From patchwork Thu Oct 18 14:52:00 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= X-Patchwork-Id: 10647455 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 56030109C for ; Thu, 18 Oct 2018 15:05:47 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 48DAD28C76 for ; Thu, 18 Oct 2018 15:05:47 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 4694A28CF4; Thu, 18 Oct 2018 15:05:47 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id E6C5E28C76 for ; Thu, 18 Oct 2018 15:05:46 +0000 (UTC) Received: from localhost ([::1]:42895 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gD9ru-0001jA-4a for patchwork-qemu-devel@patchwork.kernel.org; Thu, 18 Oct 2018 11:05:46 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:42985) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gD9ek-0006Hd-Ns for qemu-devel@nongnu.org; Thu, 18 Oct 2018 10:52:11 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1gD9ek-0000Ha-1k for qemu-devel@nongnu.org; Thu, 18 Oct 2018 10:52:10 -0400 Received: from mx1.redhat.com ([209.132.183.28]:50612) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1gD9ej-0000Gd-Os for qemu-devel@nongnu.org; Thu, 18 Oct 2018 10:52:09 -0400 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id A998C308A953; Thu, 18 Oct 2018 14:52:08 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-116-207.ams2.redhat.com [10.36.116.207]) by smtp.corp.redhat.com (Postfix) with ESMTP id 3CF2E46E91; Thu, 18 Oct 2018 14:52:07 +0000 (UTC) From: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= To: qemu-devel@nongnu.org Date: Thu, 18 Oct 2018 15:52:00 +0100 Message-Id: <20181018145203.11336-2-berrange@redhat.com> In-Reply-To: <20181018145203.11336-1-berrange@redhat.com> References: <20181018145203.11336-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.41]); Thu, 18 Oct 2018 14:52:08 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [web PATCH 1/4] Underline the current page section X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Paolo Bonzini , Thomas Huth , Prasad J Pandit Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" X-Virus-Scanned: ClamAV using ClamSMTP The current page section is rendered in bold text but this is rather subtle to see at a glance. Add a single pixel high underline to make it more visible. Signed-off-by: Daniel P. Berrangé --- assets/css/style-desktop.css | 2 ++ 1 file changed, 2 insertions(+) diff --git a/assets/css/style-desktop.css b/assets/css/style-desktop.css index 44ea0c7..c7800b9 100644 --- a/assets/css/style-desktop.css +++ b/assets/css/style-desktop.css @@ -271,6 +271,8 @@ #nav li.current a { font-weight: 500; + border-bottom: 1px solid #F0A833; + padding-bottom: 2px; } /* From patchwork Thu Oct 18 14:52:01 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= X-Patchwork-Id: 10647423 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 2480015E2 for ; Thu, 18 Oct 2018 15:03:08 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 0DA3E28D53 for ; Thu, 18 Oct 2018 15:03:08 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 0BCA028E13; Thu, 18 Oct 2018 15:03:08 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id B2EBA28D53 for ; Thu, 18 Oct 2018 15:03:05 +0000 (UTC) Received: from localhost ([::1]:42879 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gD9pI-0007yU-VP for patchwork-qemu-devel@patchwork.kernel.org; Thu, 18 Oct 2018 11:03:04 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:43061) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gD9er-0006O2-Fq for qemu-devel@nongnu.org; Thu, 18 Oct 2018 10:52:21 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1gD9em-0000K9-QK for qemu-devel@nongnu.org; Thu, 18 Oct 2018 10:52:16 -0400 Received: from mx1.redhat.com ([209.132.183.28]:36106) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1gD9em-0000JW-E4 for qemu-devel@nongnu.org; Thu, 18 Oct 2018 10:52:12 -0400 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id B798F3002F2B; Thu, 18 Oct 2018 14:52:11 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-116-207.ams2.redhat.com [10.36.116.207]) by smtp.corp.redhat.com (Postfix) with ESMTP id E94825B687; Thu, 18 Oct 2018 14:52:08 +0000 (UTC) From: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= To: qemu-devel@nongnu.org Date: Thu, 18 Oct 2018 15:52:01 +0100 Message-Id: <20181018145203.11336-3-berrange@redhat.com> In-Reply-To: <20181018145203.11336-1-berrange@redhat.com> References: <20181018145203.11336-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.40]); Thu, 18 Oct 2018 14:52:11 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [web PATCH 2/4] Introduce content and tools for managing security notices X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Paolo Bonzini , Thomas Huth , Prasad J Pandit Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" X-Virus-Scanned: ClamAV using ClamSMTP Signed-off-by: Daniel P. Berrangé --- _config.yml | 4 + _includes/nav.html | 3 +- _layouts/secnotice.html | 22 ++ assets/css/style.css | 47 +++ secnotice/Makefile | 40 +++ secnotice/README-template.md | 78 +++++ secnotice/README.md | 20 ++ secnotice/_scripts/index-html.xsl | 72 +++++ secnotice/_scripts/index-xml | 28 ++ secnotice/_scripts/notice-html.xsl | 286 +++++++++++++++++++ secnotice/_scripts/notice-txt.xsl | 277 ++++++++++++++++++ secnotice/_scripts/report-vulnerable-tags.pl | 135 +++++++++ secnotice/template.xml | 50 ++++ 13 files changed, 1061 insertions(+), 1 deletion(-) create mode 100644 _layouts/secnotice.html create mode 100644 secnotice/Makefile create mode 100644 secnotice/README-template.md create mode 100644 secnotice/README.md create mode 100644 secnotice/_scripts/index-html.xsl create mode 100755 secnotice/_scripts/index-xml create mode 100644 secnotice/_scripts/notice-html.xsl create mode 100644 secnotice/_scripts/notice-txt.xsl create mode 100644 secnotice/_scripts/report-vulnerable-tags.pl create mode 100644 secnotice/template.xml diff --git a/_config.yml b/_config.yml index 0a0201c..6fddace 100644 --- a/_config.yml +++ b/_config.yml @@ -37,3 +37,7 @@ gems: exclude: - Gemfile - Gemfile.lock + - Makefile + - secalert/README.md + - secalert/README-template.md + - secalert/template.xml diff --git a/_includes/nav.html b/_includes/nav.html index 241d83e..350de6d 100644 --- a/_includes/nav.html +++ b/_includes/nav.html @@ -6,7 +6,8 @@
  • Download
  • Contribute
  • Documentation -
  • Blog
    • +
  • Blog +
  • Security Notices
    • diff --git a/_layouts/secnotice.html b/_layouts/secnotice.html new file mode 100644 index 0000000..b30c036 --- /dev/null +++ b/_layouts/secnotice.html @@ -0,0 +1,22 @@ + + + + + {{ page.title }} - {{ site.title }} + {% include assets.html %} + + + + {% include nav.html %} + + {{ content }} + + {% include footer.html %} + {% include copyright.html %} + + + diff --git a/assets/css/style.css b/assets/css/style.css index b828887..dccffb0 100644 --- a/assets/css/style.css +++ b/assets/css/style.css @@ -590,3 +590,50 @@ { margin-top: 1.5em; } + +/*********************************************************************************/ +/* Security notices */ +/*********************************************************************************/ + + body.secnotice #main + { + width: 50%; + } + + body.secnotice #sidebar + { + margin-top: 10em; + width: 30%; + } + + body.secnotice p.altformat + { + font-size: smaller; + color: inherit; + text-align: right; + } + + body.secnotice table.repository { + border-spacing: 0px; + } + + body.secnotice table.repository tbody th { + text-align: right; + } + + body.secnotice table.repository tbody th, + body.secnotice table.repository tbody td { + padding: 2px; + } + + body.secnotice table.repository tbody td.fixedtag, + body.secnotice table.repository tbody td.mergedcommit { + background: rgb(240,255,240); + } + body.secnotice table.repository tbody td.fixedcommit { + background: rgb(240,240,255); + } + + body.secnotice table.repository thead { + background: rgb(240,240,240); + } diff --git a/secnotice/Makefile b/secnotice/Makefile new file mode 100644 index 0000000..fef2e8c --- /dev/null +++ b/secnotice/Makefile @@ -0,0 +1,40 @@ + +YEARS = $(wildcard 2???) + +INDEX_XML = index.xml $(YEARS:%=%/index.xml) +INDEX_HTML = $(INDEX_XML:%.xml=%.html) + +NOTICE_XML = $(wildcard */???.xml) +NOTICE_TXT = $(NOTICE_XML:%.xml=%.txt) +NOTICE_HTML = $(NOTICE_XML:%.xml=%.html) + +all: $(INDEX_XML) $(INDEX_HTML) $(NOTICE_TXT) $(NOTICE_HTML) + +index.xml: $(NOTICE_XML) _scripts/index-xml Makefile + mkdir -p `dirname $@` + _scripts/index-xml $(sort $(NOTICE_XML)) > $@ + +index.html: index.xml _scripts/index-html.xsl Makefile + xsltproc _scripts/index-html.xsl $< > $@ + +%/index.xml: $(NOTICE_XML) _scripts/index-xml Makefile + mkdir -p `dirname $@` + DIR=`echo $@ | sed -e 's,/index.xml,,'` + rm -f $@ + _scripts/index-xml $(sort $(wildcard $(@:%/index.xml=%/)???.xml)) > $@ + +%/index.html: %/index.xml _scripts/index-html.xsl Makefile + xsltproc --stringparam permalink $(@:%/index.html=/secnotice/%/) _scripts/index-html.xsl $< > $@ + +%.txt: %.xml _scripts/notice-txt.xsl Makefile + mkdir -p `dirname $@` + xsltproc _scripts/notice-txt.xsl $< > $@ + +%.html: %.xml _scripts/notice-html.xsl Makefile + mkdir -p `dirname $@` + xsltproc _scripts/notice-html.xsl $< > $@ + +clean: + rm -rf index.{xml,html} + rm -rf */index.{xml,html} + rm -rf */*.{txt,html} diff --git a/secnotice/README-template.md b/secnotice/README-template.md new file mode 100644 index 0000000..2b80dca --- /dev/null +++ b/secnotice/README-template.md @@ -0,0 +1,78 @@ +QEMU Security Notice Schema +=========================== + +The top level element of a QEMU security notice has a name of +``security-notice`` and is in an XML namespace of +``http://qemu.org/xmlns/security-notice/1.0`` + +Basic metadata +-------------- + +The ``id`` element content is a pair of 4 digit numbers uniquely identifying +the security issue. By convention the first 4 digit number is the year in which +it was reported and the second number is an integer value that is unique within +the year, monotonically incrementing from 1. eg the 137th issue reported in +2013 would have an id of ``2013-0137`` + +The ``summary`` element is a short, single line description of the flaw, +ideally 80 characters or less to make it suitable for use in email subject +lines or git commit messages. + +The ``credits`` element provides information on persons involved with the flaw. +It permits the child elements ``reporter`` or ``patcher`` each of which can be +repeated zero or more times. Both elements contain two further child elements +``email`` and ``name`` with the former providing the email address and the +latter providing the full name. At least one of ``email`` and ``name`` must +be provided. + +The ``lifecycle`` element provides date on key milestones in handling of the +issue. It contains between one and three child elements, ``reported``, +``published`` and ``fixed``. The ``reported`` element says the date on which +the QEMU security received notification of the issue. The ``published`` element +says the date on which the issue was revealed to the public. The ``fixed`` +element says the date on which the issue was patched in the primary code branch +(typically GIT master). + +The ``reference`` element provides details of related resources. It will have +one or more child elements which can be either ``advisory`` or ``bug``. An +``advisory`` element includes a ``type`` and ``id`` attribute where ``type`` is +currently allowed to be ``CVE`` and ``id`` is the identifier of the report. A +``bug`` element includes ``tracker`` and ``id`` attributes where ``tracker`` is +allowed to be ``redhat``, ``debian`` or a short name for another vendors' bug +tracker. + +Descriptive data +---------------- + +There are three free form text elements providing descriptive data about the +issue. The data will usually be inside a CDATA block. + +The ``description`` element content is an expanded version of the ``summary`` +element content, describing what the flaw is. + +The ``impact`` element content describes the implications of the security +issue. ie what can a malicious user do with the flaw. + +The ``workaround`` element content describes any steps that an administrator +can take to eliminate or at least mitigate the impact of the flaw. + + +Product data +------------ + +The ``product`` element provides information about the codebase of the affected +products. The ``name`` attribute is the name of a QEMU product, typically based +on the tar.gz archive name with the suffix stripped. This contains a child +``repository`` element which is a URL to the master GIT repository. There is +then one or more ``branch`` elements which details the state of affected +branches. + +The first child of the ``branch`` element is a ``name`` giving the branch name, +eg ``master``, ``v1.0.1-maint``, etc. There are then zero or more ``tag`` or +``change`` child elements with a ``state`` attribute of ``vulnerable`` or +``fixed``. The ``tag`` element content details the name of the GIT tag(s) on +that branch are vulnerable and which tags are fixed. The ``change`` element +content details the GIT hash of the change(s) which both introduce and fix the +flaw. The same vulnerable change hash may appear under multiple ``branch`` +elements since branches will share large portions of their history. The fix +hash will however usually be different. diff --git a/secnotice/README.md b/secnotice/README.md new file mode 100644 index 0000000..643076d --- /dev/null +++ b/secnotice/README.md @@ -0,0 +1,20 @@ +QEMU Security Notices +===================== + +This directory records all QEMU Security Notices that are issued. + +Notices must only added to this directory once any embargo is lifted, since the +GIT repository is fully public. + +Notices are written in XML in a file ``$YEAR/$NUM.xml`` eg ``2014/0001.xml``. +Assign numbers incrementally as new issues are reported. More details on the +XML format can be found in `README-schema.rst``. + +When a new notice is published for the first time, send the text rendering of +the notice to the ``qemu-devel@nongnu.org`` + +When backporting security fixes to ``stable-X.Y`` branches, update the notice +with details of the backported changeset hash. + +When doing a formal stable release, update the notices included with the release +tag name. diff --git a/secnotice/_scripts/index-html.xsl b/secnotice/_scripts/index-html.xsl new file mode 100644 index 0000000..71ae716 --- /dev/null +++ b/secnotice/_scripts/index-html.xsl @@ -0,0 +1,72 @@ + + + + + + + + --- +title: QEMU Security Notices +permalink: +--- + +

