Bug 945987 (CVE-2015-5279) - VUL-0: CVE-2015-5279: qemu,kvm: Heap overflow vulnerability in ne2000_receive() function
Summary: VUL-0: CVE-2015-5279: qemu,kvm: Heap overflow vulnerability in ne2000_receive...
Status: RESOLVED FIXED
Alias: CVE-2015-5279
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Major
Target Milestone: ---
Assignee: Bruce Rogers
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/156586/
Whiteboard: CVSSv2:NVD:CVE-2015-5279:7.2:(AV:L/AC...
Keywords:
Depends on:
Blocks:
 
Reported: 2015-09-16 06:47 UTC by Victor Pereira
Modified: 2016-07-21 15:47 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Victor Pereira 2015-09-16 06:47:43 UTC 
rh#1256672

Qemu emulator built with the NE2000 NIC emulation support is vulnerable to a heap buffer overflow issue. It could occur when receiving packets over the network.

A privileged user inside guest could use this flaw to crash the Qemu instance or potentially execute arbitrary code on the host.

Upstream fix:
-------------
  -> https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg03984.html

Reference:
----------

References:
http://www.openwall.com/lists/oss-security/2015/09/15/3
https://bugzilla.redhat.com/show_bug.cgi?id=1256672
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5279
http://seclists.org/oss-sec/2015/q3/549
http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-5279.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5279
https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg03984.html
Comment 1 Swamp Workflow Management 2015-09-16 22:00:16 UTC 
bugbot adjusting priority
Comment 2 Bruce Rogers 2015-09-17 19:22:46 UTC 
This is fixed by QEMU upstream commit 9bbdbc66e5765068dce76e9269dce4547afd8ad4.
Comment 3 Swamp Workflow Management 2015-10-20 08:12:52 UTC 
SUSE-SU-2015:1782-1: An update that solves 5 vulnerabilities and has 10 fixes is now available.

Category: security (important)
Bug References: 902737,928308,934506,934517,936537,937125,937572,938344,939216,943446,944017,945404,945778,945987,945989
CVE References: CVE-2014-7815,CVE-2015-5154,CVE-2015-5278,CVE-2015-5279,CVE-2015-6855
Sources used:
SUSE Linux Enterprise Server 12 (src):    qemu-2.0.2-48.9.1
SUSE Linux Enterprise Desktop 12 (src):    qemu-2.0.2-48.9.1
Comment 4 Swamp Workflow Management 2016-06-28 18:09:17 UTC 
SUSE-SU-2016:1698-1: An update that solves 33 vulnerabilities and has three fixes is now available.

Category: security (important)
Bug References: 895528,901508,928393,934069,936132,940929,944463,945404,945987,945989,947159,958491,958917,959005,960334,960725,961332,961333,961358,961556,961691,962320,963782,964413,967969,969350,970036,970037,975128,975136,975700,976109,978158,978160,980711,980723
CVE References: CVE-2014-3615,CVE-2014-3689,CVE-2014-9718,CVE-2015-3214,CVE-2015-5239,CVE-2015-5278,CVE-2015-5279,CVE-2015-5745,CVE-2015-6855,CVE-2015-7295,CVE-2015-7549,CVE-2015-8504,CVE-2015-8558,CVE-2015-8613,CVE-2015-8619,CVE-2015-8743,CVE-2016-1568,CVE-2016-1714,CVE-2016-1922,CVE-2016-1981,CVE-2016-2198,CVE-2016-2538,CVE-2016-2841,CVE-2016-2857,CVE-2016-2858,CVE-2016-3710,CVE-2016-3712,CVE-2016-4001,CVE-2016-4002,CVE-2016-4020,CVE-2016-4037,CVE-2016-4439,CVE-2016-4441
Sources used:
SUSE Linux Enterprise Server 11-SP3-LTSS (src):    kvm-1.4.2-46.1
Comment 5 Swamp Workflow Management 2016-07-11 14:41:10 UTC 
SUSE-SU-2016:1785-1: An update that solves 33 vulnerabilities and has three fixes is now available.

Category: security (important)
Bug References: 895528,901508,928393,934069,936132,940929,944463,945404,945987,945989,947159,958491,958917,959005,960334,960725,961332,961333,961358,961556,961691,962320,963782,964413,967969,969350,970036,970037,975128,975136,975700,976109,978158,978160,980711,980723
CVE References: CVE-2014-3615,CVE-2014-3689,CVE-2014-9718,CVE-2015-3214,CVE-2015-5239,CVE-2015-5278,CVE-2015-5279,CVE-2015-5745,CVE-2015-6855,CVE-2015-7295,CVE-2015-7549,CVE-2015-8504,CVE-2015-8558,CVE-2015-8613,CVE-2015-8619,CVE-2015-8743,CVE-2016-1568,CVE-2016-1714,CVE-2016-1922,CVE-2016-1981,CVE-2016-2198,CVE-2016-2538,CVE-2016-2841,CVE-2016-2857,CVE-2016-2858,CVE-2016-3710,CVE-2016-3712,CVE-2016-4001,CVE-2016-4002,CVE-2016-4020,CVE-2016-4037,CVE-2016-4439,CVE-2016-4441
Sources used:
SUSE Linux Enterprise Server 11-SP4 (src):    kvm-1.4.2-44.1
Comment 6 Johannes Segitz 2016-07-21 15:47:46 UTC 
fixed everywhere