[security-announce] qemu: Security update

Sona Sarmadi sona.sarmadi at enea.com
Fri Sep 25 10:09:39 CEST 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

		Enea Linux Security Advisory
	
=========================================================
Product/package: Enea-Linux-5.0-beta-m400/qemu 2.1
Severity: Moderate
CVE Name: CVE-2015-5278
=========================================================
This security update fixes infinite loop when receiving
packets via ne2000_receive() routine.

A privileged user inside guest could use this flaw to crash
the Qemu instance resulting in DoS.

Signed patch and README files
================================
0036-qemu-CVE-2015-5278.patch
0036-qemu-CVE-2015-5278.patch.sig
0036-qemu-CVE-2015-5278.README.asc

Description
===========
Ne2000 NIC uses ring buffer of NE2000_MEM_SIZE(49152)
bytes to process network packets. While receiving packets
via ne2000_receive() routine, a local 'index' variable
could exceed the ring buffer size, leading to an infinite
loop situation.

References
===========
https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg03985.html
http://www.openwall.com/lists/oss-security/2015/09/15/2

Upstream fix:
http://git.qemu.org/?p=qemu.git;a=commit;h=
737d2b3c41d59eb8f94ab7eb419b957938f24943

How to apply the patches
=======================
 - Preparation
Make sure that you have an installation of Enea Linux and have
applied the existing patches in the right order

wget https://linux.enea.com/5.0-beta-m400/\
Enea-Linux-5.0-beta-m400.tar.gz
tar zxf Enea-Linux-5.0-beta-m400.tar.gz
cd Enea-Linux-5.0-beta-m400/poky
<Fetch and apply the existing patches >

 - Fetch, verify and apply the new patch
wget https://linux.enea.com/5.0-beta-m400/\
patches/0036-qemu-CVE-2015-5278.patch
wget https://linux.enea.com/5.0-beta-m400/\
patches/0036-qemu-CVE-2015-5278.patch.sig
gpg --verify 0036-qemu-CVE-2015-5278.patch.sig
patch -p1 < ./0036-qemu-CVE-2015-5278.patch

If you have any questions regarding the security patches and security
updates please contact security at enea.com.

Enea Security Team
Sona Sarmadi
Mobile: +46 70 971 4475
www.enea.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJWBQFDAAoJEHc+9u9ocWoUrggQAKQzPCSZZxM3zm0c+1twyFFN
TOrPGB7CXFXao1JP5mvLXVLuqUQWot51GH+gXO1nnCILzbuE+M/nPFhuDt+XdhCn
VPd+gfHHnZdBwFH7o3Cd7kBF95d2CYyaVtejqQI1buSuZNX5JC09tY75UrvpYfTv
J7SOZ56XspMX8ZPSiZubfXk4/OQnmSpKEz9kShtcVovwZo/ylzZv6BkuUALdoN3D
N+AKHnAo7ECRGVqSskcbQOFusia2StJK2ZrPRdzOs8uwpJnl6ScYopEbgbErL3XR
xG+dY+t+BxE6RuLC6RkmkiPoPAiJY/oNYGCNpdX+svg/cwpyBkGzxWJ9YPLN/aXf
QRHM7D/GVyjzy2srNsn0EhGxw4UwPMhYO6VNYr4NqjwqntHIOXDPdQb2YQBsHPeS
Wh5BOc581tFZymfE0xL6UDOiKZ9XwhRXA8o/CY+Tb0h7UzN2EgaO0+TY9Pa0hfmG
59ZmIhpWMETT3JIHJqyCXe09flJfK9GQdgEzTd9vkyYC/HpXFI9Cy9i4Ksd7/FpF
eHjqMNITjtjo03Wi1UXKQp0NEu3T4cEu2OH/9fEph7YcZHugdOG28JrzzzdsQyu/
1eIji4dvBOVugRljReGQs82AnR/frOQej8gSmk6Z7Hp6jTIJpGjW9zJBsPtznNpQ
i734lsiZGOemOP2QRfct
=V3yP
-----END PGP SIGNATURE-----



More information about the security-announce mailing list