Bug 944463 - (CVE-2015-5239) VUL-1: CVE-2015-5239: qemu,kvm,xen: Integer overflow in vnc_client_read() and protocol_client_msg()
(CVE-2015-5239)
VUL-1: CVE-2015-5239: qemu,kvm,xen: Integer overflow in vnc_client_read() and...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Minor
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/156236/
CVSSv2:RedHat:CVE-2015-5239:4.0:(AV:N...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2015-09-04 08:53 UTC by Victor Pereira
Modified: 2021-01-22 08:57 UTC (History)
5 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Victor Pereira 2015-09-04 08:53:44 UTC
rh#1257735

Qemu emulator built with the VNC display driver is vulnerable to an infinite loop issue. It could occur while processing a CLIENT_CUT_TEXT message with specially crafted payload message.

A privileged guest user could use this flaw to crash the Qemu process instance on the host, resulting in DoS.

Upstream fix:
-------------
  -> git.qemu.org/?p=qemu.git;a=commit;h=f9a70e79391f6d7c2a912d785239ee8effc1922d


References:
https://bugzilla.redhat.com/show_bug.cgi?id=1257735
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5239
http://seclists.org/oss-sec/2015/q3/478
http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-5239.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5239
http://git.qemu.org/?p=qemu.git;a=commit;h=f9a70e79391f6d7c2a912d785239ee8effc1922d
Comment 1 Swamp Workflow Management 2015-09-04 22:00:51 UTC
bugbot adjusting priority
Comment 2 Andreas Stieger 2015-10-07 10:02:40 UTC
qemu,xen look affected.

KVM too:
> [   93s] VNC support       yes
> [   93s] VNC TLS support   yes
> [   93s] VNC SASL support  no
> [   93s] VNC JPEG support  no
> [   93s] VNC PNG support   no
> [   93s] VNC WS support    yes
> 
> --disable-vnc-sasl \
> --disable-vnc-jpeg \
> --disable-vnc-png \
Comment 3 Swamp Workflow Management 2015-10-30 16:15:50 UTC
SUSE-SU-2015:1853-1: An update that solves 8 vulnerabilities and has 6 fixes is now available.

Category: security (important)
Bug References: 877642,907514,910258,918984,923967,932267,941074,944463,944697,947165,950367,950703,950705,950706
CVE References: CVE-2014-0222,CVE-2015-4037,CVE-2015-5239,CVE-2015-6815,CVE-2015-7311,CVE-2015-7835,CVE-2015-7969,CVE-2015-7971
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP3 (src):    xen-4.2.5_14-18.2
SUSE Linux Enterprise Server 11-SP3 (src):    xen-4.2.5_14-18.2
SUSE Linux Enterprise Desktop 11-SP3 (src):    xen-4.2.5_14-18.2
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    xen-4.2.5_14-18.2
Comment 4 Swamp Workflow Management 2015-11-03 10:35:11 UTC
SUSE-SU-2015:1894-1: An update that solves 8 vulnerabilities and has 9 fixes is now available.

Category: security (important)
Bug References: 877642,901488,907514,910258,918984,923967,932267,944463,944697,945167,947165,949138,949549,950367,950703,950705,950706
CVE References: CVE-2014-0222,CVE-2015-4037,CVE-2015-5239,CVE-2015-6815,CVE-2015-7311,CVE-2015-7835,CVE-2015-7969,CVE-2015-7971
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    xen-4.4.3_02-26.2
SUSE Linux Enterprise Server 11-SP4 (src):    xen-4.4.3_02-26.2
SUSE Linux Enterprise Desktop 11-SP4 (src):    xen-4.4.3_02-26.2
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    xen-4.4.3_02-26.2
Comment 5 Swamp Workflow Management 2015-11-04 16:15:04 UTC
SUSE-SU-2015:1908-1: An update that solves 8 vulnerabilities and has 8 fixes is now available.

