Bug 1096223 (CVE-2018-11806) - VUL-0: CVE-2018-11806: kvm,qemu: slirp: heap buffer overflow while reassembling fragmented datagrams
Summary: VUL-0: CVE-2018-11806: kvm,qemu: slirp: heap buffer overflow while reassembli...
Status: RESOLVED FIXED
Alias: CVE-2018-11806
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Fei Li
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/207332/
Whiteboard: CVSSv3:RedHat:CVE-2018-11806:5.1:(AV:...
Keywords:
Depends on:
Blocks:
 
Reported: 2018-06-06 11:09 UTC by Marcus Meissner
Modified: 2021-05-27 12:45 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2018-06-06 11:09:36 UTC
A heap buffer overflow issue was found in the way Slirp networking back-end
in QEMU processes fragmented packets. It could occur while reassembling the
fragmented datagrams of an incoming packet.

A privileged user/process inside guest could use this flaw to crash the Qemu
process resulting in DoS OR potentially leverage it to execute arbitrary code
on the host with privileges of the Qemu process.

Upstream patch:
---------------
  -> https://lists.gnu.org/archive/html/qemu-devel/2018-06/msg01012.html
Comment 1 Fei Li 2018-06-23 07:43:59 UTC
Backported this qemu patch for all SLE versions: SLE11-SP3, SLE11-SP4, SLE12, SLE12-SP1, SLE12-SP2, SLE12-SP3, SLE12-SP4 and SLE15. And all codes have been pushed to corresponding git repo.
Comment 4 Johannes Segitz 2018-07-26 14:38:34 UTC
(In reply to Fei Li from comment #1)
great, can you please also send MRs? Thank you
Comment 5 Fei Li 2018-07-31 03:57:47 UTC
(In reply to Johannes Segitz from comment #4)
> (In reply to Fei Li from comment #1)
> great, can you please also send MRs? Thank you

Is this fix urgent for now? If not, we would send a MR including all security bugs (currently two) and some Spectre stuff later. :)
Comment 6 Marcus Meissner 2018-07-31 05:03:17 UTC
it is fine to roll it into the next qemu/kvm update round.
Comment 8 Swamp Workflow Management 2018-08-16 07:14:28 UTC
SUSE-SU-2018:2340-1: An update that solves three vulnerabilities and has four fixes is now available.

Category: security (moderate)
Bug References: 1083291,1087082,1091695,1094725,1094898,1094913,1096223
CVE References: CVE-2018-11806,CVE-2018-3639,CVE-2018-7550
Sources used:
SUSE Linux Enterprise Module for Server Applications 15 (src):    qemu-2.11.2-9.4.1
SUSE Linux Enterprise Module for Basesystem 15 (src):    qemu-2.11.2-9.4.1
Comment 9 Swamp Workflow Management 2018-08-17 10:17:32 UTC
openSUSE-SU-2018:2402-1: An update that solves three vulnerabilities and has four fixes is now available.

Category: security (moderate)
Bug References: 1083291,1087082,1091695,1094725,1094898,1094913,1096223
CVE References: CVE-2018-11806,CVE-2018-3639,CVE-2018-7550
Sources used:
openSUSE Leap 15.0 (src):    qemu-2.11.2-lp150.7.6.1, qemu-linux-user-2.11.2-lp150.7.6.1, qemu-testsuite-2.11.2-lp150.7.6.1
Comment 10 Fei Li 2018-08-18 11:50:08 UTC
Already in the maintenance update, so close it.
Comment 11 Swamp Workflow Management 2018-08-30 10:17:41 UTC
SUSE-SU-2018:2556-1: An update that fixes three vulnerabilities is now available.

