Bugzilla – Bug 1096223
VUL-0: CVE-2018-11806: kvm,qemu: slirp: heap buffer overflow while reassembling fragmented datagrams
Last modified: 2021-05-27 12:45:29 UTC
A heap buffer overflow issue was found in the way Slirp networking back-end in QEMU processes fragmented packets. It could occur while reassembling the fragmented datagrams of an incoming packet. A privileged user/process inside guest could use this flaw to crash the Qemu process resulting in DoS OR potentially leverage it to execute arbitrary code on the host with privileges of the Qemu process. Upstream patch: --------------- -> https://lists.gnu.org/archive/html/qemu-devel/2018-06/msg01012.html
Backported this qemu patch for all SLE versions: SLE11-SP3, SLE11-SP4, SLE12, SLE12-SP1, SLE12-SP2, SLE12-SP3, SLE12-SP4 and SLE15. And all codes have been pushed to corresponding git repo.
(In reply to Fei Li from comment #1) great, can you please also send MRs? Thank you
(In reply to Johannes Segitz from comment #4) > (In reply to Fei Li from comment #1) > great, can you please also send MRs? Thank you Is this fix urgent for now? If not, we would send a MR including all security bugs (currently two) and some Spectre stuff later. :)
it is fine to roll it into the next qemu/kvm update round.
SUSE-SU-2018:2340-1: An update that solves three vulnerabilities and has four fixes is now available. Category: security (moderate) Bug References: 1083291,1087082,1091695,1094725,1094898,1094913,1096223 CVE References: CVE-2018-11806,CVE-2018-3639,CVE-2018-7550 Sources used: SUSE Linux Enterprise Module for Server Applications 15 (src): qemu-2.11.2-9.4.1 SUSE Linux Enterprise Module for Basesystem 15 (src): qemu-2.11.2-9.4.1
openSUSE-SU-2018:2402-1: An update that solves three vulnerabilities and has four fixes is now available. Category: security (moderate) Bug References: 1083291,1087082,1091695,1094725,1094898,1094913,1096223 CVE References: CVE-2018-11806,CVE-2018-3639,CVE-2018-7550 Sources used: openSUSE Leap 15.0 (src): qemu-2.11.2-lp150.7.6.1, qemu-linux-user-2.11.2-lp150.7.6.1, qemu-testsuite-2.11.2-lp150.7.6.1
Already in the maintenance update, so close it.
SUSE-SU-2018:2556-1: An update that fixes three vulnerabilities is now available. Category: security (moderate) Bug References: 1092885,1096223,1098735 CVE References: CVE-2018-11806,CVE-2018-12617,CVE-2018-3639 Sources used: SUSE Linux Enterprise Server 12-LTSS (src): qemu-2.0.2-48.43.3
SUSE-SU-2018:2565-1: An update that solves three vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 1020928,1092885,1096223,1098735 CVE References: CVE-2018-11806,CVE-2018-12617,CVE-2018-3639 Sources used: SUSE Linux Enterprise Server for SAP 12-SP1 (src): qemu-2.3.1-33.12.1 SUSE Linux Enterprise Server 12-SP1-LTSS (src): qemu-2.3.1-33.12.1
SUSE-SU-2018:2615-1: An update that fixes three vulnerabilities is now available. Category: security (moderate) Bug References: 1092885,1096223,1098735 CVE References: CVE-2018-11806,CVE-2018-12617,CVE-2018-3639 Sources used: SUSE Linux Enterprise Server 11-SP3-LTSS (src): kvm-1.4.2-53.23.2 SUSE Linux Enterprise Point of Sale 11-SP3 (src): kvm-1.4.2-53.23.2
SUSE-SU-2018:2650-1: An update that fixes three vulnerabilities is now available. Category: security (moderate) Bug References: 1092885,1096223,1098735 CVE References: CVE-2018-11806,CVE-2018-12617,CVE-2018-3639 Sources used: SUSE Linux Enterprise Server 11-SP4 (src): kvm-1.4.2-60.15.2
SUSE-SU-2018:2973-1: An update that fixes three vulnerabilities is now available. Category: security (moderate) Bug References: 1092885,1096223,1098735 CVE References: CVE-2018-11806,CVE-2018-12617,CVE-2018-3639 Sources used: SUSE OpenStack Cloud 7 (src): qemu-2.6.2-41.43.3 SUSE Linux Enterprise Server for SAP 12-SP2 (src): qemu-2.6.2-41.43.3 SUSE Linux Enterprise Server 12-SP2-LTSS (src): qemu-2.6.2-41.43.3 SUSE Enterprise Storage 4 (src): qemu-2.6.2-41.43.3
SUSE-SU-2018:2973-2: An update that fixes three vulnerabilities is now available. Category: security (moderate) Bug References: 1092885,1096223,1098735 CVE References: CVE-2018-11806,CVE-2018-12617,CVE-2018-3639 Sources used: SUSE Linux Enterprise Server 12-SP2-BCL (src): qemu-2.6.2-41.43.3
SUSE-SU-2018:3555-1: An update that solves three vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 1092885,1094725,1096223,1098735 CVE References: CVE-2018-11806,CVE-2018-12617,CVE-2018-3639 Sources used: SUSE Linux Enterprise Server 12-SP3 (src): qemu-2.9.1-6.19.11 SUSE Linux Enterprise Desktop 12-SP3 (src): qemu-2.9.1-6.19.11 SUSE CaaS Platform ALL (src): qemu-2.9.1-6.19.11 SUSE CaaS Platform 3.0 (src): qemu-2.9.1-6.19.11
openSUSE-SU-2018:3709-1: An update that solves three vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 1092885,1094725,1096223,1098735 CVE References: CVE-2018-11806,CVE-2018-12617,CVE-2018-3639 Sources used: openSUSE Leap 42.3 (src): qemu-2.9.1-47.1, qemu-linux-user-2.9.1-47.1, qemu-testsuite-2.9.1-47.2