Your message dated Mon, 17 Dec 2012 22:18:07 +0000 with message-id <e1tkj0h-0007de...@franck.debian.org> and subject line Bug#696051: fixed in qemu-kvm 1.1.2+dfsg-3 has caused the Debian Bug report #696051, regarding potential guest-side buffer overflow caused by e1000 device emulation and large incoming packets to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 696051: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=696051 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: qemu Severity: serious Tags: upstream patch pending security When guest does not enable large packet receiving from the qemu-emulated e1000 device, and a large packet is received from the network, qemu will happily transfer whole thing to guest, causing a guest buffer overflow. This is fixed by upstream commit b0d9ffcd0251161c7c92f94804dcf599dfa3edeb , with the following comment by Michael Contreras: Tested with linux guest. This error can potentially be exploited. At the very least it can cause a DoS to a guest system, and in the worse case it could allow remote code execution on the guest system with kernel level privilege. Risk seems low, as the network would need to be configured to allow large packets. So it can be considered a low-risk security issue, too. /mjt
--- End Message ---
--- Begin Message ---Source: qemu-kvm Source-Version: 1.1.2+dfsg-3 We believe that the bug you reported is fixed in the latest version of qemu-kvm, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 696...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Michael Tokarev <m...@tls.msk.ru> (supplier of updated qemu-kvm package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Sun, 16 Dec 2012 23:08:40 +0400 Source: qemu-kvm Binary: qemu-kvm qemu-kvm-dbg kvm Architecture: source i386 Version: 1.1.2+dfsg-3 Distribution: unstable Urgency: low Maintainer: Michael Tokarev <m...@tls.msk.ru> Changed-By: Michael Tokarev <m...@tls.msk.ru> Description: kvm - dummy transitional package from kvm to qemu-kvm qemu-kvm - Full virtualization on x86 hardware qemu-kvm-dbg - Debugging info for qemu-kvm Closes: 686776 688964 691343 691569 695905 696050 696051 696052 696057 696061 696063 Changes: qemu-kvm (1.1.2+dfsg-3) unstable; urgency=low . * intel_hda-do-not-call-msi_reset-when-only-device-state-needs-resetting.patch patch to fix Fixing reset of MSI function in intel-hda virtual device. The fix (applied to stable-1.1.1) was partially wrong, as it actually added the msi_reset() call to two code paths instead of one as planned. Fix this by splitting the function in question into two parts. (Closes: #688964) * blockdev-preserve-readonly-and-snapshot-states-across-media-changes.patch: allow opening of read-only cdrom images/devices (Closes: #686776) * ahci-properly-reset-PxCMD-on-HBA-reset.patch: fix windows install on ahci (Closes: #696052) * e1000-discard-packets-that-are-too-long-if-not-SBP-and-not-LPE.patch: discard too long rx packets which may overflow guest buffer (Closes: #696051) * eepro100-fix-network-hang-when-rx-buffers-run-out.patch: fix e100 stall (Closes: #696061) * fix possible network stalls/slowness in e1000 device emulation: net-notify-iothread-after-flushing-queue.patch e1000-flush-queue-whenever-can_receive-can-go-from-false-to-true.patch (Closes: #696063) * fixes-related-to-processing-of-qemu-s-numa-option.patch: fixes numa handling (Closes: #691343) * qcow2-fix-avail_sectors-in-cluster-allocation-code.patch: fixes data corruption in stacked qcow2 (Closes: #695905) * qcow2-fix-refcount-table-size-calculation.patch: another possible corruption or crash in qcow2 (Closes: #691569) * tap-reset-vnet-header-size-on-open.patch: always ensure tap device is in known state initially (Closes: #696057) * vmdk-fix-data-corruption-bug-in-WRITE-and-READ-handling.patch: possible data corruption bug in vmdk image format (Closes: #696050) Checksums-Sha1: 4288d03e5dbbce17b98325e1c3c5dbf2b91309e0 1949 qemu-kvm_1.1.2+dfsg-3.dsc ec4bd6412a1c999b582f37159837c6ebe81d29fb 48542 qemu-kvm_1.1.2+dfsg-3.debian.tar.gz 6b2660777bf3c5fa177955cb1ebd7d87a8a1913e 1756288 qemu-kvm_1.1.2+dfsg-3_i386.deb 84f8fda1d470ee3e17f1371aab59d29cbcfe7771 5098654 qemu-kvm-dbg_1.1.2+dfsg-3_i386.deb b27aceda82c8543ee3218010c310dd9af7bebf6c 22976 kvm_1.1.2+dfsg-3_i386.deb Checksums-Sha256: f3b9978abda70ad11fb94eab91315ae3da8104f85540bb0ccdf3d485241c8ee4 1949 qemu-kvm_1.1.2+dfsg-3.dsc 2670ccd5f2d07a0e00e1b631b1f4abe0cba61390744cb82348c1825dcd173ad9 48542 qemu-kvm_1.1.2+dfsg-3.debian.tar.gz 95a9063e7535b702be99113dc6feb4c22c2d06cbe7be8a113b8950234fce234d 1756288 qemu-kvm_1.1.2+dfsg-3_i386.deb d282d450633843193d39d0fc0008e8a7669847fa665d36b63bca4ef9c6300d85 5098654 qemu-kvm-dbg_1.1.2+dfsg-3_i386.deb 50ba25f736b5408e73f5c0a3c4c6f010cb7a6774267df55ce67660a64d1fb251 22976 kvm_1.1.2+dfsg-3_i386.deb Files: f19d1ac0052beaa0c4ab9b8e952f2560 1949 misc optional qemu-kvm_1.1.2+dfsg-3.dsc eb29632fab2488aef650b519cf42825e 48542 misc optional qemu-kvm_1.1.2+dfsg-3.debian.tar.gz fdf45ed18e063a5c868ac29cf56f0421 1756288 misc optional qemu-kvm_1.1.2+dfsg-3_i386.deb cd186a71d7b55aaeded888be2a2a85db 5098654 debug extra qemu-kvm-dbg_1.1.2+dfsg-3_i386.deb 9268cfd2c236f45ecd23c06ce8dc6002 22976 oldlibs extra kvm_1.1.2+dfsg-3_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iJwEAQECAAYFAlDPlbwACgkQUlPFrXTwyDhUVQP8DnAttJAOVgAduFC65xLL3D8W LeiQOMbneDinQOfDS9Ja8Wgf7OIfLZqwBh35MDyQthLc8p9ECCypl1ugxucO3cgJ YvRRrMgsxyBrSnS7iWV4/kukS+S4ATmpJmdAZMxHKd4xfckiZfIaLDSHngpSQuZW 8vk8OTf67JXHn0MQh9E= =2NqR -----END PGP SIGNATURE-----
--- End Message ---