    + If you believe you have identified a new security issue in QEMU, please + follow the security process + to report it in a non-public way. Do NOT use the bug tracker, + mailing lists, or IRC to report non-public security issues. +

    + +
      + + + +
    + +

    + Alternative formats: [xml] +

    +     + + + + + + + + + + + + + + + + + + + + +
  • QSN-:
    • +     +     diff --git a/secnotice/_scripts/index-xml b/secnotice/_scripts/index-xml new file mode 100755 index 0000000..67de29f --- /dev/null +++ b/secnotice/_scripts/index-xml @@ -0,0 +1,28 @@ +#!/bin/bash +# +# Copyright (C) 2013-2014 Red Hat, Inc. +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see +# . + +set -e + +DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" + +echo '' +for n in $@ +do + echo " " +done +echo '' diff --git a/secnotice/_scripts/notice-html.xsl b/secnotice/_scripts/notice-html.xsl new file mode 100644 index 0000000..50ba802 --- /dev/null +++ b/secnotice/_scripts/notice-html.xsl @@ -0,0 +1,286 @@ + + + + + + + + + + + + + + + + --- +title: 'QSN-: ' +layout: secnotice +permalink: + + +--- + +
    +
    + +

    + +

    + + + + + + + + + + +
    +
    + + +     + + +

    + Alternative formats: + + + + + + + + [xml] + + + + + + + + + + [text] + +

    +     + + +

    Lifecycle

    + + + + + + + + + + + + + +
    Reported on:
    Published on:
    Fixed on:
    +     + + +

    Credits

    + + + + + + + + + + + + + + + + + + + + + + + +
    Reported by: + +
    Patched by: + +
    +     + + + + + + CVE- + + + + + + - + + + + + + + + bug # + + + + +

