[v2.7] qemu: multiple issues (CVE-2014-2894 CVE-2013-4344)
CVE-2014-2894:
Off-by-one error in the cmd_smart function in the smart self test in
hw/ide/core.c in QEMU before 2.0 allows local users to have unspecified
impact via a SMART EXECUTE OFFLINE command that triggers a buffer
underflow and memory corruption.
•MLIST:[Qemu-devel] 20140412 [PATCH for 2.0] ide: Correct improper
smart self test c
•URL:
https://lists.nongnu.org/archive/html/qemu-devel/2014-04/msg02016.html
•MLIST:[Qemu-devel] 20140414 Re: [PATCH for 2.0] ide: Correct
improper smart self test c
•URL:
https://lists.nongnu.org/archive/html/qemu-devel/2014-04/msg02152.html
•MLIST:[Qemu-devel] 20140414 Re: [PATCH for 2.0] ide: Correct
improper smart self test c
•URL:
https://lists.nongnu.org/archive/html/qemu-devel/2014-04/msg02095.html
•MLIST:[oss-security] 20140415 CVE request Qemu: out of bounds buffer
access, guest triggerable via IDE SMART
•URL: http://www.openwall.com/lists/oss-security/2014/04/15/4
•MLIST:[oss-security] 20140418 Re: CVE request Qemu: out of bounds
buffer access, guest triggerable via IDE SMART
•URL: http://www.openwall.com/lists/oss-security/2014/04/18/5
•UBUNTU:USN-2182-1
•URL: http://www.ubuntu.com/usn/USN-2182-1
•BID:66932
•URL: http://www.securityfocus.com/bid/66932
•SECUNIA:57945
•URL: http://secunia.com/advisories/57945
•SECUNIA:58191
•URL: http://secunia.com/advisories/58191
CVE-2013-4344:
Buffer overflow in the SCSI implementation in QEMU, as used in Xen, when
a SCSI controller has more than 256 attached devices, allows local users
to gain privileges via a small transfer buffer in a REPORT LUNS command.
•MLIST:[oss-security] 20131002 Xen Security Advisory 65
(CVE-2013-4344) - qemu SCSI REPORT LUNS buffer overflow
•URL: http://www.openwall.com/lists/oss-security/2013/10/02/2
•MLIST:[qemu-devel] 20131009 [ANNOUNCE] QEMU 1.6.1 Stable released
•URL: http://article.gmane.org/gmane.comp.emulators.qemu/237191
•REDHAT:RHSA-2013:1553
•URL: http://rhn.redhat.com/errata/RHSA-2013-1553.html
•REDHAT:RHSA-2013:1754
•URL: http://rhn.redhat.com/errata/RHSA-2013-1754.html
•UBUNTU:USN-2092-1
•URL: http://www.ubuntu.com/usn/USN-2092-1
•BID:62773
•URL: http://www.securityfocus.com/bid/62773
•OSVDB:98028
•URL: http://osvdb.org/98028
(from redmine: issue id 2963, created on 2014-05-23, closed on 2014-06-18)
- Relations:
- parent #2960 (closed)