Your message dated Mon, 17 Dec 2012 22:17:53 +0000 with message-id <e1tkj0t-0007vv...@franck.debian.org> and subject line Bug#696051: fixed in qemu 1.1.2+dfsg-3 has caused the Debian Bug report #696051, regarding potential guest-side buffer overflow caused by e1000 device emulation and large incoming packets to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 696051: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=696051 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: qemu Severity: serious Tags: upstream patch pending security When guest does not enable large packet receiving from the qemu-emulated e1000 device, and a large packet is received from the network, qemu will happily transfer whole thing to guest, causing a guest buffer overflow. This is fixed by upstream commit b0d9ffcd0251161c7c92f94804dcf599dfa3edeb , with the following comment by Michael Contreras: Tested with linux guest. This error can potentially be exploited. At the very least it can cause a DoS to a guest system, and in the worse case it could allow remote code execution on the guest system with kernel level privilege. Risk seems low, as the network would need to be configured to allow large packets. So it can be considered a low-risk security issue, too. /mjt
--- End Message ---
--- Begin Message ---Source: qemu Source-Version: 1.1.2+dfsg-3 We believe that the bug you reported is fixed in the latest version of qemu, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 696...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Michael Tokarev <m...@tls.msk.ru> (supplier of updated qemu package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Sun, 16 Dec 2012 23:08:40 +0400 Source: qemu Binary: qemu qemu-keymaps qemu-system qemu-user qemu-user-static qemu-utils Architecture: source all i386 Version: 1.1.2+dfsg-3 Distribution: unstable Urgency: low Maintainer: Debian QEMU Team <pkg-qemu-de...@lists.alioth.debian.org> Changed-By: Michael Tokarev <m...@tls.msk.ru> Description: qemu - fast processor emulator qemu-keymaps - QEMU keyboard maps qemu-system - QEMU full system emulation binaries qemu-user - QEMU user mode emulation binaries qemu-user-static - QEMU user mode emulation binaries (static version) qemu-utils - QEMU utilities Closes: 677654 686776 688964 691343 691569 695905 696050 696051 696052 696057 696061 696063 Changes: qemu (1.1.2+dfsg-3) unstable; urgency=low . * add build-dependency on libcap-dev [linux-any] to enable virtfs support which has been dropped in 1.1. (Closes: #677654) * intel_hda-do-not-call-msi_reset-when-only-device-state-needs-resetting.patch patch to fix Fixing reset of MSI function in intel-hda virtual device. The fix (applied to stable-1.1.1) was partially wrong, as it actually added the msi_reset() call to two code paths instead of one as planned. Fix this by splitting the function in question into two parts. (Closes: #688964) * blockdev-preserve-readonly-and-snapshot-states-across-media-changes.patch: allow opening of read-only cdrom images/devices (Closes: #686776) * ahci-properly-reset-PxCMD-on-HBA-reset.patch: fix windows install on ahci (Closes: #696052) * e1000-discard-packets-that-are-too-long-if-not-SBP-and-not-LPE.patch: discard too long rx packets which may overflow guest buffer (Closes: #696051) * eepro100-fix-network-hang-when-rx-buffers-run-out.patch: fix e100 stall (Closes: #696061) * fix possible network stalls/slowness in e1000 device emulation: net-notify-iothread-after-flushing-queue.patch e1000-flush-queue-whenever-can_receive-can-go-from-false-to-true.patch (Closes: #696063) * fixes-related-to-processing-of-qemu-s-numa-option.patch: fixes numa handling (Closes: #691343) * qcow2-fix-avail_sectors-in-cluster-allocation-code.patch: fixes data corruption in stacked qcow2 (Closes: #695905) * qcow2-fix-refcount-table-size-calculation.patch: another possible corruption or crash in qcow2 (Closes: #691569) * tap-reset-vnet-header-size-on-open.patch: always ensure tap device is in known state initially (Closes: #696057) * vmdk-fix-data-corruption-bug-in-WRITE-and-READ-handling.patch: possible data corruption bug in vmdk image format (Closes: #696050) Checksums-Sha1: 6bd171f71599b338a18e257cdd24acfdc051b4b8 2425 qemu_1.1.2+dfsg-3.dsc 8f3306c9684b873a4027d4d975779d08fb62e5b8 60121 qemu_1.1.2+dfsg-3.debian.tar.gz 5a53abc5f3e94a11d57f534412507339dce16eb5 48732 qemu-keymaps_1.1.2+dfsg-3_all.deb f16f6501120e66bd416d46f61daac9a6256bb91d 113972 qemu_1.1.2+dfsg-3_i386.deb f80d01f5de3fc39140040f31f77b0bf1b99fe992 28417718 qemu-system_1.1.2+dfsg-3_i386.deb c66aa0ad517f817d496101e422e43ea56adca5a4 7610054 qemu-user_1.1.2+dfsg-3_i386.deb 503e1625cc115c5eaaa7a5c698ef6ddfadd5a59c 14766964 qemu-user-static_1.1.2+dfsg-3_i386.deb 92f509123e1592d607023162e0445fea8bb4d847 711658 qemu-utils_1.1.2+dfsg-3_i386.deb Checksums-Sha256: e4ba9f496eb1e36552745660aa732cd4a9e613e11fe81649bd22ba9b34bd8397 2425 qemu_1.1.2+dfsg-3.dsc 600beed39c9c223150e452763b1c3257088de15931ea4f71006b8418658959c0 60121 qemu_1.1.2+dfsg-3.debian.tar.gz 7775ccb8938d5089457383bdd4a389c63a2ad4c881f2d40f77d0345656c38e19 48732 qemu-keymaps_1.1.2+dfsg-3_all.deb 3ab6cc6d3d1e535ad691386b36b362780acfc67a03509df397860e3c7653b4b2 113972 qemu_1.1.2+dfsg-3_i386.deb 4a31c29cf635c3163e9df52eee0d1aed573d13b4d70761e6029763be42f9d764 28417718 qemu-system_1.1.2+dfsg-3_i386.deb 83c0cfd8044eec9e20a507dec9e145e4eb2e0b9c3f99080eb10e8c56056666ee 7610054 qemu-user_1.1.2+dfsg-3_i386.deb 40e4793c111508b16ac6b400496c6a4090e0d83a6c7ecd610c82618b149f4ad5 14766964 qemu-user-static_1.1.2+dfsg-3_i386.deb d0af3d4f5012eba5c5863d10f3fe221e55b974ff1e444659b1aa5c0f033e329e 711658 qemu-utils_1.1.2+dfsg-3_i386.deb Files: 003b5333a07b5892b2436b5bf46ccd8b 2425 misc optional qemu_1.1.2+dfsg-3.dsc 9a99feef6a34a9ff5548418b7710a96b 60121 misc optional qemu_1.1.2+dfsg-3.debian.tar.gz 0e21884dcc367f1e6fbfbf819865879c 48732 misc optional qemu-keymaps_1.1.2+dfsg-3_all.deb 2db06903ba365f245e62dd516e23f070 113972 misc optional qemu_1.1.2+dfsg-3_i386.deb c3c260c9b46125b66e867004f8a24e5f 28417718 misc optional qemu-system_1.1.2+dfsg-3_i386.deb af9573a1e1367ab813258d3a4be9082b 7610054 misc optional qemu-user_1.1.2+dfsg-3_i386.deb 9bbacb684657879801148dedf7e6dd35 14766964 misc optional qemu-user-static_1.1.2+dfsg-3_i386.deb 81339e4a8bdf1129eee79223a457f39c 711658 misc optional qemu-utils_1.1.2+dfsg-3_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iJwEAQECAAYFAlDPlbkACgkQUlPFrXTwyDjnLgQA2Hd2FEyoKAtQGA7fULK6QJCI vZX32TQ9I1GEkQOlcTNSCERQ9xF5aJ2F47Bl7VRditOm3wIfIzEqGknlYWsVhmiu zroCexzo45LPnKzATSHoD6iZ08QwnY/OFRMtOQnxDV4ViZnUWbTyOIjVH//sDk/U mj0vu1+/DimttQSaab4= =kGlJ -----END PGP SIGNATURE-----
--- End Message ---
