Bug 1096224 - VUL-0: CVE-2018-11806: xen: slirp: heap buffer overflow while reassembling fragmented datagrams
Summary: VUL-0: CVE-2018-11806: xen: slirp: heap buffer overflow while reassembling fr...
Status: RESOLVED FIXED
Alias: None
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Charles Arnold
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/207332/
Whiteboard: CVSSv3:SUSE:CVE-2018-11806:5.0:(AV:L/...
Keywords:
Depends on:
Blocks:
 
Reported: 2018-06-06 11:10 UTC by Marcus Meissner
Modified: 2021-01-22 09:02 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2018-06-06 11:10:22 UTC
+++ This bug was initially created as a clone of Bug #1096223 +++

A heap buffer overflow issue was found in the way Slirp networking back-end
in QEMU processes fragmented packets. It could occur while reassembling the
fragmented datagrams of an incoming packet.

A privileged user/process inside guest could use this flaw to crash the Qemu
process resulting in DoS OR potentially leverage it to execute arbitrary code
on the host with privileges of the Qemu process.

Upstream patch:
---------------
  -> https://lists.gnu.org/archive/html/qemu-devel/2018-06/msg01012.html
Comment 6 Swamp Workflow Management 2018-07-23 13:09:46 UTC
SUSE-SU-2018:2037-1: An update that solves 5 vulnerabilities and has two fixes is now available.

Category: security (moderate)
Bug References: 1027519,1079730,1095242,1096224,1097521,1097522,1098744
CVE References: CVE-2018-11806,CVE-2018-12617,CVE-2018-12891,CVE-2018-12893,CVE-2018-3665
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    xen-4.4.4_34-61.32.1
SUSE Linux Enterprise Server 11-SP4 (src):    xen-4.4.4_34-61.32.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    xen-4.4.4_34-61.32.1
Comment 7 Swamp Workflow Management 2018-07-25 13:12:32 UTC
SUSE-SU-2018:2056-1: An update that solves 5 vulnerabilities and has two fixes is now available.

Category: security (moderate)
Bug References: 1027519,1079730,1095242,1096224,1097521,1097522,1098744
CVE References: CVE-2018-11806,CVE-2018-12617,CVE-2018-12891,CVE-2018-12893,CVE-2018-3665
Sources used:
SUSE Linux Enterprise Server 12-LTSS (src):    xen-4.4.4_34-22.71.2
Comment 8 Swamp Workflow Management 2018-07-25 13:14:53 UTC
SUSE-SU-2018:2059-1: An update that solves 5 vulnerabilities and has two fixes is now available.

Category: security (moderate)
Bug References: 1027519,1087289,1095242,1096224,1097521,1097522,1097523
CVE References: CVE-2018-11806,CVE-2018-12891,CVE-2018-12892,CVE-2018-12893,CVE-2018-3665
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    xen-4.9.2_08-3.35.2
SUSE Linux Enterprise Server 12-SP3 (src):    xen-4.9.2_08-3.35.2
SUSE Linux Enterprise Desktop 12-SP3 (src):    xen-4.9.2_08-3.35.2
SUSE CaaS Platform ALL (src):    xen-4.9.2_08-3.35.2
Comment 9 Swamp Workflow Management 2018-07-26 19:12:03 UTC
SUSE-SU-2018:2069-1: An update that solves 5 vulnerabilities and has two fixes is now available.

Category: security (moderate)
Bug References: 1027519,1079730,1095242,1096224,1097521,1097522,1098744
CVE References: CVE-2018-11806,CVE-2018-12617,CVE-2018-12891,CVE-2018-12893,CVE-2018-3665
Sources used:
SUSE Linux Enterprise Server for SAP 12-SP1 (src):    xen-4.5.5_24-22.52.3
SUSE Linux Enterprise Server 12-SP1-LTSS (src):    xen-4.5.5_24-22.52.3
Comment 10 Swamp Workflow Management 2018-07-27 16:09:42 UTC
SUSE-SU-2018:2081-1: An update that solves 5 vulnerabilities and has three fixes is now available.

Category: security (important)
Bug References: 1027519,1087289,1094725,1095242,1096224,1097521,1097522,1097523
CVE References: CVE-2018-11806,CVE-2018-12891,CVE-2018-12892,CVE-2018-12893,CVE-2018-3665
Sources used:
SUSE OpenStack Cloud 7 (src):    xen-4.7.6_02-43.36.1
SUSE Linux Enterprise Server for SAP 12-SP2 (src):    xen-4.7.6_02-43.36.1
SUSE Linux Enterprise Server 12-SP2-LTSS (src):    xen-4.7.6_02-43.36.1
SUSE Enterprise Storage 4 (src):    xen-4.7.6_02-43.36.1
Comment 12 Swamp Workflow Management 2018-08-06 13:13:12 UTC
openSUSE-SU-2018:2211-1: An update that solves 5 vulnerabilities and has two fixes is now available.

Category: security (moderate)
Bug References: 1027519,1087289,1095242,1096224,1097521,1097522,1097523
CVE References: CVE-2018-11806,CVE-2018-12891,CVE-2018-12892,CVE-2018-12893,CVE-2018-3665
Sources used:
openSUSE Leap 42.3 (src):    xen-4.9.2_08-25.2
Comment 14 Marcus Meissner 2018-08-27 11:47:49 UTC
released
Comment 15 Swamp Workflow Management 2018-08-27 13:10:24 UTC
SUSE-SU-2018:2528-1: An update that solves 12 vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1027519,1074562,1079730,1090822,1090823,1091107,1092631,1095242,1096224,1097206,1097521,1097522,1098744
CVE References: CVE-2017-5715,CVE-2017-5753,CVE-2017-5754,CVE-2018-10981,CVE-2018-10982,CVE-2018-11806,CVE-2018-12617,CVE-2018-12891,CVE-2018-12893,CVE-2018-3639,CVE-2018-3646,CVE-2018-3665
Sources used:
SUSE Linux Enterprise Server 11-SP3-LTSS (src):    xen-4.2.5_21-45.25.1
SUSE Linux Enterprise Point of Sale 11-SP3 (src):    xen-4.2.5_21-45.25.1
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    xen-4.2.5_21-45.25.1
Comment 16 Swamp Workflow Management 2018-10-18 18:08:01 UTC
SUSE-SU-2018:2081-2: An update that solves 5 vulnerabilities and has three fixes is now available.

Category: security (important)
Bug References: 1027519,1087289,1094725,1095242,1096224,1097521,1097522,1097523
CVE References: CVE-2018-11806,CVE-2018-12891,CVE-2018-12892,CVE-2018-12893,CVE-2018-3665
Sources used:
SUSE Linux Enterprise Server 12-SP2-BCL (src):    xen-4.7.6_02-43.36.1