Your message dated Mon, 06 Oct 2014 05:17:10 +0000
with message-id <[email protected]>
and subject line Bug#762532: fixed in qemu 1.1.2+dfsg-6a+deb7u4
has caused the Debian Bug report #762532,
regarding CVE-2014-3640: qemu: slirp: NULL pointer deref in sosendto()
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
762532: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762532
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Package: qemu
Version: 2.1+dfsg-4
Severity: important
Tags: security, fixed-upstream
Hi,
When guest sends udp packet with source port and source addr 0,
uninitialized socket is picked up when looking for matching and already
created udp sockets, and later passed to sosendto() where NULL pointer
dereference is hit during so->slirp->vnetwork_mask.s_addr access.
Fix this by checking that the socket is not just a socket stub.
Please see this discussion for more information:
http://lists.nongnu.org/archive/html/qemu-devel/2014-09/msg03543.html
- ---
Henri Salo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAlQhGTkACgkQXf6hBi6kbk/46gCfbwwiaD3Zdfbo5z57NihRYfvJ
J34An0KG/kIRMQlB9CYUgcwM9net67oc
=7klY
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
Source: qemu
Source-Version: 1.1.2+dfsg-6a+deb7u4
We believe that the bug you reported is fixed in the latest version of
qemu, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Tokarev <[email protected]> (supplier of updated qemu package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Tue, 20 May 2014 09:49:42 +0400
Source: qemu
Binary: qemu qemu-keymaps qemu-system qemu-user qemu-user-static qemu-utils
Architecture: source all amd64
Version: 1.1.2+dfsg-6a+deb7u4
Distribution: wheezy-security
Urgency: medium
Maintainer: Debian QEMU Team <[email protected]>
Changed-By: Michael Tokarev <[email protected]>
Description:
qemu - fast processor emulator
qemu-keymaps - QEMU keyboard maps
qemu-system - QEMU full system emulation binaries
qemu-user - QEMU user mode emulation binaries
qemu-user-static - QEMU user mode emulation binaries (static version)
qemu-utils - QEMU utilities
Closes: 742730 762532
Changes:
qemu (1.1.2+dfsg-6a+deb7u4) wheezy-security; urgency=medium
.
* image-format-validation patch series backported from 2.0, closing
CVE-2014-0142, CVE-2014-0143, CVE-2014-0144, CVE-2014-0145,
CVE-2014-0146, CVE-2014-0147, CVE-2014-0222, CVE-2014-0223
(Closes: #742730)
* slirp-udp-fix-NULL-pointer-deref-uninit-socket-CVE-2014-3640.patch
closing CVE-2014-3640 (Closes: #762532)
* spice-make-sure-we-don-t-overflow-ssd-buf-CVE-2014-3615.patch and
vbe-rework-sanity-checks-CVE-2014-3615.patch closing CVE-2014-3615
Checksums-Sha1:
75418972e5f851c7f2f2f97fd9fbbfc4cdf4f9e8 2631 qemu_1.1.2+dfsg-6a+deb7u4.dsc
1a379a34bad6c0367455c250ea41bd9562420919 99946