    See also

    +
      + +
      • +       +
    +     + + +

    Description

    +

    + +

    +     + + +

    Impact

    +

    + +

    +     + + +

    Mitigation

    +

    + +

    +     + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    Branch: + + + +
    Fixed in: + + + +
    Fixed by: + + + +
    Merged by: + + + +
    Broken in: + + + +
    Broken by: + + + +
    +     +     +     diff --git a/secnotice/_scripts/notice-txt.xsl b/secnotice/_scripts/notice-txt.xsl new file mode 100644 index 0000000..dc4c125 --- /dev/null +++ b/secnotice/_scripts/notice-txt.xsl @@ -0,0 +1,277 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + QEMU Security Notice: QSN- + + + ================================== + + + + + + + + + + + + + + + + + Summary: + + + + + + + + + + Reported on: + + + + Published on: + + + + Fixed on: + + + + + + Reported by: + + + + + + < + + > + + + + + + Patched by: + + + + + + < + + > + + + + + + + + + + - + + + + + + bug # + + + + + See also: + + + + + , + + + + + + + + + + + + + + Description + + ----------- + + + + + + + + + + + + + Impact + + ------ + + + + + + + + + + + + + Mitigation + + ---------- + + + + + + + + + + + + + + Related commits + + ---------------- + + + git://git.qemu.org/qemu.git + + https://git.qemu.org/?p=qemu.git + + + + + Branch: + + + + + Broken in: + + + + + Fixed in: + + + + + + + Broken by: + + + + + Fixed by: + + + + + + + + diff --git a/secnotice/_scripts/report-vulnerable-tags.pl b/secnotice/_scripts/report-vulnerable-tags.pl new file mode 100644 index 0000000..3b89efd --- /dev/null +++ b/secnotice/_scripts/report-vulnerable-tags.pl @@ -0,0 +1,135 @@ +#!/usr/bin/perl + +use strict; +use warnings; + +use Sort::Versions; + +if (int(@ARGV) != 1 && int (@ARGV) != 2) { + die "syntax: $0 BROKEN-COMMIT [MERGED-COMMIT]\n"; +} + +my $broken = shift @ARGV; +my $merged = shift @ARGV; + +sub get_tags { + my @args = @_; + + my @tags; + open GIT, "-|", "git", "tag", @args or + die "cannot query 'git tags @args': $!\n"; + + while () { + chomp; + + # Drop anything except vN.N.N style tags + # where 'N' is only digits. + if (/^v(\d+)(\.\d+)+$/) { + push @tags, $_; + } + } + + close GIT; + + return @tags; +} + +sub get_branch { + my $tag = shift; + + my @branches; + open GIT, "-|", "git", "branch", "--all", "--contains", $tag or + die "cannot query 'git branch --all --contains $tag': $!\n"; + + while () { + chomp; + + if (m,^\s*remotes/origin/(stable-.*)$,) { + push @branches, $1; + } + } + + close GIT; + + return @branches; +} + +my @branches; +my %tags; +my %branches; + +my %merged; +my $mergedtag; + +if (defined $merged) { + for my $tag (get_tags("--contains", $merged)) { + $merged{$tag} = 1; + $mergedtag = $tag unless defined $mergedtag; + } +} + +$branches{"master"} = []; +# Most tags live on master so lets get them first +for my $tag (get_tags("--contains", $broken, "--merged", "master")) { + next if exists $merged{$tag}; + push @{$branches{"master"}}, $tag; + $tags{$tag} = 1; +} +push @branches, "master"; + +# Now we need slower work to find branches for +# few remaining tags +for my $tag (get_tags("--contains", $broken)) { + + next if exists $tags{$tag}; + next if exists $merged{$tag}; + next if $tag =~ /v\d+\.\d+\.9\d/; + + my @tagbranches = get_branch($tag); + if (int(@tagbranches) == 0) { + if ($tag =~ "^v0.10") { + @tagbranches = ("stable-0.10") + } elsif ($tag =~ "^v0") { + @tagbranches = ("master") + } else { + print "Tag $tag doesn't appear in any branch\n"; + next; + } + } + + if (int(@tagbranches) > 1) { + print "Tag $tag appears in multiple branches\n"; + } + + unless (exists($branches{$tagbranches[0]})) { + $branches{$tagbranches[0]} = []; + push @branches, $tagbranches[0]; + } + push @{$branches{$tagbranches[0]}}, $tag; +} + + +foreach my $branch (sort versioncmp @branches) { + print " \n"; + print " $branch\n"; + if ($branch eq "master") { + print " \n"; + if (defined $merged) { + print " $merged\n"; + } else { + print " \n"; + } + if (defined $mergedtag) { + print " $mergedtag\n"; + } else { + print " \n"; + } + } + + foreach my $tag (sort versioncmp @{$branches{$branch}}) { + print " $tag\n"; + } + print " $broken\n"; + + print " \n"; +} diff --git a/secnotice/template.xml b/secnotice/template.xml new file mode 100644 index 0000000..8f8a0d4 --- /dev/null +++ b/secnotice/template.xml @@ -0,0 +1,50 @@ + + XXXX-XXX + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + master + + + + + + + + + From patchwork Thu Oct 18 14:52:02 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= X-Patchwork-Id: 10647467 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id EF72715E2 for ; Thu, 18 Oct 2018 15:09:22 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id D896C28C5B for ; Thu, 18 Oct 2018 15:09:22 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id C5A7428CBE; Thu, 18 Oct 2018 15:09:22 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 315EA28C5B for ; Thu, 18 Oct 2018 15:09:18 +0000 (UTC) Received: from localhost ([::1]:42912 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gD9vJ-0004eb-DP for patchwork-qemu-devel@patchwork.kernel.org; Thu, 18 Oct 2018 11:09:17 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:43089) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gD9f8-0006a8-5F for qemu-devel@nongnu.org; Thu, 18 Oct 2018 10:52:41 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1gD9eq-0000NI-Ga for qemu-devel@nongnu.org; Thu, 18 Oct 2018 10:52:25 -0400 Received: from mx1.redhat.com ([209.132.183.28]:40930) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1gD9ep-0000MG-Ov for qemu-devel@nongnu.org; Thu, 