Bug#742730: marked as done (image format processing issues: lack of input validation)

[Debian Bug Tracking System]

Your message dated Sat, 05 Apr 2014 16:20:02 +0000
with message-id <e1wwtk6-0007lg...@franck.debian.org>
and subject line Bug#742730: fixed in qemu 2.0.0~rc1+dfsg-1exp
has caused the Debian Bug report #742730,
regarding image format processing issues: lack of input validation
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
742730: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742730
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: qemu, qemu-kvm
Version: 1.1.2+dfsg-6
Severity: grave
Tags: security patch upstream

Several flaws were found in guest image format processing in qemu.

CVEs are as follows:
parallels: Sanity check for s->tracks (CVE-2014-0142)
parallels: Fix catalog size integer overflow (CVE-2014-0143)
qcow2: Check maximum L1 size in qcow2_snapshot_load_tmp() (CVE-2014-0143)
qcow2: Fix L1 allocation size in qcow2_snapshot_load_tmp() (CVE-2014-0145)
qcow2: Fix NULL dereference in qcow2_open() error path (CVE-2014-0146)
block: Limit request size (CVE-2014-0143)
dmg: prevent chunk buffer overflow (CVE-2014-0145)
dmg: sanitize chunk length and sectorcount (CVE-2014-0145)
qcow2: Fix new L1 table size check (CVE-2014-0143)
qcow2: Avoid integer overflow in get_refcount (CVE-2014-0143)
qcow2: Don't rely on free_cluster_index in alloc_refcount_block() 
(CVE-2014-0147)
qcow2: Validate active L1 table offset and size (CVE-2014-0144)
qcow2: Validate snapshot table offset/size (CVE-2014-0144)
qcow2: Check refcount table size (CVE-2014-0144)
qcow2: Check backing_file_offset (CVE-2014-0144)
qcow2: Check header_length (CVE-2014-0144)
curl: check data size before memcpy to local buffer.  (CVE-2014-0144)
vhdx: Bounds checking for block_size and logical_sector_size (CVE-2014-0148)
vdi: add bounds checks for blocks_in_image and disk_size header fields 
(CVE-2014-0144)
vpc: Validate block size (CVE-2014-0142)
vpc/vhd: add bounds check for max_table_entries and block_size (CVE-2014-0144)
bochs: Check extent_size header field (CVE-2014-0142)
bochs: Check catalog_size header field (CVE-2014-0143)
bochs: Use unsigned variables for offsets and sizes (CVE-2014-0147)
block/cloop: refuse images with bogus offsets (CVE-2014-0144)
block/cloop: refuse images with huge offsets arrays (CVE-2014-0144)
block/cloop: prevent offsets_size integer overflow (CVE-2014-0143)
block/cloop: validate block_size header field (CVE-2014-0144)

Upstream patches:
https://lists.gnu.org/archive/html/qemu-devel/2014-03/msg04994.html

Some of those issues affects wheezy and even squeeze versions of qemu
and qemu-kvm packages, and needs quite some backporting work.