qemu_1.1.2+dfsg-6a+deb7u4.debian.tar.gz
29cbf6130b5eb5e300e9ea8960750ca6c3263fec 49506
qemu-keymaps_1.1.2+dfsg-6a+deb7u4_all.deb
af87e95c031013696dad6e9909e6f140140e61e6 114694
qemu_1.1.2+dfsg-6a+deb7u4_amd64.deb
797b6264037f17ee3213e2dd995325521410c7f1 27892230
qemu-system_1.1.2+dfsg-6a+deb7u4_amd64.deb
f5e886553e4fecf2b764f71753006764351df98b 7721160
qemu-user_1.1.2+dfsg-6a+deb7u4_amd64.deb
b3bf607e20ea01f40d7d5833269d7ddbb90dbc90 16547038
qemu-user-static_1.1.2+dfsg-6a+deb7u4_amd64.deb
1b719c63be490d3ca6a2731fe937f507ecbf6413 663740
qemu-utils_1.1.2+dfsg-6a+deb7u4_amd64.deb
Checksums-Sha256:
41175101b3ca819b13fd8fb43decbedc6d932243e7124d31b2242ce0234a6011 2631
qemu_1.1.2+dfsg-6a+deb7u4.dsc
9897dc09173d8b748616da8efb116e06068e93b30ef1386223bb5a2ba31a1d1e 99946
qemu_1.1.2+dfsg-6a+deb7u4.debian.tar.gz
3ebe1c3fb70b0be05f3af6b4c9aaa0f192b6b24e045873d2c86c42a01032b72d 49506
qemu-keymaps_1.1.2+dfsg-6a+deb7u4_all.deb
ed9595d97da35f54d0b67c371d70cba703b9e2f540c20d501351f45026acc8d6 114694
qemu_1.1.2+dfsg-6a+deb7u4_amd64.deb
d754fd26c6df6bcccca0232c9bb56c62ae755eb79bb03a2a140b041296e4d29c 27892230
qemu-system_1.1.2+dfsg-6a+deb7u4_amd64.deb
1c535ef6e7e57f722e14cca0c8562505736caa16285a5d59994820c1142ca381 7721160
qemu-user_1.1.2+dfsg-6a+deb7u4_amd64.deb
e6b6dd6f50285e2ff0b476cd8b1bec948de0a0dd3fe22a3e1b492f65fae6819d 16547038
qemu-user-static_1.1.2+dfsg-6a+deb7u4_amd64.deb
e77941f84c15ca67d9bf8194a7f271d91fde40d6f6312c0b8a246dd71546d8f9 663740
qemu-utils_1.1.2+dfsg-6a+deb7u4_amd64.deb
Files:
dc97eac69c5c1b2548af943b26ff565b 2631 misc optional
qemu_1.1.2+dfsg-6a+deb7u4.dsc
3ae68603159e2acdd3028e082e95114d 99946 misc optional
qemu_1.1.2+dfsg-6a+deb7u4.debian.tar.gz
cd00c9e61e74c476ad2fb3db6a876027 49506 misc optional
qemu-keymaps_1.1.2+dfsg-6a+deb7u4_all.deb
5cac15ac270d69489de4171914919aa2 114694 misc optional
qemu_1.1.2+dfsg-6a+deb7u4_amd64.deb
3c6ef9428bca03ff3d15ece8b76ed60a 27892230 misc optional
qemu-system_1.1.2+dfsg-6a+deb7u4_amd64.deb
007b979afb55d76f2cb8d48a000086bb 7721160 misc optional
qemu-user_1.1.2+dfsg-6a+deb7u4_amd64.deb
ad08b89ca2d2307a2592aec5e8523588 16547038 misc optional
qemu-user-static_1.1.2+dfsg-6a+deb7u4_amd64.deb
7cdc10e07284df01718ad975aed806f0 663740 misc optional
qemu-utils_1.1.2+dfsg-6a+deb7u4_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQEcBAEBAgAGBQJUL6cWAAoJEL7lnXSkw9fbAJkH/iqhawf+8hhb9HVEdHf6fWKn
w7mKDhov1u/o7X4OoK1AVfp2qcaljIX30aTREGbhPdsvZGGYUrUFXFZzp0FyqSpK
kPgh29ir3tU7wNGU0jw4XTtsdnI9HRV7nkwmxPOw6Y36KOLOUBl5xIy1JQVhpvw6
nHoHraW357bICN+IGVaLZlG/1w4LnsqqKJw5Oiia5T466tUYC288boCWXczelYdy
QcYdQ7ykqSclnIqoHzFMCV8MsnPfShillRYOuBwt4z2CVNe9yk8ifU6nnjWT5Kg7
ZOFFSJ45a3qEoXLF275OLOqdOAuUTkwXD2ypC71TOn/zoamxtb32a/AmDT8l2MQ=
=IUKd
-----END PGP SIGNATURE-----
--- End Message ---