Bugzilla – Bug 1111011
VUL-0: CVE-2018-17962: xen: pcnet: integer overflow leads to buffer overflow
Last modified: 2020-06-11 12:19:32 UTC
+++ This bug was initially created as a clone of Bug #1111010 +++ rh#1636773 Qemu emulator built with the AMD PC-Net II (Am79C970A) emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS. Fix: https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03268.html References: https://www.openwall.com/lists/oss-security/2018/10/08/1 https://bugzilla.redhat.com/show_bug.cgi?id=1636773 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17962
Applicable to xen qemu 'upstream' version for, SLE11-SP3/SP4, SLE12, SLE12-SP1 qemu traditional version does not try to assign size_ to size which converts from size_t to integer and therefore it does not have the problem. This means older than SLE11-SP3 and newer than SLE12-SP1 have no need for a fix in Xen's qemu. Xen uses kvm/qemu on SLE12-SP2 and newer which does need the fix but that is the other bug.
SUSE-SU-2019:0827-1: An update that solves 15 vulnerabilities and has 10 fixes is now available. Category: security (important) Bug References: 1027519,1056336,1105528,1108940,1110924,1111007,1111011,1111014,1112188,1114423,1114988,1115040,1115045,1115047,1117756,1123157,1126140,1126141,1126192,1126195,1126196,1126198,1126201,1127400,1129623 CVE References: CVE-2017-13672,CVE-2018-10839,CVE-2018-17958,CVE-2018-17962,CVE-2018-17963,CVE-2018-18438,CVE-2018-18849,CVE-2018-19665,CVE-2018-19961,CVE-2018-19962,CVE-2018-19965,CVE-2018-19966,CVE-2018-19967,CVE-2019-6778,CVE-2019-9824 Sources used: SUSE Linux Enterprise Server 12-LTSS (src): xen-4.4.4_40-22.77.1 *** NOTE: This information is not intended to be used for external communication, because this may only be a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2019:0825-1: An update that solves 14 vulnerabilities and has 5 fixes is now available. Category: security (important) Bug References: 1056336,1110924,1111007,1111011,1111014,1112188,1114423,1114988,1115040,1115047,1117756,1123157,1126140,1126141,1126192,1126195,1126196,1126201,1129623 CVE References: CVE-2017-13672,CVE-2018-10839,CVE-2018-17958,CVE-2018-17962,CVE-2018-17963,CVE-2018-18438,CVE-2018-18849,CVE-2018-19665,CVE-2018-19961,CVE-2018-19962,CVE-2018-19966,CVE-2018-19967,CVE-2019-6778,CVE-2019-9824 Sources used: SUSE Linux Enterprise Server for SAP 12-SP1 (src): xen-4.5.5_28-22.58.1 SUSE Linux Enterprise Server 12-SP1-LTSS (src): xen-4.5.5_28-22.58.1 *** NOTE: This information is not intended to be used for external communication, because this may only be a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2019:14011-1: An update that solves 14 vulnerabilities and has four fixes is now available. Category: security (important) Bug References: 1110924,1111007,1111011,1111014,1112188,1114423,1114988,1115040,1115045,1115047,1117756,1123157,1126140,1126141,1126192,1126195,1126196,1129623 CVE References: CVE-2018-10839,CVE-2018-17958,CVE-2018-17962,CVE-2018-17963,CVE-2018-18438,CVE-2018-18849,CVE-2018-19665,CVE-2018-19961,CVE-2018-19962,CVE-2018-19965,CVE-2018-19966,CVE-2018-19967,CVE-2019-6778,CVE-2019-9824 Sources used: SUSE Linux Enterprise Point of Sale 11-SP3 (src): xen-4.2.5_21-45.30.1 SUSE Linux Enterprise Debuginfo 11-SP3 (src): xen-4.2.5_21-45.30.1 *** NOTE: This information is not intended to be used for external communication, because this may only be a partial fix. If you have questions please reach out to maintenance coordination.
Fixed and released.
released