Thanks,

/mjt

--- End Message ---

--- Begin Message ---

Source: qemu
Source-Version: 2.0.0~rc1+dfsg-1exp

We believe that the bug you reported is fixed in the latest version of
qemu, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 742...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Tokarev <m...@tls.msk.ru> (supplier of updated qemu package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sat, 05 Apr 2014 16:23:48 +0400
Source: qemu
Binary: qemu qemu-keymaps qemu-system qemu-system-common qemu-system-misc 
qemu-system-arm qemu-system-mips qemu-system-ppc qemu-system-sparc 
qemu-system-x86 qemu-user qemu-user-static qemu-utils qemu-guest-agent qemu-kvm
Architecture: source amd64 all
Version: 2.0.0~rc1+dfsg-1exp
Distribution: experimental
Urgency: low
Maintainer: Debian QEMU Team <pkg-qemu-de...@lists.alioth.debian.org>
Changed-By: Michael Tokarev <m...@tls.msk.ru>
Description: 
 qemu       - fast processor emulator
 qemu-guest-agent - Guest-side qemu-system agent
 qemu-keymaps - QEMU keyboard maps
 qemu-kvm   - QEMU Full virtualization on x86 hardware (transitional package)
 qemu-system - QEMU full system emulation binaries
 qemu-system-arm - QEMU full system emulation binaries (arm)
 qemu-system-common - QEMU full system emulation binaries (common files)
 qemu-system-mips - QEMU full system emulation binaries (mips)
 qemu-system-misc - QEMU full system emulation binaries (miscelaneous)
 qemu-system-ppc - QEMU full system emulation binaries (ppc)
 qemu-system-sparc - QEMU full system emulation binaries (sparc)
 qemu-system-x86 - QEMU full system emulation binaries (x86)
 qemu-user  - QEMU user mode emulation binaries
 qemu-user-static - QEMU user mode emulation binaries (static version)
 qemu-utils - QEMU utilities
Closes: 714249 739589 742730 743235
Changes: 
 qemu (2.0.0~rc1+dfsg-1exp) experimental; urgency=low
 .
   * new upstream release candidate (2.0-rc1)
     Closes: #742730 -- image format processing issues
     Closes: #739589 -- migration format processing issues
     Closes: #743235
   * refreshed patches:
     02_kfreebsd.patch
     retry-pxe-after-efi.patch
     use-fixed-data-path.patch
   * removed patches applied upstream:
     qemu-1.7.1.diff
     address_space_translate-do-not-cross-page-boundaries.diff
     fix-smb-security-share.patch
     slirp-smb-redirect-port-445-too.patch
     implement-posix-timers.diff
     linux-user-fixed-s390x-clone-argument-order.patch
   * added bios-256k.bin symlink and bump seabios dependency to >= 1.7.4-2
   * recommend ovmf package for qemu-system-x86 to support UEFI boot
     (Closes: #714249)
   * switch from sdl1 to sdl2 (build-depend on libsdl2-dev)
   * output last 50 lines of config.log in case configure failed
Checksums-Sha1: 
 a4c5f268746fbf04286ac827a6710453fdd25ba5 3161 qemu_2.0.0~rc1+dfsg-1exp.dsc
 9a3f4a3a3793a07e599030662aad806e31fb8772 5017888 
qemu_2.0.0~rc1+dfsg.orig.tar.xz
