Bug 3121 - CVE-2011-3346 qemu: local DoS with SCSI CD-ROM
Summary: CVE-2011-3346 qemu: local DoS with SCSI CD-ROM
Status: RESOLVED WONTFIX
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 1
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: Mageia Bug Squad
QA Contact:
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-10-20 11:22 CEST by Nicolas Vigier
Modified: 2012-12-02 14:36 CET (History)
2 users (show)

See Also:
Source RPM: qemu
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Nicolas Vigier 2011-10-20 11:22:35 CEST 
from oss-sec:
http://www.openwall.com/lists/oss-security/2011/10/20/2

Paolo Bonzini of Red Hat found a buffer overflow in QEMU's SCSI
subsystem. hw/scsi-disk.c tries to zero a user-provided number of
bytes in a fixed-size buffer. An unprivileged local guest user
can potentially use this flaw to crash the guest.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=736038
https://bugzilla.redhat.com/show_bug.cgi?id=736038#c1

Upstream patches:
http://repo.or.cz/w/qemu.git/commit/7285477ab11831b1cf56e45878a89170dd06d9b9
http://repo.or.cz/w/qemu.git/commit/103b40f51e4012b3b0ad20f615562a1806d7f49a
Comment 1 Manuel Hiebel 2011-11-11 01:36:15 CET 
Ping ?
Comment 2 Michael Scherer 2011-11-11 10:10:10 CET 
I am still unsure we are vulnerable, the fix is just for RHEL 4 and the fix is quite complex.
Comment 3 Manuel Hiebel 2011-12-06 02:00:25 CET 
So closing ?
Comment 4 Manuel Hiebel 2012-01-16 17:04:44 CET 
Yes ? No ?
Comment 5 Manuel Hiebel 2012-05-09 21:19:35 CEST 
Ping ?
Marja Van Waes 2012-07-12 00:13:59 CEST

CC: (none) => marja11
Assignee: misc => bugsquad

David Walser 2012-09-25 22:38:22 CEST

CC: (none) => luigiwalser

Comment 6 David Walser 2012-09-25 22:39:24 CEST 
AFAIK, the only security updates anyone has issued for this CVE were for the xen package.

http://lwn.net/Vulnerabilities/464289/

https://rhn.redhat.com/errata/RHSA-2011-1401.html
Comment 7 Manuel Hiebel 2012-11-05 16:54:00 CET 
This message is a reminder that Mageia 1 is nearing its end of life. 
In approximately 25 days from now, Mageia will stop maintaining and issuing 
updates for Mageia 1. At that time this bug will be closed as WONTFIX (EOL) if it 
remains open with a Mageia 'version' of '1'.

Package Maintainer: If you wish for this bug to remain open because you plan to 
fix it in a currently maintained version, simply change the 'version' to a later 
Mageia version prior to Mageia 1's end of life.

Bug Reporter: Thank you for reporting this issue and we are sorry that we may not 
be able to fix it before Mageia 1 is end of life.  If you would still like to see 
this bug fixed and are able to reproduce it against a later version of Mageia, 
you are encouraged to click on "Version" and change it against that version 
of Mageia.

Although we aim to fix as many bugs as possible during every release's lifetime, 
sometimes those efforts are overtaken by events. Often a more recent Mageia 
release includes newer upstream software that fixes bugs or makes them obsolete.

--
Mageia Bugsquad
Comment 8 Manuel Hiebel 2012-12-02 14:36:25 CET 
Mageia 1 changed to end-of-life (EOL) status on ''1st December''. Mageia 1 is no 
longer maintained, which means that it will not receive any further security or 
bug fix updates. As a result we are closing this bug. 

If you can reproduce this bug against a currently maintained version of Mageia 
please feel free to click on "Version" change it against that version of Mageia
and reopen this bug.

Thank you for reporting this bug and we are sorry it could not be fixed.

--
Mageia Bugsquad

Status: NEW => RESOLVED
Resolution: (none) => WONTFIX
Note You need to log in before you can comment on or make changes to this bug.