Category: security (moderate)
Bug References: 1092885,1096223,1098735
CVE References: CVE-2018-11806,CVE-2018-12617,CVE-2018-3639
Sources used:
SUSE Linux Enterprise Server 12-LTSS (src):    qemu-2.0.2-48.43.3
Comment 12 Swamp Workflow Management 2018-08-30 22:08:45 UTC
SUSE-SU-2018:2565-1: An update that solves three vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1020928,1092885,1096223,1098735
CVE References: CVE-2018-11806,CVE-2018-12617,CVE-2018-3639
Sources used:
SUSE Linux Enterprise Server for SAP 12-SP1 (src):    qemu-2.3.1-33.12.1
SUSE Linux Enterprise Server 12-SP1-LTSS (src):    qemu-2.3.1-33.12.1
Comment 13 Swamp Workflow Management 2018-09-04 22:10:28 UTC
SUSE-SU-2018:2615-1: An update that fixes three vulnerabilities is now available.

Category: security (moderate)
Bug References: 1092885,1096223,1098735
CVE References: CVE-2018-11806,CVE-2018-12617,CVE-2018-3639
Sources used:
SUSE Linux Enterprise Server 11-SP3-LTSS (src):    kvm-1.4.2-53.23.2
SUSE Linux Enterprise Point of Sale 11-SP3 (src):    kvm-1.4.2-53.23.2
Comment 14 Swamp Workflow Management 2018-09-07 16:09:05 UTC
SUSE-SU-2018:2650-1: An update that fixes three vulnerabilities is now available.

Category: security (moderate)
Bug References: 1092885,1096223,1098735
CVE References: CVE-2018-11806,CVE-2018-12617,CVE-2018-3639
Sources used:
SUSE Linux Enterprise Server 11-SP4 (src):    kvm-1.4.2-60.15.2
Comment 15 Swamp Workflow Management 2018-10-02 16:08:57 UTC
SUSE-SU-2018:2973-1: An update that fixes three vulnerabilities is now available.

Category: security (moderate)
Bug References: 1092885,1096223,1098735
CVE References: CVE-2018-11806,CVE-2018-12617,CVE-2018-3639
Sources used:
SUSE OpenStack Cloud 7 (src):    qemu-2.6.2-41.43.3
SUSE Linux Enterprise Server for SAP 12-SP2 (src):    qemu-2.6.2-41.43.3
SUSE Linux Enterprise Server 12-SP2-LTSS (src):    qemu-2.6.2-41.43.3
SUSE Enterprise Storage 4 (src):    qemu-2.6.2-41.43.3
Comment 16 Swamp Workflow Management 2018-10-18 17:19:12 UTC
SUSE-SU-2018:2973-2: An update that fixes three vulnerabilities is now available.

Category: security (moderate)
Bug References: 1092885,1096223,1098735
CVE References: CVE-2018-11806,CVE-2018-12617,CVE-2018-3639
Sources used:
SUSE Linux Enterprise Server 12-SP2-BCL (src):    qemu-2.6.2-41.43.3
Comment 17 Swamp Workflow Management 2018-10-29 20:15:34 UTC
SUSE-SU-2018:3555-1: An update that solves three vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1092885,1094725,1096223,1098735
CVE References: CVE-2018-11806,CVE-2018-12617,CVE-2018-3639
Sources used:
SUSE Linux Enterprise Server 12-SP3 (src):    qemu-2.9.1-6.19.11
SUSE Linux Enterprise Desktop 12-SP3 (src):    qemu-2.9.1-6.19.11
SUSE CaaS Platform ALL (src):    qemu-2.9.1-6.19.11
SUSE CaaS Platform 3.0 (src):    qemu-2.9.1-6.19.11
Comment 18 Swamp Workflow Management 2018-11-09 23:24:32 UTC
openSUSE-SU-2018:3709-1: An update that solves three vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1092885,1094725,1096223,1098735
CVE References: CVE-2018-11806,CVE-2018-12617,CVE-2018-3639
Sources used:
openSUSE Leap 42.3 (src):    qemu-2.9.1-47.1, qemu-linux-user-2.9.1-47.1, qemu-testsuite-2.9.1-47.2