 dd4f20d050add89f84e94edbc0ad51982aedaac4 52496 
qemu_2.0.0~rc1+dfsg-1exp.debian.tar.xz
 21bd5e082967ea428d93107970d8976e43aded50 206824 
qemu_2.0.0~rc1+dfsg-1exp_amd64.deb
 feec15d31cda059e68b558b583d5802a7b14668a 57038 
qemu-keymaps_2.0.0~rc1+dfsg-1exp_all.deb
 aaf79c69a0bf0deeca8c2e369383f2c9b86ef28a 45412 
qemu-system_2.0.0~rc1+dfsg-1exp_amd64.deb
 cc30c0a4c079fccb4b26099464e3daa23f742996 190568 
qemu-system-common_2.0.0~rc1+dfsg-1exp_amd64.deb
 8d7f7517e76ea8cb9e35dcd3fbc05c754aa84e2b 5358306 
qemu-system-misc_2.0.0~rc1+dfsg-1exp_amd64.deb
 33122c9920df2bc0ee3fb14527863835955cc441 2231980 
qemu-system-arm_2.0.0~rc1+dfsg-1exp_amd64.deb
 a02be625f4ce7c2d90d0e34cec018d363ee1fdd0 2764778 
qemu-system-mips_2.0.0~rc1+dfsg-1exp_amd64.deb
 32ab4f232dd6645d95159ab48d1fc63f1ac7f7ec 2792682 
qemu-system-ppc_2.0.0~rc1+dfsg-1exp_amd64.deb
 c13bbb5cde84d916fa42c10bc07a4072ff36de82 1645154 
qemu-system-sparc_2.0.0~rc1+dfsg-1exp_amd64.deb
 be9f91cdcebd33622a37ff61d2ad892dc88af584 1986470 
qemu-system-x86_2.0.0~rc1+dfsg-1exp_amd64.deb
 f8b71ba537034897ae4d14ee91b7a0d486284402 5390042 
qemu-user_2.0.0~rc1+dfsg-1exp_amd64.deb
 c766d516d99b47784fbfecb24f79d71b77192a0e 7996052 
qemu-user-static_2.0.0~rc1+dfsg-1exp_amd64.deb
 bfd8b98b78769dfc9c3615d9f822fa812698b713 460432 
qemu-utils_2.0.0~rc1+dfsg-1exp_amd64.deb
 dc1821a396b28fe6452e626127987332b460ee25 131386 
qemu-guest-agent_2.0.0~rc1+dfsg-1exp_amd64.deb
 a61c28baf60a353afa11d8f094233615b243ce30 46400 
qemu-kvm_2.0.0~rc1+dfsg-1exp_amd64.deb
Checksums-Sha256: 
 705e9aef4fe868c68655626243591ec9287bc6c01c41a43c8ce53b6288dddac2 3161 
qemu_2.0.0~rc1+dfsg-1exp.dsc
 075a04ac8e5e59e7017fb1b3c64ccf161b42d5f4c868f72a60cdf86de7962ed2 5017888 
qemu_2.0.0~rc1+dfsg.orig.tar.xz
 3da3626dfae07da5d43cd98f63d0d1cbb5d3fc3b6618cada8ba85d583acc3a8e 52496 
qemu_2.0.0~rc1+dfsg-1exp.debian.tar.xz
 d1d4a7e02e2f39bccf89bcdfd7842b1446a0c3e1513b933dc731c83b122d0b84 206824 
qemu_2.0.0~rc1+dfsg-1exp_amd64.deb
 62bdf1d3650200dc56ae206d12f622dee0e3bafff66591767901f8217f3c3be3 57038 
qemu-keymaps_2.0.0~rc1+dfsg-1exp_all.deb
 cdd97beb74a6561aea359f121b4ff779cc8881eced91cea5119afcef3258508d 45412 
qemu-system_2.0.0~rc1+dfsg-1exp_amd64.deb
 87ba0e43b69eb715695eb3ef753cb7fc23c2cad71ff3b56c6a7f69c9889f124f 190568 
qemu-system-common_2.0.0~rc1+dfsg-1exp_amd64.deb
 b1a7438144eed83c70c5989479874dd3ba2d1d9dab06e4e41160be92f2d6defb 5358306 
qemu-system-misc_2.0.0~rc1+dfsg-1exp_amd64.deb
 19df76cac4548e1d2cdb4bb22737dcd5fc15f0f9049f02dc89483384fd15cab8 2231980 
qemu-system-arm_2.0.0~rc1+dfsg-1exp_amd64.deb
 5ef25bee236c80862fc6592981de32307f083dd51d158be293d46e31036000ea 2764778 
qemu-system-mips_2.0.0~rc1+dfsg-1exp_amd64.deb
 750430fcfc508f3f5d6f9b963dfb71ae1cde7fbeca23ecdad34e1fa203edaae3 2792682 
qemu-system-ppc_2.0.0~rc1+dfsg-1exp_amd64.deb
 ac7ca2981d35c9e988558071bf412d00f4805e51254cb5add4c9993c8ce4d58e 1645154 
qemu-system-sparc_2.0.0~rc1+dfsg-1exp_amd64.deb
