[Bug 1322204] [NEW] image format input validation fixes tracking bug
Marc Deslauriers
marc.deslauriers at canonical.com
Thu May 22 14:25:00 UTC 2014
*** This bug is a security vulnerability ***
Public security bug reported:
This bug tracks the QEMU image format input validation fixes:
parallels: Sanity check for s->tracks (CVE-2014-0142)
parallels: Fix catalog size integer overflow (CVE-2014-0143)
qcow2: Check maximum L1 size in qcow2_snapshot_load_tmp() (CVE-2014-0143)
qcow2: Fix L1 allocation size in qcow2_snapshot_load_tmp() (CVE-2014-0145)
qcow2: Fix NULL dereference in qcow2_open() error path (CVE-2014-0146)
block: Limit request size (CVE-2014-0143)
dmg: prevent chunk buffer overflow (CVE-2014-0145)
dmg: sanitize chunk length and sectorcount (CVE-2014-0145)
qcow2: Fix new L1 table size check (CVE-2014-0143)
qcow2: Avoid integer overflow in get_refcount (CVE-2014-0143)
qcow2: Don't rely on free_cluster_index in alloc_refcount_block() (CVE-2014-0147)
qcow2: Validate active L1 table offset and size (CVE-2014-0144)
qcow2: Validate snapshot table offset/size (CVE-2014-0144)
qcow2: Check refcount table size (CVE-2014-0144)
qcow2: Check backing_file_offset (CVE-2014-0144)
qcow2: Check header_length (CVE-2014-0144)
curl: check data size before memcpy to local buffer. (CVE-2014-0144)
vhdx: Bounds checking for block_size and logical_sector_size (CVE-2014-0148)
vdi: add bounds checks for blocks_in_image and disk_size header fields (CVE-2014-0144)
vpc: Validate block size (CVE-2014-0142)
vpc/vhd: add bounds check for max_table_entries and block_size (CVE-2014-0144)
bochs: Check extent_size header field (CVE-2014-0142)
bochs: Check catalog_size header field (CVE-2014-0143)
bochs: Use unsigned variables for offsets and sizes (CVE-2014-0147)
block/cloop: refuse images with bogus offsets (CVE-2014-0144)
block/cloop: refuse images with huge offsets arrays (CVE-2014-0144)
block/cloop: prevent offsets_size integer overflow (CVE-2014-0143)
block/cloop: validate block_size header field (CVE-2014-0144)
See:
http://www.openwall.com/lists/oss-security/2014/03/26/8
** Affects: qemu (Ubuntu)
Importance: Undecided
Status: Fix Released
** Affects: qemu-kvm (Ubuntu)
Importance: Undecided
Status: Invalid
** Affects: qemu (Ubuntu Lucid)
Importance: Undecided
Status: Invalid
** Affects: qemu-kvm (Ubuntu Lucid)
Importance: Undecided
Assignee: Marc Deslauriers (mdeslaur)
Status: In Progress
** Affects: qemu (Ubuntu Precise)
Importance: Undecided
Status: Invalid
** Affects: qemu-kvm (Ubuntu Precise)
Importance: Undecided
Assignee: Marc Deslauriers (mdeslaur)
Status: In Progress
** Affects: qemu (Ubuntu Saucy)
Importance: Undecided
Assignee: Marc Deslauriers (mdeslaur)
Status: In Progress
** Affects: qemu-kvm (Ubuntu Saucy)
Importance: Undecided
Status: Invalid
** Affects: qemu (Ubuntu Trusty)
Importance: Undecided
Status: Fix Released
** Affects: qemu-kvm (Ubuntu Trusty)
Importance: Undecided
Status: Invalid
** Affects: qemu (Ubuntu Utopic)
Importance: Undecided
Status: Fix Released
** Affects: qemu-kvm (Ubuntu Utopic)
Importance: Undecided
Status: Invalid
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-0142
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-0143
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-0144
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-0145
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-0146
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-0147
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-0148
** Also affects: qemu (Ubuntu Utopic)
Importance: Undecided
Status: New
** Also affects: qemu (Ubuntu Saucy)
Importance: Undecided
Status: New
** Also affects: qemu (Ubuntu Trusty)
Importance: Undecided
Status: New
** Also affects: qemu (Ubuntu Lucid)
Importance: Undecided
Status: New
** Also affects: qemu (Ubuntu Precise)
Importance: Undecided
Status: New
** Changed in: qemu (Ubuntu Utopic)
Status: New => Fix Released
** Changed in: qemu (Ubuntu Trusty)
Status: New => Fix Released
** Changed in: qemu (Ubuntu Lucid)
Status: New => In Progress
** Changed in: qemu (Ubuntu Precise)
Status: New => In Progress
** Changed in: qemu (Ubuntu Saucy)
Status: New => In Progress
** Changed in: qemu (Ubuntu Saucy)
Assignee: (unassigned) => Marc Deslauriers (mdeslaur)
** Also affects: qemu-kvm (Ubuntu)
Importance: Undecided
Status: New
** Changed in: qemu (Ubuntu Lucid)
Status: In Progress => Invalid
** Changed in: qemu (Ubuntu Precise)
Status: In Progress => Invalid
** Changed in: qemu-kvm (Ubuntu Lucid)
Status: New => In Progress
** Changed in: qemu-kvm (Ubuntu Lucid)
Assignee: (unassigned) => Marc Deslauriers (mdeslaur)
** Changed in: qemu-kvm (Ubuntu Precise)
Status: New => In Progress
** Changed in: qemu-kvm (Ubuntu Precise)
Assignee: (unassigned) => Marc Deslauriers (mdeslaur)
** Changed in: qemu-kvm (Ubuntu Saucy)
Status: New => Invalid
** Changed in: qemu-kvm (Ubuntu Trusty)
Status: New => Invalid
** Changed in: qemu-kvm (Ubuntu Utopic)
Status: New => Invalid
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to qemu in Ubuntu.
https://bugs.launchpad.net/bugs/1322204
Title:
image format input validation fixes tracking bug
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1322204/+subscriptions
More information about the Ubuntu-server-bugs
mailing list