Category: security (important)
Bug References: 877642,901488,907514,910258,918984,923967,932267,944463,944697,945167,947165,949138,950367,950703,950705,950706
CVE References: CVE-2014-0222,CVE-2015-4037,CVE-2015-5239,CVE-2015-6815,CVE-2015-7311,CVE-2015-7835,CVE-2015-7969,CVE-2015-7971
Sources used:
SUSE Linux Enterprise Software Development Kit 12 (src):    xen-4.4.3_02-22.12.1
SUSE Linux Enterprise Server 12 (src):    xen-4.4.3_02-22.12.1
SUSE Linux Enterprise Desktop 12 (src):    xen-4.4.3_02-22.12.1
Comment 6 Swamp Workflow Management 2015-11-10 17:10:45 UTC
SUSE-SU-2015:1952-1: An update that solves 7 vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 877642,932267,944463,944697,950367,950703,950705,950706
CVE References: CVE-2014-0222,CVE-2015-4037,CVE-2015-5239,CVE-2015-6815,CVE-2015-7835,CVE-2015-7969,CVE-2015-7971
Sources used:
SUSE Linux Enterprise Server 11-SP2-LTSS (src):    xen-4.1.6_08-20.1
SUSE Linux Enterprise Debuginfo 11-SP2 (src):    xen-4.1.6_08-20.1
Comment 7 Swamp Workflow Management 2015-11-11 14:07:46 UTC
An update workflow for this issue was started.
This issue was rated as moderate.
Please submit fixed packages until 2015-11-25.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/62332
Comment 8 Swamp Workflow Management 2015-11-12 11:11:34 UTC
openSUSE-SU-2015:1964-1: An update that solves 12 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 877642,932267,938344,939709,939712,941074,944463,944697,947165,950367,950703,950705,950706,951845
CVE References: CVE-2014-0222,CVE-2015-4037,CVE-2015-5154,CVE-2015-5165,CVE-2015-5166,CVE-2015-5239,CVE-2015-6815,CVE-2015-7311,CVE-2015-7835,CVE-2015-7969,CVE-2015-7971,CVE-2015-7972
Sources used:
openSUSE 13.1 (src):    xen-4.3.4_06-50.1
Comment 9 Swamp Workflow Management 2015-11-17 10:14:10 UTC
openSUSE-SU-2015:2003-1: An update that solves 13 vulnerabilities and has 9 fixes is now available.

Category: security (important)
Bug References: 877642,901488,907514,910258,918984,923967,925466,932267,935634,938344,939709,939712,944463,944697,945167,947165,949138,950367,950703,950705,950706,951845
CVE References: CVE-2014-0222,CVE-2015-3259,CVE-2015-4037,CVE-2015-5154,CVE-2015-5165,CVE-2015-5166,CVE-2015-5239,CVE-2015-6815,CVE-2015-7311,CVE-2015-7835,CVE-2015-7969,CVE-2015-7971,CVE-2015-7972
Sources used:
openSUSE 13.2 (src):    xen-4.4.3_02-30.1
Comment 10 Marcus Meissner 2015-12-19 16:43:03 UTC
-> kvm-bugs, seems unfixed for kvm
Comment 11 Swamp Workflow Management 2016-01-19 11:48:48 UTC
An update workflow for this issue was started.
This issue was rated as important.
Please submit fixed packages until 2016-01-26.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/62448
Comment 12 Chunyan Liu 2016-01-28 08:12:46 UTC
SLE11-SP3 SLE11-SP4, SLE12 are affected, and submit request to Devel:Virt.
SLE12-SP1 are not affected.
Comment 13 Swamp Workflow Management 2016-03-04 21:14:39 UTC
SUSE-SU-2016:0658-1: An update that fixes 13 vulnerabilities is now available.

Category: security (important)
Bug References: 877642,932267,944463,950706,953527,954405,956408,956411,957988,958009,958493,958523,962360
CVE References: CVE-2014-0222,CVE-2015-4037,CVE-2015-5239,CVE-2015-5307,CVE-2015-7504,CVE-2015-7512,CVE-2015-7971,CVE-2015-8104,CVE-2015-8339,CVE-2015-8340,CVE-2015-8504,CVE-2015-8550,CVE-2015-8555
Sources used:
SUSE Linux Enterprise Server 10 SP4 LTSS (src):    xen-3.2.3_17040_46-0.23.2
Comment 14 Swamp Workflow Management 2016-04-08 17:10:37 UTC
openSUSE-SU-2016:0995-1: An update that fixes 33 vulnerabilities is now available.