 29ba8e5956f8ddf8ee983edd16a0e88cfb34a11c7a05855e3088654a988265d3 1986470 
qemu-system-x86_2.0.0~rc1+dfsg-1exp_amd64.deb
 9d2552bdc2d1953a78383ac73e66babedd960ca8128f38eff1ec0195b6cfe066 5390042 
qemu-user_2.0.0~rc1+dfsg-1exp_amd64.deb
 ab0df57d09c28880afb2ce546925e6579d6ab3fb733b9ee45e469a9a62711bbd 7996052 
qemu-user-static_2.0.0~rc1+dfsg-1exp_amd64.deb
 ce24224c83fb50b7b95edf3f05bad721e38088ad8095a2398eaa7d7b686fb878 460432 
qemu-utils_2.0.0~rc1+dfsg-1exp_amd64.deb
 b63240c1738c25295cbef9519ce8e7aeaea793cbfc3b73c595bdaf96b3e4ff4b 131386 
qemu-guest-agent_2.0.0~rc1+dfsg-1exp_amd64.deb
 b3fa776d5f89cf07206f1a3cc31d59dcc0f9d0d67eee1d2fbd4a70380ece2942 46400 
qemu-kvm_2.0.0~rc1+dfsg-1exp_amd64.deb
Files: 
 82b03d028024fa112aecba10d4d8e4af 3161 otherosfs optional 
qemu_2.0.0~rc1+dfsg-1exp.dsc
 db336863e3c0e14c2aa46e697ff881a8 5017888 otherosfs optional 
qemu_2.0.0~rc1+dfsg.orig.tar.xz
 156b398e68c43050d1a02f516ae8c394 52496 otherosfs optional 
qemu_2.0.0~rc1+dfsg-1exp.debian.tar.xz
 a343c02e703bf1a79db7fc6bb94e7cf4 206824 otherosfs optional 
qemu_2.0.0~rc1+dfsg-1exp_amd64.deb
 1e11ba4f68159b9ceafaeb298c3b7839 57038 otherosfs optional 
qemu-keymaps_2.0.0~rc1+dfsg-1exp_all.deb
 1fe3e9f407a721604853fb52b4559759 45412 otherosfs optional 
qemu-system_2.0.0~rc1+dfsg-1exp_amd64.deb
 4226c1720694e7c45978799758e8f7d9 190568 otherosfs optional 
qemu-system-common_2.0.0~rc1+dfsg-1exp_amd64.deb
 0282ba93e41c5a10c2cc3399611b6d6b 5358306 otherosfs optional 
qemu-system-misc_2.0.0~rc1+dfsg-1exp_amd64.deb
 2bcc2f254374d35abf9b3bd991477b44 2231980 otherosfs optional 
qemu-system-arm_2.0.0~rc1+dfsg-1exp_amd64.deb
 b341783c0bc982a2f859dafd235c5125 2764778 otherosfs optional 
qemu-system-mips_2.0.0~rc1+dfsg-1exp_amd64.deb
 974c420d9b578a8cc896d1d10b370be9 2792682 otherosfs optional 
qemu-system-ppc_2.0.0~rc1+dfsg-1exp_amd64.deb
 5035399e67103eecc39d7a47f4684cc2 1645154 otherosfs optional 
qemu-system-sparc_2.0.0~rc1+dfsg-1exp_amd64.deb
 3f10749fe472450b09538ef847655da1 1986470 otherosfs optional 
qemu-system-x86_2.0.0~rc1+dfsg-1exp_amd64.deb
 1b445d86a286db9e49d563576f656e87 5390042 otherosfs optional 
qemu-user_2.0.0~rc1+dfsg-1exp_amd64.deb
 c2156101bec56dffb495c1f266231806 7996052 otherosfs optional 
qemu-user-static_2.0.0~rc1+dfsg-1exp_amd64.deb
 6d361c9f0eb087be580a74b0022ee4a6 460432 otherosfs optional 
qemu-utils_2.0.0~rc1+dfsg-1exp_amd64.deb
 2c3c9dea19daf07f18b5ce2395ea577a 131386 otherosfs optional 
qemu-guest-agent_2.0.0~rc1+dfsg-1exp_amd64.deb
 6aede97e6bbe192ca4e3ad4f42cce52a 46400 otherosfs optional 
qemu-kvm_2.0.0~rc1+dfsg-1exp_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iJwEAQECAAYFAlNAKZMACgkQUlPFrXTwyDha1gQAic2dpwZBrigCn4P1vBuGJDfL
rVPjbZ2aj5fY813ZD8XBSnBWBIyM4w5rltm/K1vsWj6/0eLb7lrjbAkFLHgZ+AdA
pykcz11Z5U4Qa1fVr0IC80OxWgMPAhwTyt9goBt/9ygl6O99LSlO57XpVBmkWFvT
3u+i8bvpV9R6JcUMf+U=
=ZS3q
-----END PGP SIGNATURE-----

--- End Message ---