18 Oct 2018 10:52:16 -0400 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 034CF30C9EF2; Thu, 18 Oct 2018 14:52:14 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-116-207.ams2.redhat.com [10.36.116.207]) by smtp.corp.redhat.com (Postfix) with ESMTP id 1A4475B687; Thu, 18 Oct 2018 14:52:11 +0000 (UTC) From: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= To: qemu-devel@nongnu.org Date: Thu, 18 Oct 2018 15:52:02 +0100 Message-Id: <20181018145203.11336-4-berrange@redhat.com> In-Reply-To: <20181018145203.11336-1-berrange@redhat.com> References: <20181018145203.11336-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.42]); Thu, 18 Oct 2018 14:52:14 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [web PATCH 3/4] Add vulnerability reports for 2018 X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Paolo Bonzini , Thomas Huth , Prasad J Pandit Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" X-Virus-Scanned: ClamAV using ClamSMTP Signed-off-by: Daniel P. Berrangé --- secnotice/2018/001.xml | 248 +++++++++++++++++++++++++++++++++++++++++ secnotice/2018/002.xml | 242 ++++++++++++++++++++++++++++++++++++++++ secnotice/2018/003.xml | 191 +++++++++++++++++++++++++++++++ secnotice/2018/004.xml | 243 ++++++++++++++++++++++++++++++++++++++++ secnotice/2018/005.xml | 225 +++++++++++++++++++++++++++++++++++++ secnotice/2018/006.xml | 247 ++++++++++++++++++++++++++++++++++++++++ secnotice/2018/007.xml | 201 +++++++++++++++++++++++++++++++++ secnotice/2018/008.xml | 225 +++++++++++++++++++++++++++++++++++++ secnotice/2018/009.xml | 225 +++++++++++++++++++++++++++++++++++++ secnotice/2018/010.xml | 223 ++++++++++++++++++++++++++++++++++++ secnotice/2018/011.xml | 199 +++++++++++++++++++++++++++++++++ 11 files changed, 2469 insertions(+) create mode 100644 secnotice/2018/001.xml create mode 100644 secnotice/2018/002.xml create mode 100644 secnotice/2018/003.xml create mode 100644 secnotice/2018/004.xml create mode 100644 secnotice/2018/005.xml create mode 100644 secnotice/2018/006.xml create mode 100644 secnotice/2018/007.xml create mode 100644 secnotice/2018/008.xml create mode 100644 secnotice/2018/009.xml create mode 100644 secnotice/2018/010.xml create mode 100644 secnotice/2018/011.xml diff --git a/secnotice/2018/001.xml b/secnotice/2018/001.xml new file mode 100644 index 0000000..3636545 --- /dev/null +++ b/secnotice/2018/001.xml @@ -0,0 +1,248 @@ + + 2018-001 + + Speculative store bypass + + + + + + + + + + + + + + + + Ken Johnson (Microsoft Security Response Center) + + + Jann Horn (Google Project Zero) + + + Daniel P. Berrangé + berrange@redhat.com + + + Konrad Rzeszutek Wilk + konrad.wilk@oracle.com + + + + + 20180312 + 20180521 + 20180626 + + + + + + + + + master + d19d1f965904a533998739698020ff4ee8a103da + 403503b162ffc33fb64cfefdf7b880acf41772cd + 4f50c1673a89b07f376ce5c42d22d79a79cd466d + a764f3f7197f4d7ad8fe8424269933de912224cb + e409d9a158c77c650651e8118f6c86c8dc76eba6 + + v0.10.1 + v0.10.2 + v1.0 + v1.1.0 + v1.2.0 + v1.3.0 + v1.4.0 + v1.5.0 + v1.6.0 + v1.7.0 + v2.0.0 + v2.1.0 + v2.2.0 + v2.3.0 + v2.4.0 + v2.5.0 + v2.6.0 + v2.7.0 + v2.8.0 + v2.9.0 + v2.10.0 + v2.11.0 + v2.12.0 + v3.0.0 + 7ba1e61953f4592606e60b2e7507ff6a6faf861a + + + stable-0.10 + v0.10.0 + v0.10.3 + v0.10.4 + v0.10.5 + v0.10.6 + 7ba1e61953f4592606e60b2e7507ff6a6faf861a + + + stable-0.11 + v0.11.0 + v0.11.1 + 7ba1e61953f4592606e60b2e7507ff6a6faf861a + + + stable-0.12 + v0.12.0 + v0.12.1 + v0.12.2 + v0.12.3 + v0.12.4 + v0.12.5 + 7ba1e61953f4592606e60b2e7507ff6a6faf861a + + + stable-0.13 + v0.13.0 + 7ba1e61953f4592606e60b2e7507ff6a6faf861a + + + stable-0.14 + v0.14.0 + v0.14.1 + 7ba1e61953f4592606e60b2e7507ff6a6faf861a + + + stable-0.15 + v0.15.0 + v0.15.1 + 7ba1e61953f4592606e60b2e7507ff6a6faf861a + + + stable-1.0 + v1.0.1 + 7ba1e61953f4592606e60b2e7507ff6a6faf861a + + + stable-1.1 + v1.1.1 + v1.1.2 + 7ba1e61953f4592606e60b2e7507ff6a6faf861a + + + stable-1.2 + v1.2.1 + v1.2.2 + 7ba1e61953f4592606e60b2e7507ff6a6faf861a + + + stable-1.3 + v1.3.1 + 7ba1e61953f4592606e60b2e7507ff6a6faf861a + + + stable-1.4 + v1.4.1 + v1.4.2 + 7ba1e61953f4592606e60b2e7507ff6a6faf861a + + + stable-1.5 + v1.5.1 + v1.5.2 + v1.5.3 + 7ba1e61953f4592606e60b2e7507ff6a6faf861a + + + stable-1.6 + v1.6.1 + v1.6.2 + 7ba1e61953f4592606e60b2e7507ff6a6faf861a + + + stable-1.7 + v1.7.1 + v1.7.2 + 7ba1e61953f4592606e60b2e7507ff6a6faf861a + + + stable-2.0 + v2.0.1 + v2.0.2 + 7ba1e61953f4592606e60b2e7507ff6a6faf861a + + + stable-2.1 + v2.1.1 + v2.1.2 + v2.1.3 + 7ba1e61953f4592606e60b2e7507ff6a6faf861a + + + stable-2.2 + v2.2.1 + 7ba1e61953f4592606e60b2e7507ff6a6faf861a + + + stable-2.3 + v2.3.1 + 7ba1e61953f4592606e60b2e7507ff6a6faf861a + + + stable-2.4 + v2.4.0.1 + v2.4.1 + 7ba1e61953f4592606e60b2e7507ff6a6faf861a + + + stable-2.5 + v2.5.1 + v2.5.1.1 + 7ba1e61953f4592606e60b2e7507ff6a6faf861a + + + stable-2.6 + v2.6.1 + v2.6.2 + 7ba1e61953f4592606e60b2e7507ff6a6faf861a + + + stable-2.7 + v2.7.1 + 7ba1e61953f4592606e60b2e7507ff6a6faf861a + + + stable-2.8 + v2.8.1 + v2.8.1.1 + 7ba1e61953f4592606e60b2e7507ff6a6faf861a + + + stable-2.9 + v2.9.1 + 7ba1e61953f4592606e60b2e7507ff6a6faf861a + + + stable-2.10 + v2.10.1 + v2.10.2 + 7ba1e61953f4592606e60b2e7507ff6a6faf861a + + + stable-2.11 + v2.11.1 + v2.11.2 + 7ba1e61953f4592606e60b2e7507ff6a6faf861a + + + stable-2.12 + v2.12.1 + 7ba1e61953f4592606e60b2e7507ff6a6faf861a + + + + diff --git a/secnotice/2018/002.xml b/secnotice/2018/002.xml new file mode 100644 index 0000000..6422715 --- /dev/null +++ b/secnotice/2018/002.xml @@ -0,0 +1,242 @@ + + 2018-002 + + VGA out of bounds in vga_draw_text + + + + + + + + + + + + + + + + Jiang Xin + jiangxin1@huawei.com + + + Lin ZheCheng + linzhecheng@huawei.com + + + + + 20171228 + 20171225 + 20180125 + + + + + + + + + master + v2.12.0 + 191f59dc17396bb5a8da50f8c59b6e0a430711a4 + b3bbe959b5dc3bf07041946455cc8e8d562bfd1f + v0.4.4 + v0.5.0 + v0.5.1 + v0.6.0 + v0.6.1 + v0.7.0 + v0.7.1 + v0.8.1 + v0.8.2 + v0.9.0 + v0.9.1 + v1.0 + v1.1.0 + v1.2.0 + v1.3.0 + v1.4.0 + v1.5.0 + v1.6.0 + v1.7.0 + v2.0.0 + v2.1.0 + v2.2.0 + v2.3.0 + v2.4.0 + v2.5.0 + v2.6.0 + v2.7.0 + v2.8.0 + v2.9.0 + v2.10.0 + v2.11.0 + e89f66eca974d2a9d5d89271c6041daefdab2105 + + + stable-0.10 + v0.10.0 + v0.10.1 + v0.10.2 + v0.10.3 + v0.10.4 + v0.10.5 + v0.10.6 + e89f66eca974d2a9d5d89271c6041daefdab2105 + + + stable-0.11 + v0.11.0 + v0.11.1 + e89f66eca974d2a9d5d89271c6041daefdab2105 + + + stable-0.12 + v0.12.0 + v0.12.1 + v0.12.2 + v0.12.3 + v0.12.4 + v0.12.5 + e89f66eca974d2a9d5d89271c6041daefdab2105 + + + stable-0.13 + v0.13.0 + e89f66eca974d2a9d5d89271c6041daefdab2105 + + + stable-0.14 + v0.14.0 + v0.14.1 + e89f66eca974d2a9d5d89271c6041daefdab2105 + + + stable-0.15 + v0.15.0 + v0.15.1 + e89f66eca974d2a9d5d89271c6041daefdab2105 + + + stable-1.0 + v1.0.1 + e89f66eca974d2a9d5d89271c6041daefdab2105 + + + stable-1.1 + v1.1.1 + v1.1.2 + e89f66eca974d2a9d5d89271c6041daefdab2105 + + + stable-1.2 + v1.2.1 + v1.2.2 + e89f66eca974d2a9d5d89271c6041daefdab2105 + + + stable-1.3 + v1.3.1 + e89f66eca974d2a9d5d89271c6041daefdab2105 + + + stable-1.4 + v1.4.1 + v1.4.2 + e89f66eca974d2a9d5d89271c6041daefdab2105 + + + stable-1.5 + v1.5.1 + v1.5.2 + v1.5.3 + e89f66eca974d2a9d5d89271c6041daefdab2105 + + + stable-1.6 + v1.6.1 + v1.6.2 + e89f66eca974d2a9d5d89271c6041daefdab2105 + + + stable-1.7 + v1.7.1 + v1.7.2 + e89f66eca974d2a9d5d89271c6041daefdab2105 + + + stable-2.0 + v2.0.1 + v2.0.2 + e89f66eca974d2a9d5d89271c6041daefdab2105 + + + stable-2.1 + v2.1.1 + v2.1.2 + v2.1.3 + e89f66eca974d2a9d5d89271c6041daefdab2105 + + + stable-2.2 + v2.2.1 + e89f66eca974d2a9d5d89271c6041daefdab2105 + + + stable-2.3 + v2.3.1 + e89f66eca974d2a9d5d89271c6041daefdab2105 + + + stable-2.4 + v2.4.0.1 + v2.4.1 + e89f66eca974d2a9d5d89271c6041daefdab2105 + + + stable-2.5 + v2.5.1 + v2.5.1.1 + e89f66eca974d2a9d5d89271c6041daefdab2105 + + + stable-2.6 + v2.6.1 + v2.6.2 + e89f66eca974d2a9d5d89271c6041daefdab2105 + + + stable-2.7 + v2.7.1 + e89f66eca974d2a9d5d89271c6041daefdab2105 + + + stable-2.8 + v2.8.1 + v2.8.1.1 + e89f66eca974d2a9d5d89271c6041daefdab2105 + + + stable-2.9 + v2.9.1 + e89f66eca974d2a9d5d89271c6041daefdab2105 + + + stable-2.10 + v2.10.1 + v2.10.2 + e89f66eca974d2a9d5d89271c6041daefdab2105 + + + stable-2.11 + v2.11.1 + v2.11.2 + e89f66eca974d2a9d5d89271c6041daefdab2105 + + + + diff --git a/secnotice/2018/003.xml b/secnotice/2018/003.xml new file mode 100644 index 0000000..9691805 --- /dev/null +++ b/secnotice/2018/003.xml @@ -0,0 +1,191 @@ + + 2018-003 + + Multiboot out of bounds loading kernel + + + + + + + + + + + + + + + + + + + + + + + + + + 20180221 + 20180227 + 20180328 + + + + + + + + + master + v2.12.0 + 2a8fcd119eb7c6bb3837fc3669eb1b2dfb31daf8 + 854a4436dd313eaeb51c275d00526d60437915d2 + v1.0 + v1.1.0 + v1.2.0 + v1.3.0 + v1.4.0 + v1.5.0 + v1.6.0 + v1.7.0 + v2.0.0 + v2.1.0 + v2.2.0 + v2.3.0 + v2.4.0 + v2.5.0 + v2.6.0 + v2.7.0 + v2.8.0 + v2.9.0 + v2.10.0 + v2.11.0 + 6b8273a1b97876950d91c228a420a851e10e12bb + + + stable-1.0 + v1.0.1 + 6b8273a1b97876950d91c228a420a851e10e12bb + + + stable-1.1 + v1.1.1 + v1.1.2 + 6b8273a1b97876950d91c228a420a851e10e12bb + + + stable-1.2 + v1.2.1 + v1.2.2 + 6b8273a1b97876950d91c228a420a851e10e12bb + + + stable-1.3 + v1.3.1 + 6b8273a1b97876950d91c228a420a851e10e12bb + + + stable-1.4 + v1.4.1 + v1.4.2 + 6b8273a1b97876950d91c228a420a851e10e12bb + + + stable-1.5 + v1.5.1 + v1.5.2 + v1.5.3 + 6b8273a1b97876950d91c228a420a851e10e12bb + + + stable-1.6 + v1.6.1 + v1.6.2 + 6b8273a1b97876950d91c228a420a851e10e12bb + + + stable-1.7 + v1.7.1 + v1.7.2 + 6b8273a1b97876950d91c228a420a851e10e12bb + + + stable-2.0 + v2.0.1 + v2.0.2 + 6b8273a1b97876950d91c228a420a851e10e12bb + + + stable-2.1 + v2.1.1 + v2.1.2 + v2.1.3 + 6b8273a1b97876950d91c228a420a851e10e12bb + + + stable-2.2 + v2.2.1 + 6b8273a1b97876950d91c228a420a851e10e12bb + + + stable-2.3 + v2.3.1 + 6b8273a1b97876950d91c228a420a851e10e12bb + + + stable-2.4 + v2.4.0.1 + v2.4.1 + 6b8273a1b97876950d91c228a420a851e10e12bb + + + stable-2.5 + v2.5.1 + v2.5.1.1 + 6b8273a1b97876950d91c228a420a851e10e12bb + + + stable-2.6 + v2.6.1 + v2.6.2 + 6b8273a1b97876950d91c228a420a851e10e12bb + + + stable-2.7 + v2.7.1 + 6b8273a1b97876950d91c228a420a851e10e12bb + + + stable-2.8 + v2.8.1 + v2.8.1.1 + 6b8273a1b97876950d91c228a420a851e10e12bb + + + stable-2.9 + v2.9.1 + 6b8273a1b97876950d91c228a420a851e10e12bb + + + stable-2.10 + v2.10.1 + v2.10.2 + 6b8273a1b97876950d91c228a420a851e10e12bb + + + stable-2.11 + v2.11.1 + v2.11.2 + 6b8273a1b97876950d91c228a420a851e10e12bb + + + + diff --git a/secnotice/2018/004.xml b/secnotice/2018/004.xml new file mode 100644 index 0000000..83a43dc --- /dev/null +++ b/secnotice/2018/004.xml @@ -0,0 +1,243 @@ + + 2018-004 + + Cirrus out of bounds access updating VGA display + + + + + + + + + + + + + + + + Ross Lagerwall + ross.lagerwall@citrix.com + + + Gerd Hoffmann + kraxel@redhat.com + + + + + 20180228 + 20180308 + 20180312 + + + + + + + + + master + v2.12.0 + 7cdc61becd095b64a786b2625f321624e7111f3d + fb5fff15881ba7a002924b967eb211c002897983 + v0.4.4 + v0.5.0 + v0.5.1 + v0.6.0 + v0.6.1 + v0.7.0 + v0.7.1 + v0.8.1 + v0.8.2 + v0.9.0 + v0.9.1 + v1.0 + v1.1.0 + v1.2.0 + v1.3.0 + v1.4.0 + v1.5.0 + v1.6.0 + v1.7.0 + v2.0.0 + v2.1.0 + v2.2.0 + v2.3.0 + v2.4.0 + v2.5.0 + v2.6.0 + v2.7.0 + v2.8.0 + v2.9.0 + v2.10.0 + v2.11.0 + e89f66eca974d2a9d5d89271c6041daefdab2105 + + + stable-0.10 + v0.10.0 + v0.10.1 + v0.10.2 + v0.10.3 + v0.10.4 + v0.10.5 + v0.10.6 + e89f66eca974d2a9d5d89271c6041daefdab2105 + + + stable-0.11 + v0.11.0 + v0.11.1 + e89f66eca974d2a9d5d89271c6041daefdab2105 + + + stable-0.12 + v0.12.0 + v0.12.1 + v0.12.2 + v0.12.3 + v0.12.4 + v0.12.5 + e89f66eca974d2a9d5d89271c6041daefdab2105 + + + stable-0.13 + v0.13.0 + e89f66eca974d2a9d5d89271c6041daefdab2105 + + + stable-0.14 + v0.14.0 + v0.14.1 + e89f66eca974d2a9d5d89271c6041daefdab2105 + + + stable-0.15 + v0.15.0 + v0.15.1 + e89f66eca974d2a9d5d89271c6041daefdab2105 + + + stable-1.0 + v1.0.1 + e89f66eca974d2a9d5d89271c6041daefdab2105 + + + stable-1.1 + v1.1.1 + v1.1.2 + e89f66eca974d2a9d5d89271c6041daefdab2105 + + + stable-1.2 + v1.2.1 + v1.2.2 + e89f66eca974d2a9d5d89271c6041daefdab2105 + + + stable-1.3 + v1.3.1 + e89f66eca974d2a9d5d89271c6041daefdab2105 + + + stable-1.4 + v1.4.1 + v1.4.2 + e89f66eca974d2a9d5d89271c6041daefdab2105 + + + stable-1.5 + v1.5.1 + v1.5.2 + v1.5.3 + e89f66eca974d2a9d5d89271c6041daefdab2105 + + + stable-1.6 + v1.6.1 + v1.6.2 + e89f66eca974d2a9d5d89271c6041daefdab2105 + + + stable-1.7 + v1.7.1 + v1.7.2 + e89f66eca974d2a9d5d89271c6041daefdab2105 + + + stable-2.0 + v2.0.1 + v2.0.2 + e89f66eca974d2a9d5d89271c6041daefdab2105 + + + stable-2.1 + v2.1.1 + v2.1.2 + v2.1.3 + e89f66eca974d2a9d5d89271c6041daefdab2105 + + + stable-2.2 + v2.2.1 + e89f66eca974d2a9d5d89271c6041daefdab2105 + + + stable-2.3 + v2.3.1 + e89f66eca974d2a9d5d89271c6041daefdab2105 + + + stable-2.4 + v2.4.0.1 + v2.4.1 + e89f66eca974d2a9d5d89271c6041daefdab2105 + + + stable-2.5 + v2.5.1 + v2.5.1.1 + e89f66eca974d2a9d5d89271c6041daefdab2105 + + + stable-2.6 + v2.6.1 + v2.6.2 + e89f66eca974d2a9d5d89271c6041daefdab2105 + + + stable-2.7 + v2.7.1 + e89f66eca974d2a9d5d89271c6041daefdab2105 + + + stable-2.8 + v2.8.1 + v2.8.1.1 + e89f66eca974d2a9d5d89271c6041daefdab2105 + + + stable-2.9 + v2.9.1 + e89f66eca974d2a9d5d89271c6041daefdab2105 + + + stable-2.10 + v2.10.1 + v2.10.2 + e89f66eca974d2a9d5d89271c6041daefdab2105 + + + stable-2.11 + v2.11.1 + v2.11.2 + e89f66eca974d2a9d5d89271c6041daefdab2105 + + + + diff --git a/secnotice/2018/005.xml b/secnotice/2018/005.xml new file mode 100644 index 0000000..55a2374 --- /dev/null +++ b/secnotice/2018/005.xml @@ -0,0 +1,225 @@ + + 2018-005 + + ne2000 integer overflow in buffer access + + + + + + + + + + + + + + + + Daniel Shapira + daniel@twistlock.com + + + Jason Wang + jasonwang@redhat.com + + + + + 20180522 + 20180926 + + + + + + + + + + master + + 0caf499e2f26ae305a16ae2c4e7a2f295ddf64d1 + + v1.0 + v1.1.0 + v1.2.0 + v1.3.0 + v1.4.0 + v1.5.0 + v1.6.0 + v1.7.0 + v2.0.0 + v2.1.0 + v2.2.0 + v2.3.0 + v2.4.0 + v2.5.0 + v2.6.0 + v2.7.0 + v2.8.0 + v2.9.0 + v2.10.0 + v2.11.0 + v2.12.0 + v3.0.0 + 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + + stable-0.11 + v0.11.0 + v0.11.1 + 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + + stable-0.12 + v0.12.0 + v0.12.1 + v0.12.2 + v0.12.3 + v0.12.4 + v0.12.5 + 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + + stable-0.13 + v0.13.0 + 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + + stable-0.14 + v0.14.0 + v0.14.1 + 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + + stable-0.15 + v0.15.0 + v0.15.1 + 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + + stable-1.0 + v1.0.1 + 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + + stable-1.1 + v1.1.1 + v1.1.2 + 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + + stable-1.2 + v1.2.1 + v1.2.2 + 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + + stable-1.3 + v1.3.1 + 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + + stable-1.4 + v1.4.1 + v1.4.2 + 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + + stable-1.5 + v1.5.1 + v1.5.2 + v1.5.3 + 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + + stable-1.6 + v1.6.1 + v1.6.2 + 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + + stable-1.7 + v1.7.1 + v1.7.2 + 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + + stable-2.0 + v2.0.1 + v2.0.2 + 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + + stable-2.1 + v2.1.1 + v2.1.2 + v2.1.3 + 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + + stable-2.2 + v2.2.1 + 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + + stable-2.3 + v2.3.1 + 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + + stable-2.4 + v2.4.0.1 + v2.4.1 + 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + + stable-2.5 + v2.5.1 + v2.5.1.1 + 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + + stable-2.6 + v2.6.1 + v2.6.2 + 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + + stable-2.7 + v2.7.1 + 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + + stable-2.8 + v2.8.1 + v2.8.1.1 + 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + + stable-2.9 + v2.9.1 + 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + + stable-2.10 + v2.10.1 + v2.10.2 + 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + + stable-2.11 + v2.11.1 + v2.11.2 + 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + + stable-2.12 + v2.12.1 + 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + + + diff --git a/secnotice/2018/006.xml b/secnotice/2018/006.xml new file mode 100644 index 0000000..7a7908c --- /dev/null +++ b/secnotice/2018/006.xml @@ -0,0 +1,247 @@ + + 2018-006 + + slirp buffer overflow assembling fragmented datastream + + + + + + + + + + + + + + + + ZDI Disclosures + zdi-disclosures@trendmicro.com + + + Prasad J Pandit + pjp@fedoraproject.org + + + + + 20180427 + 20180605 + 