[Bug 1322204] Re: image format input validation fixes tracking bug

Mon Sep 8 17:22:10 UTC 2014

This bug was fixed in the package qemu-kvm - 1.0+noroms-0ubuntu14.17

---------------
qemu-kvm (1.0+noroms-0ubuntu14.17) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service and possible code exection via
    incorrect image format validation (LP: #1322204)
    - debian/patches/CVE-2014-0142.patch: validate extent_size header field
      in block/bochs.c, validate s->tracks in block/parallels.c, validate
      block size in block/vpc.c, backport function to qemu-common.h.
    - CVE-2014-0142
  * SECURITY UPDATE: denial of service and possible code exection via
    incorrect image format validation (LP: #1322204)
    - debian/patches/CVE-2014-0143.patch: validate nb_sectors in
      block.c, validate catalog_size header field in block/bochs.c,
      prevent offsets_size integer overflow in block/cloop.c, fix catalog
      size integer overflow in block/parallels.c, validate new_l1_size in
      block/qcow2-cluster.c, use proper size in block/qcow2-refcount.c,
      check L1 snapshot table size in block/qcow2-snapshot.c, check active
      L1 table size in block/qcow2.c, define max size in block/qcow2.h.
    - CVE-2014-0143
  * SECURITY UPDATE: denial of service and possible code exection via
    incorrect image format validation (LP: #1322204)
    - debian/patches/CVE-2014-0144.patch: validate block sizes and offsets
      in block/cloop.c, check offset in block/curl.c, validate size in
      block/qcow2-refcount.c, check number of snapshots in
      block/qcow2-snapshot.c, check sizes and offsets in block/qcow2.c,
      move structs to block/qcow2.h, check sizes in block/vdi.c,
      prevent overflows in block/vpc.c.
    - CVE-2014-0144
  * SECURITY UPDATE: denial of service and possible code exection via
    incorrect image format validation (LP: #1322204)
    - debian/patches/CVE-2014-0145.patch: check chunk sizes in block/dmg.c,
      use correct size in block/qcow2-snapshot.c.
    - CVE-2014-0145
  * SECURITY UPDATE: denial of service and possible code exection via
    incorrect image format validation (LP: #1322204)
    - debian/patches/CVE-2014-0146.patch: calculate offsets properly in
      block/qcow2.c.
    - CVE-2014-0146
  * SECURITY UPDATE: denial of service and possible code exection via
    incorrect image format validation (LP: #1322204)
    - debian/patches/CVE-2014-0147.patch: use proper sizes in block/bochs.c,
      properly calculate refcounts in block/qcow2-refcount.c, block/qcow2.c.
    - CVE-2014-0147
  * SECURITY UPDATE: multiple buffer overflows on invalid state load
    - debian/patches: added large number of upstream patches pulled from
      git tree.
    - CVE-2013-4148
    - CVE-2013-4151
    - CVE-2013-4527
    - CVE-2013-4529
    - CVE-2013-4530
    - CVE-2013-4531
    - CVE-2013-4532
    - CVE-2013-4533
    - CVE-2013-4534
    - CVE-2013-4535
    - CVE-2013-4536
    - CVE-2013-4537
    - CVE-2013-4538
    - CVE-2013-4539
    - CVE-2013-4540
    - CVE-2013-4541
    - CVE-2013-6399
    - CVE-2014-0182
    - CVE-2014-0222
    - CVE-2014-0223
    - CVE-2014-3461
 -- Marc Deslauriers <marc.deslauriers at ubuntu.com>   Tue, 12 Aug 2014 13:30:27 -0400

** Changed in: qemu-kvm (Ubuntu Precise)
       Status: In Progress => Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-4527

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-4529

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-4532

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-4535

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-4536

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-4541

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-3461

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to qemu in Ubuntu.
https://bugs.launchpad.net/bugs/1322204

Title:
  image format input validation fixes tracking bug

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1322204/+subscriptions