Bugzilla – Bug 1026612
VUL-0: CVE-2017-2633: kvm,qemu: VNC: memory corruption due to unchecked resolution limit
Last modified: 2022-02-13 11:24:13 UTC
From: P J P <ppandit () redhat com> Date: Thu, 23 Feb 2017 09:59:13 +0530 (IST) Hello, Quick Emulator(Qemu) built with the VNC display driver support is vulnerable to an out-of-bounds memory access issue. It could occur while refreshing the vnc display surface area in 'vnc_refresh_server_surface'. A user/process inside guest could use this flaw to crash the Qemu process resulting in DoS. Upstream patch: --------------- -> http://git.qemu-project.org/?p=qemu.git;a=commitdiff;h=bea60dd7679364493a0d7f5b54316c767cf894ef -> http://git.qemu-project.org/?p=qemu.git;a=commitdiff;h=9f64916da20eea67121d544698676295bbb105a7 Older versions of Qemu are affected, latest upstream releases are not. 'CVE-2017-2633' has been assigned to this issue by Red Hat Inc. Thank you. References: http://seclists.org/oss-sec/2017/q1/473 http://git.qemu-project.org/?p=qemu.git;a=commitdiff;h=9f64916da20eea67121d544698676295bbb105a7 http://git.qemu-project.org/?p=qemu.git;a=commitdiff;h=bea60dd7679364493a0d7f5b54316c767cf894ef
9f64916da20eea67121d544698676295bbb105a7 - in 1.3.0 bea60dd7679364493a0d7f5b54316c767cf894ef - in 2.1.0
bugbot adjusting priority
So kvm packages for SLE11-SP3/4 need bea60dd commit based fix as does SLE12 qemu. The 9f64916 fix is not needed for any of our supported products.
One more note: a later commit, eebe0b7, indicates that the bea60dd commit fix was incomplete, and provides the added fix. So we need this as well.
And another commit, eb8934b, indicates another issue with bea60dd, and provides the fix for that.So that commit is needed as well.
SUSE-SU-2017:2969-1: An update that solves 29 vulnerabilities and has two fixes is now available. Category: security (important) Bug References: 1020427,1021741,1025109,1025311,1026612,1028184,1028656,1030624,1032075,1034866,1034908,1035406,1035950,1036211,1037242,1039495,1042159,1042800,1042801,1043296,1045035,1046636,1047674,1048902,1049381,1056334,1057585,1062069,1063122,994418,994605 CVE References: CVE-2016-6834,CVE-2016-6835,CVE-2016-9602,CVE-2016-9603,CVE-2017-10664,CVE-2017-10806,CVE-2017-11334,CVE-2017-11434,CVE-2017-13672,CVE-2017-14167,CVE-2017-15038,CVE-2017-15289,CVE-2017-2633,CVE-2017-5579,CVE-2017-5973,CVE-2017-5987,CVE-2017-6505,CVE-2017-7377,CVE-2017-7471,CVE-2017-7493,CVE-2017-7718,CVE-2017-7980,CVE-2017-8086,CVE-2017-8112,CVE-2017-8309,CVE-2017-9330,CVE-2017-9373,CVE-2017-9375,CVE-2017-9503 Sources used: SUSE Linux Enterprise Server 12-LTSS (src): qemu-2.0.2-48.34.3
SUSE-SU-2018:0019-1: An update that fixes two vulnerabilities is now available. Category: security (important) Bug References: 1026612,1068032 CVE References: CVE-2017-2633,CVE-2017-5715 Sources used: SUSE Linux Enterprise Server 11-SP4 (src): kvm-1.4.2-60.6.1
@Bruce: I need a backport to SLES11-SP1 for bsc#1074701. Can you please provide it? TIA
(In reply to Sebastian Parschauer from comment #8) > @Bruce: I need a backport to SLES11-SP1 for bsc#1074701. Can you please > provide it? TIA Overloading this bug report with communications about another unrelated bug is bad practice. Please communicate with me within the other bug report or in some other way. But to respond to the open question, yes, I will.
SUSE-SU-2018:0039-1: An update that fixes two vulnerabilities is now available. Category: security (important) Bug References: 1026612,1068032 CVE References: CVE-2017-2633,CVE-2017-5715 Sources used: SUSE Linux Enterprise Server 11-SP3-LTSS (src): kvm-1.4.2-53.14.1 SUSE Linux Enterprise Point of Sale 11-SP3 (src): kvm-1.4.2-53.14.1
(In reply to Bruce Rogers from comment #9) > (In reply to Sebastian Parschauer from comment #8) > > @Bruce: I need a backport to SLES11-SP1 for bsc#1074701. Can you please > > provide it? TIA > > Overloading this bug report with communications about another unrelated bug > is bad practice. Please communicate with me within the other bug report or > in some other way. > > But to respond to the open question, yes, I will. And as I now look at this in detail, this is not going to be a simple backport. So contrary to my previous thought, this will not get done in a few more days, especially considering that I also have some other urgent type activities queued up. I'll see if someone else can also help with this.
Total 32 patches were backported to kvm package and 1 patch was backported to pixman package, waiting for L3 or customer's feedback.
fixed
What's the status here. I don't see where an actual package includes these patches (other than in Lin's home branch.) Was a maintenance submission done from other than our Devel project? Liang is also working on a vnc bug in old kvm releases which may benefit from these backports.
Just sent sr. https://build.suse.de/request/show/157389 Sorry for the delay