978158,978160,980711,980723,981266
CVE References: CVE-2014-3615,CVE-2014-3689,CVE-2014-9718,CVE-2015-3214,CVE-2015-5239,CVE-2015-5745,CVE-2015-7295,CVE-2015-7549,CVE-2015-8504,CVE-2015-8558,CVE-2015-8567,CVE-2015-8568,CVE-2015-8613,CVE-2015-8619,CVE-2015-8743,CVE-2015-8744,CVE-2015-8745,CVE-2015-8817,CVE-2015-8818,CVE-2016-1568,CVE-2016-1714,CVE-2016-1922,CVE-2016-1981,CVE-2016-2198,CVE-2016-2538,CVE-2016-2841,CVE-2016-2857,CVE-2016-2858,CVE-2016-3710,CVE-2016-3712,CVE-2016-4001,CVE-2016-4002,CVE-2016-4020,CVE-2016-4037,CVE-2016-4439,CVE-2016-4441,CVE-2016-4952
Sources used:
SUSE Linux Enterprise Server 12 (src):    qemu-2.0.2-48.19.1
SUSE Linux Enterprise Desktop 12 (src):    qemu-2.0.2-48.19.1
Comment 9 Swamp Workflow Management 2016-06-28 18:10:16 UTC 
SUSE-SU-2016:1698-1: An update that solves 33 vulnerabilities and has three fixes is now available.

Category: security (important)
Bug References: 895528,901508,928393,934069,936132,940929,944463,945404,945987,945989,947159,958491,958917,959005,960334,960725,961332,961333,961358,961556,961691,962320,963782,964413,967969,969350,970036,970037,975128,975136,975700,976109,978158,978160,980711,980723
CVE References: CVE-2014-3615,CVE-2014-3689,CVE-2014-9718,CVE-2015-3214,CVE-2015-5239,CVE-2015-5278,CVE-2015-5279,CVE-2015-5745,CVE-2015-6855,CVE-2015-7295,CVE-2015-7549,CVE-2015-8504,CVE-2015-8558,CVE-2015-8613,CVE-2015-8619,CVE-2015-8743,CVE-2016-1568,CVE-2016-1714,CVE-2016-1922,CVE-2016-1981,CVE-2016-2198,CVE-2016-2538,CVE-2016-2841,CVE-2016-2857,CVE-2016-2858,CVE-2016-3710,CVE-2016-3712,CVE-2016-4001,CVE-2016-4002,CVE-2016-4020,CVE-2016-4037,CVE-2016-4439,CVE-2016-4441
Sources used:
SUSE Linux Enterprise Server 11-SP3-LTSS (src):    kvm-1.4.2-46.1
Comment 10 Swamp Workflow Management 2016-06-29 09:08:55 UTC 
SUSE-SU-2016:1703-1: An update that solves 32 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 886378,940929,958491,958917,959005,959386,960334,960708,960725,960835,961332,961333,961358,961556,961691,962320,963782,964411,964413,967969,969121,969122,969350,970036,970037,975128,975136,975700,976109,978158,978160,980711,980723,981266
CVE References: CVE-2015-5745,CVE-2015-7549,CVE-2015-8504,CVE-2015-8558,CVE-2015-8567,CVE-2015-8568,CVE-2015-8613,CVE-2015-8619,CVE-2015-8743,CVE-2015-8744,CVE-2015-8745,CVE-2015-8817,CVE-2015-8818,CVE-2016-1568,CVE-2016-1714,CVE-2016-1922,CVE-2016-1981,CVE-2016-2197,CVE-2016-2198,CVE-2016-2538,CVE-2016-2841,CVE-2016-2857,CVE-2016-2858,CVE-2016-3710,CVE-2016-3712,CVE-2016-4001,CVE-2016-4002,CVE-2016-4020,CVE-2016-4037,CVE-2016-4439,CVE-2016-4441,CVE-2016-4952
Sources used:
SUSE Linux Enterprise Server 12-SP1 (src):    qemu-2.3.1-14.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    qemu-2.3.1-14.1
Comment 11 Swamp Workflow Management 2016-07-06 20:05:46 UTC 
openSUSE-SU-2016:1750-1: An update that solves 32 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 886378,940929,958491,958917,959005,959386,960334,960708,960725,960835,961332,961333,961358,961556,961691,962320,963782,964411,964413,967969,969121,969122,969350,970036,970037,975128,975136,975700,976109,978158,978160,980711,980723,981266
CVE References: CVE-2015-5745,CVE-2015-7549,CVE-2015-8504,CVE-2015-8558,CVE-2015-8567,CVE-2015-8568,CVE-2015-8613,CVE-2015-8619,CVE-2015-8743,CVE-2015-8744,CVE-2015-8745,CVE-2015-8817,CVE-2015-8818,CVE-2016-1568,CVE-2016-1714,CVE-2016-1922,CVE-2016-1981,CVE-2016-2197,CVE-2016-2198,CVE-2016-2538,CVE-2016-2841,CVE-2016-2857,CVE-2016-2858,CVE-2016-3710,CVE-2016-3712,CVE-2016-4001,CVE-2016-4002,CVE-2016-4020,CVE-2016-4037,CVE-2016-4439,CVE-2016-4441,CVE-2016-4952
Sources used:
openSUSE Leap 42.1 (src):    qemu-2.3.1-15.1, qemu-linux-user-2.3.1-15.1, qemu-testsuite-2.3.1-15.2
Comment 12 Swamp Workflow Management 2016-07-11 14:42:24 UTC 
SUSE-SU-2016:1785-1: An update that solves 33 vulnerabilities and has three fixes is now available.

Category: security (important)
Bug References: 895528,901508,928393,934069,936132,940929,944463,945404,945987,945989,947159,958491,958917,959005,960334,960725,961332,961333,961358,961556,961691,962320,963782,964413,967969,969350,970036,970037,975128,975136,975700,976109,978158,978160,980711,980723
CVE References: CVE-2014-3615,CVE-2014-3689,CVE-2014-9718,CVE-2015-3214,CVE-2015-5239,CVE-2015-5278,CVE-2015-5279,CVE-2015-5745,CVE-2015-6855,CVE-2015-7295,CVE-2015-7549,CVE-2015-8504,CVE-2015-8558,CVE-2015-8613,CVE-2015-8619,CVE-2015-8743,CVE-2016-1568,CVE-2016-1714,CVE-2016-1922,CVE-2016-1981,CVE-2016-2198,CVE-2016-2538,CVE-2016-2841,CVE-2016-2857,CVE-2016-2858,CVE-2016-3710,CVE-2016-3712,CVE-2016-4001,CVE-2016-4002,CVE-2016-4020,CVE-2016-4037,CVE-2016-4439,CVE-2016-4441
Sources used:
SUSE Linux Enterprise Server 11-SP4 (src):    kvm-1.4.2-44.1