[Git][security-tracker-team/security-tracker][master] CVE-2019-6501: qemu stretch & jessie not-affected

Hugo Lefeuvre hle at debian.org
Thu Feb 28 07:29:51 GMT 2019 

Hugo Lefeuvre pushed to branch master at Debian Security Tracker / security-tracker


Commits:
aa4e021d by Hugo Lefeuvre at 2019-02-28T07:29:17Z
CVE-2019-6501: qemu stretch & jessie not-affected

The overflow was introduced in a71c775b24. Before that, page_len was
neither read from r->buf nor used as index to write the 0xb0 blocks
limit page.

FTR, this piece of code was later moved to the scsi_handle_inquiry_reply
helper in https://git.qemu.org/?p=qemu.git;a=commit;h=0a96ca2437.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -6279,11 +6279,15 @@ CVE-2019-1003000 (A sandbox bypass vulnerability exists in Script Security Plugi
 CVE-2019-6501 [scsi-generic: possible OOB access while handling inquiry request]
 	RESERVED
 	- qemu 1:3.1+dfsg-3 (bug #920222)
+	[stretch] - qemu <not-affected> (vulnerable code introduced later)
+	[jessie] - qemu <not-affected> (vulnerable code introduced later)
 	- qemu-kvm <removed>
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2019-01/msg02324.html
 	NOTE: Code introduced by https://git.qemu.org/?p=qemu.git;a=commit;h=6c219fc8a1 ,
 	NOTE: but but the overflow was already possible before.
 	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=e909ff93698851777faac3c45d03c1b73f311ea6
+	NOTE: Overflow introduced by https://git.qemu.org/?p=qemu.git;a=commit;h=a71c775b24,
+	NOTE: vulnerability not present prior 2.12.50
 CVE-2016-10739 (In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo ...)
 	- glibc 2.28-6 (bug #920047)
 	[stretch] - glibc <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/aa4e021d4f464869c16c2d925eeea166c719f98f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/aa4e021d4f464869c16c2d925eeea166c719f98f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190228/5155412c/attachment.html>

More information about the debian-security-tracker-commits mailing list