qemu-kvm-0.12.1.2-2.415.AXS4.8
エラータID: AXSA:2014-285:04
以下項目について対処しました。
[Security Fix]
- QEMU のブロックドライバには複数の整数オーバーフローが存在し,
(1) block/parallels.c の parallels_open 関数,(2) bochs.c の bochs_open 関数,(3) qcow2-snapshot.c の
qcow2_snapshot_load_tmp の大きな L1 table,(4) qcow2-cluster.c の qcow2_grow_l1_table 関数,
(5) block.c,他の block ドライバの bdrv_check_byte_reques 関数,(6) qcow2-refcount.c の get_refcount
関数の巧妙に細工されたクラスタインデックス, (7) cloop.c の cloop_open 関数の大量のブロックによって,ロー
カルのユーザがサービス拒否 (クラッシュ) を引き起こす脆弱性があります。(CVE-2014-0143)
- QEMU には複数のバッファーオーバーフローが存在し,(1) QCOW 2 block ドライバ (block/qcow2-snapshot.c)
の大きな L1 テーブルによって,(2) 非圧縮のチャンク,(3) チャンクの長さ,(4) DMG ブロックドライバ
(block/dmg.c) のセクタの数によって,ローカルのユーザがサービス拒否 (クラッシュ) を引き起こす,あるいは
任意のコードを実行する可能性のある脆弱性があります。(CVE-2014-0145)
- QEMU の (block/qcow2.c) の qcow2_open 関数には,snapshot_offset と nb_snapshots フィールドの
初期化に関連するエラーを引き起こす巧妙に細工されたイメージによって,ローカルのユーザがサービス拒否
(ヌルポインタデリファレンス) を引き起こす脆弱性があります。(CVE-2014-0146)
- QEMU の hw/net/virtio-net.c の virtio_net_handle_mac 関数には整数オーバーフローが存在し,MAC アドレステーブルの更新リクエストによって,ローカルのゲストユーザが任意のコードを実行する脆弱性があります。 (CVE-2014-0150)
- 現時点では CVE-2014-0142, CVE-2014-0147, CVE-2014-0148 の情報が公開されておりません。
CVE の情報が公開され次第情報をアップデートいたします。
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
パッケージをアップデートしてください。
QEMU, possibly before 2.0.0, allows local users to cause a denial of service (divide-by-zero error and crash) via a zero value in the (1) tracks field to the seek_to_sector function in block/parallels.c or (2) extent_size field in the bochs function in block/bochs.c.
Multiple integer overflows in the block drivers in QEMU, possibly before 2.0.0, allow local users to cause a denial of service (crash) via a crafted catalog size in (1) the parallels_open function in block/parallels.c or (2) bochs_open function in bochs.c, a large L1 table in the (3) qcow2_snapshot_load_tmp in qcow2-snapshot.c or (4) qcow2_grow_l1_table function in qcow2-cluster.c, (5) a large request in the bdrv_check_byte_request function in block.c and other block drivers, (6) crafted cluster indexes in the get_refcount function in qcow2-refcount.c, or (7) a large number of blocks in the cloop_open function in cloop.c, which trigger buffer overflows, memory corruption, large memory allocations and out-of-bounds read and writes.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Multiple buffer overflows in QEMU before 1.7.2 and 2.x before 2.0.0, allow local users to cause a denial of service (crash) or possibly execute arbitrary code via a large (1) L1 table in the qcow2_snapshot_load_tmp in the QCOW 2 block driver (block/qcow2-snapshot.c) or (2) uncompressed chunk, (3) chunk length, or (4) number of sectors in the DMG block driver (block/dmg.c).
The qcow2_open function in the (block/qcow2.c) in QEMU before 1.7.2 and 2.x before 2.0.0 allows local users to cause a denial of service (NULL pointer dereference) via a crafted image which causes an error, related to the initialization of the snapshot_offset and nb_snapshots fields.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Integer overflow in the virtio_net_handle_mac function in hw/net/virtio-net.c in QEMU 2.0 and earlier allows local guest users to execute arbitrary code via a MAC addresses table update request, which triggers a heap-based buffer overflow.
N/A
SRPMS
- qemu-kvm-0.12.1.2-2.415.AXS4.8.src.rpm
MD5: d04ff6d5843e609bc86462aca53ed539
SHA-256: 5d1abe6100776473f512c33519e55cfcfeba479d1454ac12413d6cb9b914711d
Size: 9.43 MB
Asianux Server 4 for x86
- qemu-guest-agent-0.12.1.2-2.415.AXS4.8.i686.rpm
MD5: 7c8438097001f2287a7a655fcee32395
SHA-256: 33837da8bb713f5c980a3335f3ac6087275a5e9ec383fed7b9651ba71cdf8990
Size: 435.15 kB
Asianux Server 4 for x86_64
- qemu-guest-agent-0.12.1.2-2.415.AXS4.8.x86_64.rpm
MD5: 7ccff4b7a195ad236247d0ffbe5786d8
SHA-256: 3e91fb8f39777e0f1ab8cdd337be8747eb0b1a89a81b219eea6672ad7f418d7a
Size: 432.14 kB - qemu-img-0.12.1.2-2.415.AXS4.8.x86_64.rpm
MD5: 2ef7872a0b4c1b18b638525a4306861c
SHA-256: 432f735bf487b1578e2651342699340d8c2ec1f79dfebf91ffb7a6315f90b8c0
Size: 593.67 kB - qemu-kvm-0.12.1.2-2.415.AXS4.8.x86_64.rpm
MD5: a3e58b7564d9294bc1fc078022315f56
SHA-256: a16a57ea2ada7bab5eb4b0a18afce7dd5cd9f132820f0d8e61beada6cfa9d7cb
Size: 1.48 MB - qemu-kvm-tools-0.12.1.2-2.415.AXS4.8.x86_64.rpm
MD5: d4b466b01dca1bd974ed08a2ac1d7edd
SHA-256: e2970e32bc7042230dc3535595daf2a64fea041473216355efc081ed99f5bd28
Size: 362.80 kB