Bug 1111007 - VUL-0: CVE-2018-17958: xen: rtl8139: integer overflow leads to buffer overflow
VUL-0: CVE-2018-17958: xen: rtl8139: integer overflow leads to buffer overflow
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/216246/
CVSSv3:RedHat:CVE-2018-17958:6.5:(AV:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-10-08 07:18 UTC by Johannes Segitz
Modified: 2019-08-30 15:13 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Johannes Segitz 2018-10-08 07:18:08 UTC
+++ This bug was initially created as a clone of Bug #1111006 +++

rh#1636712

Qemu emulator built with the RTL8139 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network.

A user inside guest could use this flaw to crash the Qemu process resulting in DoS.

Fix: https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03269.html

References:
https://www.openwall.com/lists/oss-security/2018/10/08/1
https://bugzilla.redhat.com/show_bug.cgi?id=1636712
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17958
Comment 1 Charles Arnold 2018-10-11 16:35:07 UTC
Applicable to xen qemu 'upstream' version for,

SLE11-SP3/SP4, SLE12, SLE12-SP1

qemu traditional version does not try to assign size_ to size which
converts from size_t to integer and therefore it does not have the problem.
This means older than SLE11-SP3 and newer than SLE12-SP1 have no need for a
fix in Xen's qemu. Xen uses kvm/qemu on SLE12-SP2 and newer which does need
the fix but that is the other bug.
Comment 5 Swamp Workflow Management 2019-04-01 13:19:31 UTC
SUSE-SU-2019:0827-1: An update that solves 15 vulnerabilities and has 10 fixes is now available.

Category: security (important)
Bug References: 1027519,1056336,1105528,1108940,1110924,1111007,1111011,1111014,1112188,1114423,1114988,1115040,1115045,1115047,1117756,1123157,1126140,1126141,1126192,1126195,1126196,1126198,1126201,1127400,1129623
CVE References: CVE-2017-13672,CVE-2018-10839,CVE-2018-17958,CVE-2018-17962,CVE-2018-17963,CVE-2018-18438,CVE-2018-18849,CVE-2018-19665,CVE-2018-19961,CVE-2018-19962,CVE-2018-19965,CVE-2018-19966,CVE-2018-19967,CVE-2019-6778,CVE-2019-9824
Sources used:
SUSE Linux Enterprise Server 12-LTSS (src):    xen-4.4.4_40-22.77.1

*** NOTE: This information is not intended to be used for external
    communication, because this may only be a partial fix.
    If you have questions please reach out to maintenance coordination.
Comment 6 Swamp Workflow Management 2019-04-01 13:22:48 UTC
SUSE-SU-2019:0825-1: An update that solves 14 vulnerabilities and has 5 fixes is now available.

Category: security (important)
Bug References: 1056336,1110924,1111007,1111011,1111014,1112188,1114423,1114988,1115040,1115047,1117756,1123157,1126140,1126141,1126192,1126195,1126196,1126201,1129623
CVE References: CVE-2017-13672,CVE-2018-10839,CVE-2018-17958,CVE-2018-17962,CVE-2018-17963,CVE-2018-18438,CVE-2018-18849,CVE-2018-19665,CVE-2018-19961,CVE-2018-19962,CVE-2018-19966,CVE-2018-19967,CVE-2019-6778,CVE-2019-9824
Sources used:
SUSE Linux Enterprise Server for SAP 12-SP1 (src):    xen-4.5.5_28-22.58.1
SUSE Linux Enterprise Server 12-SP1-LTSS (src):    xen-4.5.5_28-22.58.1

*** NOTE: This information is not intended to be used for external
    communication, because this may only be a partial fix.
    If you have questions please reach out to maintenance coordination.
Comment 7 Swamp Workflow Management 2019-04-03 13:10:01 UTC
SUSE-SU-2019:14011-1: An update that solves 14 vulnerabilities and has four fixes is now available.

Category: security (important)
Bug References: 1110924,1111007,1111011,1111014,1112188,1114423,1114988,1115040,1115045,1115047,1117756,1123157,1126140,1126141,1126192,1126195,1126196,1129623
CVE References: CVE-2018-10839,CVE-2018-17958,CVE-2018-17962,CVE-2018-17963,CVE-2018-18438,CVE-2018-18849,CVE-2018-19665,CVE-2018-19961,CVE-2018-19962,CVE-2018-19965,CVE-2018-19966,CVE-2018-19967,CVE-2019-6778,CVE-2019-9824
Sources used:
SUSE Linux Enterprise Point of Sale 11-SP3 (src):    xen-4.2.5_21-45.30.1
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    xen-4.2.5_21-45.30.1

*** NOTE: This information is not intended to be used for external
    communication, because this may only be a partial fix.
    If you have questions please reach out to maintenance coordination.
Comment 8 Charles Arnold 2019-06-07 15:11:52 UTC
Fixed and released.
Comment 9 Marcus Meissner 2019-08-30 15:13:59 UTC
released