SB2018121712 - OpenSUSE Linux update for qemu 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2018121712

SB2018121712 - OpenSUSE Linux update for qemu

Published: December 17, 2018

Security Bulletin ID SB2018121712
Severity
Low
Patch available
YES
Number of vulnerabilities 6
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 6 secuirty vulnerabilities.


1) Integer overflow (CVE-ID: CVE-2018-10839)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to integer overflow when built with the NE2000 NIC emulation support. A remote attacker can supply specially crafted packets over the network, trigger memory corruption and crash the Qemu process.


2) Improper input validation (CVE-ID: CVE-2018-15746)

The vulnerability allows an adjacent attacker to cause DoS condition on the target system.

The vulnerability exists in qemu-seccomp.c due to an error when processing malicious input. An adjacent attacker can leverage mishandling of the seccomp policy for threads other than the main thread and cause the service to crash.


3) Integer overflow (CVE-ID: CVE-2018-17958)

The vulnerability allows an adjacent attacker to cause DoS condition on the target system.

The vulnerability exists due to a boundary error in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used. An adjacent attacker can trigger integer overflow and cause the service to crash.


4) Buffer overflow (CVE-ID: CVE-2018-17962)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to buffer overflow in pcnet_receive in hw/net/pcnet.c when an incorrect integer data type is used. A remote attacker can supply specially crafted packets over the network, trigger memory corruption and crash the Qemu process.


5) Buffer overflow (CVE-ID: CVE-2018-17963)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to buffer overflow when qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX. A remote attacker can supply specially crafted packets over the network, trigger memory corruption and crash the Qemu process.


6) Out-of-bounds read (CVE-ID: CVE-2018-18849)

The vulnerability allows an adjacent attacker to cause DoS condition on the target system.

The vulnerability exists due to message length value in 'msg_len' could be invalid due to an invalid migration stream while writing a message in 'lsi_do_msgin'. An adjacent attacker can trigger out-of-bounds read and cause the service to crash.


Remediation

Install update from vendor's website.

References