Category: security (important)
Bug References: 944463,944697,945989,956829,960334,960707,960725,960835,960861,960862,961332,961358,961691,962335,962360,962611,962627,962632,962642,962758,963782,964413,964431,964452,964644,964925,964929,964950,965156,965315,965317,967012,967969
CVE References: CVE-2013-4529,CVE-2013-4530,CVE-2013-4533,CVE-2013-4534,CVE-2013-4537,CVE-2013-4538,CVE-2013-4539,CVE-2014-0222,CVE-2014-3689,CVE-2014-7815,CVE-2014-9718,CVE-2015-1779,CVE-2015-5239,CVE-2015-5278,CVE-2015-6815,CVE-2015-6855,CVE-2015-7512,CVE-2015-8345,CVE-2015-8613,CVE-2015-8619,CVE-2015-8743,CVE-2015-8744,CVE-2015-8745,CVE-2016-1568,CVE-2016-1570,CVE-2016-1571,CVE-2016-1714,CVE-2016-1981,CVE-2016-2198,CVE-2016-2270,CVE-2016-2271,CVE-2016-2392,CVE-2016-2538
Sources used:
openSUSE 13.2 (src):    xen-4.4.4_02-43.1
Comment 15 Swamp Workflow Management 2016-06-13 11:09:56 UTC
SUSE-SU-2016:1560-1: An update that solves 37 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 886378,895528,901508,928393,934069,940929,944463,947159,958491,958917,959005,959386,960334,960708,960725,960835,961332,961333,961358,961556,961691,962320,963782,964413,967969,969121,969122,969350,970036,970037,975128,975136,975700,976109,978158,978160,980711,980723,981266
CVE References: CVE-2014-3615,CVE-2014-3689,CVE-2014-9718,CVE-2015-3214,CVE-2015-5239,CVE-2015-5745,CVE-2015-7295,CVE-2015-7549,CVE-2015-8504,CVE-2015-8558,CVE-2015-8567,CVE-2015-8568,CVE-2015-8613,CVE-2015-8619,CVE-2015-8743,CVE-2015-8744,CVE-2015-8745,CVE-2015-8817,CVE-2015-8818,CVE-2016-1568,CVE-2016-1714,CVE-2016-1922,CVE-2016-1981,CVE-2016-2198,CVE-2016-2538,CVE-2016-2841,CVE-2016-2857,CVE-2016-2858,CVE-2016-3710,CVE-2016-3712,CVE-2016-4001,CVE-2016-4002,CVE-2016-4020,CVE-2016-4037,CVE-2016-4439,CVE-2016-4441,CVE-2016-4952
Sources used:
SUSE Linux Enterprise Server 12 (src):    qemu-2.0.2-48.19.1
SUSE Linux Enterprise Desktop 12 (src):    qemu-2.0.2-48.19.1
Comment 16 Swamp Workflow Management 2016-06-28 18:08:57 UTC
SUSE-SU-2016:1698-1: An update that solves 33 vulnerabilities and has three fixes is now available.

Category: security (important)
Bug References: 895528,901508,928393,934069,936132,940929,944463,945404,945987,945989,947159,958491,958917,959005,960334,960725,961332,961333,961358,961556,961691,962320,963782,964413,967969,969350,970036,970037,975128,975136,975700,976109,978158,978160,980711,980723
CVE References: CVE-2014-3615,CVE-2014-3689,CVE-2014-9718,CVE-2015-3214,CVE-2015-5239,CVE-2015-5278,CVE-2015-5279,CVE-2015-5745,CVE-2015-6855,CVE-2015-7295,CVE-2015-7549,CVE-2015-8504,CVE-2015-8558,CVE-2015-8613,CVE-2015-8619,CVE-2015-8743,CVE-2016-1568,CVE-2016-1714,CVE-2016-1922,CVE-2016-1981,CVE-2016-2198,CVE-2016-2538,CVE-2016-2841,CVE-2016-2857,CVE-2016-2858,CVE-2016-3710,CVE-2016-3712,CVE-2016-4001,CVE-2016-4002,CVE-2016-4020,CVE-2016-4037,CVE-2016-4439,CVE-2016-4441
Sources used:
SUSE Linux Enterprise Server 11-SP3-LTSS (src):    kvm-1.4.2-46.1
Comment 17 Swamp Workflow Management 2016-07-11 14:40:45 UTC
SUSE-SU-2016:1785-1: An update that solves 33 vulnerabilities and has three fixes is now available.

Category: security (important)
Bug References: 895528,901508,928393,934069,936132,940929,944463,945404,945987,945989,947159,958491,958917,959005,960334,960725,961332,961333,961358,961556,961691,962320,963782,964413,967969,969350,970036,970037,975128,975136,975700,976109,978158,978160,980711,980723
CVE References: CVE-2014-3615,CVE-2014-3689,CVE-2014-9718,CVE-2015-3214,CVE-2015-5239,CVE-2015-5278,CVE-2015-5279,CVE-2015-5745,CVE-2015-6855,CVE-2015-7295,CVE-2015-7549,CVE-2015-8504,CVE-2015-8558,CVE-2015-8613,CVE-2015-8619,CVE-2015-8743,CVE-2016-1568,CVE-2016-1714,CVE-2016-1922,CVE-2016-1981,CVE-2016-2198,CVE-2016-2538,CVE-2016-2841,CVE-2016-2857,CVE-2016-2858,CVE-2016-3710,CVE-2016-3712,CVE-2016-4001,CVE-2016-4002,CVE-2016-4020,CVE-2016-4037,CVE-2016-4439,CVE-2016-4441
Sources used:
SUSE Linux Enterprise Server 11-SP4 (src):    kvm-1.4.2-44.1
Comment 19 Johannes Segitz 2016-07-25 11:15:44 UTC
fixed everywhere