Bug 1073489 (CVE-2017-15124)

Summary: VUL-0: CVE-2017-15124 kvm,qemu: Memory exhaustion through framebuffer update request message in VNC server
Product: [Novell Products] SUSE Security Incidents Reporter: Alexander Bergmann <abergmann>
Component: IncidentsAssignee: Liang Yan <lyan>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: lyan, smash_bz
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/196850/
Whiteboard: CVSSv3:RedHat:CVE-2017-15124:3.5:(AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L) CVSSv2:SUSE:CVE-2017-15124:4.9:(AV:N/AC:H/Au:S/C:N/I:N/A:C) CVSSv2:RedHat:CVE-2017-15124:2.1:(AV:N/AC:H/Au:S/C:N/I:N/A:P) CVSSv3:SUSE:CVE-2017-15124:5.3:(AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H) CVSSv2:NVD:CVE-2017-15124:7.8:(AV:N/AC:L/Au:N/C:N/I:N/A:C)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Alexander Bergmann 2017-12-19 10:49:23 UTC 
rh#1525195

A flaw was found in QEMU VNC server. A remote client can trigger an unbounded memory usage through the framebuffer update request message leading to denial of service.

Upstream patch set:
-------------------
  -> https://lists.gnu.org/archive/html/qemu-devel/2017-12/msg03715.html
  -> https://lists.gnu.org/archive/html/qemu-devel/2017-12/msg03713.html
  -> https://lists.gnu.org/archive/html/qemu-devel/2017-12/msg03711.html

Thread:
  -> https://lists.gnu.org/archive/html/qemu-devel/2017-12/msg03705.html

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1525195
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15124
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15124
Comment 1 Liang Yan 2018-01-24 22:10:08 UTC 
Patch is pulled into upstream

commit 7398166ddf7c6dbbc9cae6ac69bb2feda14b40ac
Merge: a3380cf658 30b80fd526
Author: Peter Maydell <peter.maydell@linaro.org>
Date:   Fri Jan 12 16:01:30 2018 +0000

    Merge remote-tracking branch 'remotes/kraxel/tags/vnc-20180112-pull-request'
 into staging
Comment 2 Swamp Workflow Management 2018-03-21 20:08:14 UTC 
SUSE-SU-2018:0762-1: An update that solves 8 vulnerabilities and has four fixes is now available.

Category: security (important)
Bug References: 1040202,1068032,1068613,1070144,1071228,1073489,1074572,1076114,1076775,1076813,1082276,1083291
CVE References: CVE-2017-15119,CVE-2017-15124,CVE-2017-16845,CVE-2017-17381,CVE-2017-18043,CVE-2017-5715,CVE-2018-5683,CVE-2018-7550
Sources used:
SUSE Linux Enterprise Server 12-SP3 (src):    qemu-2.9.1-6.12.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    qemu-2.9.1-6.12.1
SUSE CaaS Platform ALL (src):    qemu-2.9.1-6.12.1
Comment 3 Swamp Workflow Management 2018-03-22 23:08:02 UTC 
openSUSE-SU-2018:0780-1: An update that solves 8 vulnerabilities and has four fixes is now available.

Category: security (important)
Bug References: 1040202,1068032,1068613,1070144,1071228,1073489,1074572,1076114,1076775,1076813,1082276,1083291
CVE References: CVE-2017-15119,CVE-2017-15124,CVE-2017-16845,CVE-2017-17381,CVE-2017-18043,CVE-2017-5715,CVE-2018-5683,CVE-2018-7550
Sources used:
openSUSE Leap 42.3 (src):    qemu-2.9.1-41.1, qemu-linux-user-2.9.1-41.1, qemu-testsuite-2.9.1-41.1
Comment 4 Swamp Workflow Management 2018-03-27 19:09:36 UTC 
SUSE-SU-2018:0831-1: An update that solves 9 vulnerabilities and has four fixes is now available.

Category: security (important)
Bug References: 1040202,1068032,1068613,1070144,1071228,1073489,1076114,1076179,1076775,1076814,1082276,1083291,1085598
CVE References: CVE-2017-15119,CVE-2017-15124,CVE-2017-16845,CVE-2017-17381,CVE-2017-18030,CVE-2017-18043,CVE-2017-5715,CVE-2018-5683,CVE-2018-7550
Sources used:
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    qemu-2.6.2-41.37.1
SUSE Linux Enterprise Server 12-SP2 (src):    qemu-2.6.2-41.37.1
SUSE Linux Enterprise Desktop 12-SP2 (src):    qemu-2.6.2-41.37.1
Comment 5 Liang Yan 2019-04-26 21:26:43 UTC 
Personal bug clean up. Free free to reopen it if you have further questions.