Bug 1111011 - VUL-0: CVE-2018-17962: xen: pcnet: integer overflow leads to buffer overflow
VUL-0: CVE-2018-17962: xen: pcnet: integer overflow leads to buffer overflow
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/216247/
CVSSv3:SUSE:CVE-2018-17962:6.5:(AV:N/...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-10-08 07:56 UTC by Johannes Segitz
Modified: 2020-06-11 12:19 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Johannes Segitz 2018-10-08 07:56:10 UTC
+++ This bug was initially created as a clone of Bug #1111010 +++

rh#1636773

Qemu emulator built with the AMD PC-Net II (Am79C970A) emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network.

A user inside guest could use this flaw to crash the Qemu process resulting in DoS.

Fix: https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03268.html

References:
https://www.openwall.com/lists/oss-security/2018/10/08/1
https://bugzilla.redhat.com/show_bug.cgi?id=1636773
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17962
Comment 1 Charles Arnold 2018-10-11 16:35:41 UTC
Applicable to xen qemu 'upstream' version for,

SLE11-SP3/SP4, SLE12, SLE12-SP1

qemu traditional version does not try to assign size_ to size which
converts from size_t to integer and therefore it does not have the problem.
This means older than SLE11-SP3 and newer than SLE12-SP1 have no need for a
fix in Xen's qemu. Xen uses kvm/qemu on SLE12-SP2 and newer which does need
the fix but that is the other bug.
Comment 5 Swamp Workflow Management 2019-04-01 13:19:37 UTC
SUSE-SU-2019:0827-1: An update that solves 15 vulnerabilities and has 10 fixes is now available.

Category: security (important)
Bug References: 1027519,1056336,1105528,1108940,1110924,1111007,1111011,1111014,1112188,1114423,1114988,1115040,1115045,1115047,1117756,1123157,1126140,1126141,1126192,1126195,1126196,1126198,1126201,1127400,1129623
CVE References: CVE-2017-13672,CVE-2018-10839,CVE-2018-17958,CVE-2018-17962,CVE-2018-17963,CVE-2018-18438,CVE-2018-18849,CVE-2018-19665,CVE-2018-19961,CVE-2018-19962,CVE-2018-19965,CVE-2018-19966,CVE-2018-19967,CVE-2019-6778,CVE-2019-9824
Sources used:
SUSE Linux Enterprise Server 12-LTSS (src):    xen-4.4.4_40-22.77.1

*** NOTE: This information is not intended to be used for external
    communication, because this may only be a partial fix.
    If you have questions please reach out to maintenance coordination.
Comment 6 Swamp Workflow Management 2019-04-01 13:22:56 UTC
SUSE-SU-2019:0825-1: An update that solves 14 vulnerabilities and has 5 fixes is now available.

Category: security (important)
Bug References: 1056336,1110924,1111007,1111011,1111014,1112188,1114423,1114988,1115040,1115047,1117756,1123157,1126140,1126141,1126192,1126195,1126196,1126201,1129623
CVE References: CVE-2017-13672,CVE-2018-10839,CVE-2018-17958,CVE-2018-17962,CVE-2018-17963,CVE-2018-18438,CVE-2018-18849,CVE-2018-19665,CVE-2018-19961,CVE-2018-19962,CVE-2018-19966,CVE-2018-19967,CVE-2019-6778,CVE-2019-9824
Sources used:
SUSE Linux Enterprise Server for SAP 12-SP1 (src):    xen-4.5.5_28-22.58.1
SUSE Linux Enterprise Server 12-SP1-LTSS (src):    xen-4.5.5_28-22.58.1

*** NOTE: This information is not intended to be used for external
    communication, because this may only be a partial fix.
    If you have questions please reach out to maintenance coordination.
Comment 7 Swamp Workflow Management 2019-04-03 13:10:10 UTC
SUSE-SU-2019:14011-1: An update that solves 14 vulnerabilities and has four fixes is now available.

Category: security (important)
Bug References: 1110924,1111007,1111011,1111014,1112188,1114423,1114988,1115040,1115045,1115047,1117756,1123157,1126140,1126141,1126192,1126195,1126196,1129623
CVE References: CVE-2018-10839,CVE-2018-17958,CVE-2018-17962,CVE-2018-17963,CVE-2018-18438,CVE-2018-18849,CVE-2018-19665,CVE-2018-19961,CVE-2018-19962,CVE-2018-19965,CVE-2018-19966,CVE-2018-19967,CVE-2019-6778,CVE-2019-9824
Sources used:
SUSE Linux Enterprise Point of Sale 11-SP3 (src):    xen-4.2.5_21-45.30.1
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    xen-4.2.5_21-45.30.1

*** NOTE: This information is not intended to be used for external
    communication, because this may only be a partial fix.
    If you have questions please reach out to maintenance coordination.
Comment 8 Charles Arnold 2019-06-07 15:14:00 UTC
Fixed and released.
Comment 9 Marcus Meissner 2019-08-30 15:14:38 UTC
released