20180608 + + + + + + + + + master + v3.0.0 + 864036e251f54c99d31df124aad7f34f01f5344c + bac5ba3dc5da706f52c149fa6c0bd1dc96899bec + v0.6.0 + v0.6.1 + v0.7.0 + v0.7.1 + v0.8.1 + v0.8.2 + v0.9.0 + v0.9.1 + v1.0 + v1.1.0 + v1.2.0 + v1.3.0 + v1.4.0 + v1.5.0 + v1.6.0 + v1.7.0 + v2.0.0 + v2.1.0 + v2.2.0 + v2.3.0 + v2.4.0 + v2.5.0 + v2.6.0 + v2.7.0 + v2.8.0 + v2.9.0 + v2.10.0 + v2.11.0 + v2.12.0 + f0cbd3ec9f4a3de1a9ef94deda09704543889f44 + + + stable-0.10 + v0.10.0 + v0.10.1 + v0.10.2 + v0.10.3 + v0.10.4 + v0.10.5 + v0.10.6 + f0cbd3ec9f4a3de1a9ef94deda09704543889f44 + + + stable-0.11 + v0.11.0 + v0.11.1 + f0cbd3ec9f4a3de1a9ef94deda09704543889f44 + + + stable-0.12 + v0.12.0 + v0.12.1 + v0.12.2 + v0.12.3 + v0.12.4 + v0.12.5 + f0cbd3ec9f4a3de1a9ef94deda09704543889f44 + + + stable-0.13 + v0.13.0 + f0cbd3ec9f4a3de1a9ef94deda09704543889f44 + + + stable-0.14 + v0.14.0 + v0.14.1 + f0cbd3ec9f4a3de1a9ef94deda09704543889f44 + + + stable-0.15 + v0.15.0 + v0.15.1 + f0cbd3ec9f4a3de1a9ef94deda09704543889f44 + + + stable-1.0 + v1.0.1 + f0cbd3ec9f4a3de1a9ef94deda09704543889f44 + + + stable-1.1 + v1.1.1 + v1.1.2 + f0cbd3ec9f4a3de1a9ef94deda09704543889f44 + + + stable-1.2 + v1.2.1 + v1.2.2 + f0cbd3ec9f4a3de1a9ef94deda09704543889f44 + + + stable-1.3 + v1.3.1 + f0cbd3ec9f4a3de1a9ef94deda09704543889f44 + + + stable-1.4 + v1.4.1 + v1.4.2 + f0cbd3ec9f4a3de1a9ef94deda09704543889f44 + + + stable-1.5 + v1.5.1 + v1.5.2 + v1.5.3 + f0cbd3ec9f4a3de1a9ef94deda09704543889f44 + + + stable-1.6 + v1.6.1 + v1.6.2 + f0cbd3ec9f4a3de1a9ef94deda09704543889f44 + + + stable-1.7 + v1.7.1 + v1.7.2 + f0cbd3ec9f4a3de1a9ef94deda09704543889f44 + + + stable-2.0 + v2.0.1 + v2.0.2 + f0cbd3ec9f4a3de1a9ef94deda09704543889f44 + + + stable-2.1 + v2.1.1 + v2.1.2 + v2.1.3 + f0cbd3ec9f4a3de1a9ef94deda09704543889f44 + + + stable-2.2 + v2.2.1 + f0cbd3ec9f4a3de1a9ef94deda09704543889f44 + + + stable-2.3 + v2.3.1 + f0cbd3ec9f4a3de1a9ef94deda09704543889f44 + + + stable-2.4 + v2.4.0.1 + v2.4.1 + f0cbd3ec9f4a3de1a9ef94deda09704543889f44 + + + stable-2.5 + v2.5.1 + v2.5.1.1 + f0cbd3ec9f4a3de1a9ef94deda09704543889f44 + + + stable-2.6 + v2.6.1 + v2.6.2 + f0cbd3ec9f4a3de1a9ef94deda09704543889f44 + + + stable-2.7 + v2.7.1 + f0cbd3ec9f4a3de1a9ef94deda09704543889f44 + + + stable-2.8 + v2.8.1 + v2.8.1.1 + f0cbd3ec9f4a3de1a9ef94deda09704543889f44 + + + stable-2.9 + v2.9.1 + f0cbd3ec9f4a3de1a9ef94deda09704543889f44 + + + stable-2.10 + v2.10.1 + v2.10.2 + f0cbd3ec9f4a3de1a9ef94deda09704543889f44 + + + stable-2.11 + v2.11.1 + v2.11.2 + f0cbd3ec9f4a3de1a9ef94deda09704543889f44 + + + stable-2.12 + v2.12.1 + f0cbd3ec9f4a3de1a9ef94deda09704543889f44 + + + + diff --git a/secnotice/2018/007.xml b/secnotice/2018/007.xml new file mode 100644 index 0000000..4de353b --- /dev/null +++ b/secnotice/2018/007.xml @@ -0,0 +1,201 @@ + + 2018-007 + + qemu-guest-agent integer overflow reading guest file + + + + + + + + + + + + + + + + Fakhri Zulkifli + mohdfakhrizulkifli@gmail.com + + + Prasad J Pandit + pjp@fedoraproject.org + + + + + 20180622 + 20180622 + 20180705 + + + + + + + + + master + v3.0.0 + 141b197408ab398c4f474ac1a728ab316e921f2b + 8beb8cc64da2868acec270e4becb9fea8f9093dc + v1.0 + v1.1.0 + v1.2.0 + v1.3.0 + v1.4.0 + v1.5.0 + v1.6.0 + v1.7.0 + v2.0.0 + v2.1.0 + v2.2.0 + v2.3.0 + v2.4.0 + v2.5.0 + v2.6.0 + v2.7.0 + v2.8.0 + v2.9.0 + v2.10.0 + v2.11.0 + v2.12.0 + e3d4d25206a13ca48936e4357a53591997ce6d57 + + + stable-0.15 + v0.15.0 + v0.15.1 + e3d4d25206a13ca48936e4357a53591997ce6d57 + + + stable-1.0 + v1.0.1 + e3d4d25206a13ca48936e4357a53591997ce6d57 + + + stable-1.1 + v1.1.1 + v1.1.2 + e3d4d25206a13ca48936e4357a53591997ce6d57 + + + stable-1.2 + v1.2.1 + v1.2.2 + e3d4d25206a13ca48936e4357a53591997ce6d57 + + + stable-1.3 + v1.3.1 + e3d4d25206a13ca48936e4357a53591997ce6d57 + + + stable-1.4 + v1.4.1 + v1.4.2 + e3d4d25206a13ca48936e4357a53591997ce6d57 + + + stable-1.5 + v1.5.1 + v1.5.2 + v1.5.3 + e3d4d25206a13ca48936e4357a53591997ce6d57 + + + stable-1.6 + v1.6.1 + v1.6.2 + e3d4d25206a13ca48936e4357a53591997ce6d57 + + + stable-1.7 + v1.7.1 + v1.7.2 + e3d4d25206a13ca48936e4357a53591997ce6d57 + + + stable-2.0 + v2.0.1 + v2.0.2 + e3d4d25206a13ca48936e4357a53591997ce6d57 + + + stable-2.1 + v2.1.1 + v2.1.2 + v2.1.3 + e3d4d25206a13ca48936e4357a53591997ce6d57 + + + stable-2.2 + v2.2.1 + e3d4d25206a13ca48936e4357a53591997ce6d57 + + + stable-2.3 + v2.3.1 + e3d4d25206a13ca48936e4357a53591997ce6d57 + + + stable-2.4 + v2.4.0.1 + v2.4.1 + e3d4d25206a13ca48936e4357a53591997ce6d57 + + + stable-2.5 + v2.5.1 + v2.5.1.1 + e3d4d25206a13ca48936e4357a53591997ce6d57 + + + stable-2.6 + v2.6.1 + v2.6.2 + e3d4d25206a13ca48936e4357a53591997ce6d57 + + + stable-2.7 + v2.7.1 + e3d4d25206a13ca48936e4357a53591997ce6d57 + + + stable-2.8 + v2.8.1 + v2.8.1.1 + e3d4d25206a13ca48936e4357a53591997ce6d57 + + + stable-2.9 + v2.9.1 + e3d4d25206a13ca48936e4357a53591997ce6d57 + + + stable-2.10 + v2.10.1 + v2.10.2 + e3d4d25206a13ca48936e4357a53591997ce6d57 + + + stable-2.11 + v2.11.1 + v2.11.2 + e3d4d25206a13ca48936e4357a53591997ce6d57 + + + stable-2.12 + v2.12.1 + e3d4d25206a13ca48936e4357a53591997ce6d57 + + + + diff --git a/secnotice/2018/008.xml b/secnotice/2018/008.xml new file mode 100644 index 0000000..5cf8d5a --- /dev/null +++ b/secnotice/2018/008.xml @@ -0,0 +1,225 @@ + + 2018-008 + + rtl8139 integer overflow accessing buffer + + + + + + + + + + + + + + + + Daniel Shapira + daniel@twistlock.com + + + Jason Wang + jasonwang@redhat.com + + + + + 20180521 + 20180926 + + + + + + + + + + master + + 784b912f722bc86126b290c00de72c1bc8d34950 + + v1.0 + v1.1.0 + v1.2.0 + v1.3.0 + v1.4.0 + v1.5.0 + v1.6.0 + v1.7.0 + v2.0.0 + v2.1.0 + v2.2.0 + v2.3.0 + v2.4.0 + v2.5.0 + v2.6.0 + v2.7.0 + v2.8.0 + v2.9.0 + v2.10.0 + v2.11.0 + v2.12.0 + v3.0.0 + 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + + stable-0.11 + v0.11.0 + v0.11.1 + 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + + stable-0.12 + v0.12.0 + v0.12.1 + v0.12.2 + v0.12.3 + v0.12.4 + v0.12.5 + 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + + stable-0.13 + v0.13.0 + 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + + stable-0.14 + v0.14.0 + v0.14.1 + 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + + stable-0.15 + v0.15.0 + v0.15.1 + 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + + stable-1.0 + v1.0.1 + 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + + stable-1.1 + v1.1.1 + v1.1.2 + 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + + stable-1.2 + v1.2.1 + v1.2.2 + 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + + stable-1.3 + v1.3.1 + 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + + stable-1.4 + v1.4.1 + v1.4.2 + 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + + stable-1.5 + v1.5.1 + v1.5.2 + v1.5.3 + 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + + stable-1.6 + v1.6.1 + v1.6.2 + 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + + stable-1.7 + v1.7.1 + v1.7.2 + 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + + stable-2.0 + v2.0.1 + v2.0.2 + 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + + stable-2.1 + v2.1.1 + v2.1.2 + v2.1.3 + 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + + stable-2.2 + v2.2.1 + 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + + stable-2.3 + v2.3.1 + 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + + stable-2.4 + v2.4.0.1 + v2.4.1 + 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + + stable-2.5 + v2.5.1 + v2.5.1.1 + 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + + stable-2.6 + v2.6.1 + v2.6.2 + 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + + stable-2.7 + v2.7.1 + 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + + stable-2.8 + v2.8.1 + v2.8.1.1 + 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + + stable-2.9 + v2.9.1 + 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + + stable-2.10 + v2.10.1 + v2.10.2 + 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + + stable-2.11 + v2.11.1 + v2.11.2 + 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + + stable-2.12 + v2.12.1 + 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + + + diff --git a/secnotice/2018/009.xml b/secnotice/2018/009.xml new file mode 100644 index 0000000..6ad782f --- /dev/null +++ b/secnotice/2018/009.xml @@ -0,0 +1,225 @@ + + 2018-009 + + pcnet integer overflow accessing buffer + + + + + + + + + + + + + + + + Daniel Shapira + daniel@twistlock.com + + + Jason Wang + jasonwang@redhat.com + + + + + 20180521 + 20180926 + + + + + + + + + + master + + 2fc84f6b39577ccd6fd57bdd270902f5098c3a88 + + v1.0 + v1.1.0 + v1.2.0 + v1.3.0 + v1.4.0 + v1.5.0 + v1.6.0 + v1.7.0 + v2.0.0 + v2.1.0 + v2.2.0 + v2.3.0 + v2.4.0 + v2.5.0 + v2.6.0 + v2.7.0 + v2.8.0 + v2.9.0 + v2.10.0 + v2.11.0 + v2.12.0 + v3.0.0 + 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + + stable-0.11 + v0.11.0 + v0.11.1 + 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + + stable-0.12 + v0.12.0 + v0.12.1 + v0.12.2 + v0.12.3 + v0.12.4 + v0.12.5 + 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + + stable-0.13 + v0.13.0 + 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + + stable-0.14 + v0.14.0 + v0.14.1 + 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + + stable-0.15 + v0.15.0 + v0.15.1 + 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + + stable-1.0 + v1.0.1 + 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + + stable-1.1 + v1.1.1 + v1.1.2 + 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + + stable-1.2 + v1.2.1 + v1.2.2 + 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + + stable-1.3 + v1.3.1 + 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + + stable-1.4 + v1.4.1 + v1.4.2 + 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + + stable-1.5 + v1.5.1 + v1.5.2 + v1.5.3 + 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + + stable-1.6 + v1.6.1 + v1.6.2 + 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + + stable-1.7 + v1.7.1 + v1.7.2 + 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + + stable-2.0 + v2.0.1 + v2.0.2 + 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + + stable-2.1 + v2.1.1 + v2.1.2 + v2.1.3 + 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + + stable-2.2 + v2.2.1 + 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + + stable-2.3 + v2.3.1 + 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + + stable-2.4 + v2.4.0.1 + v2.4.1 + 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + + stable-2.5 + v2.5.1 + v2.5.1.1 + 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + + stable-2.6 + v2.6.1 + v2.6.2 + 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + + stable-2.7 + v2.7.1 + 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + + stable-2.8 + v2.8.1 + v2.8.1.1 + 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + + stable-2.9 + v2.9.1 + 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + + stable-2.10 + v2.10.1 + v2.10.2 + 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + + stable-2.11 + v2.11.1 + v2.11.2 + 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + + stable-2.12 + v2.12.1 + 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + + + diff --git a/secnotice/2018/010.xml b/secnotice/2018/010.xml new file mode 100644 index 0000000..23719d4 --- /dev/null +++ b/secnotice/2018/010.xml @@ -0,0 +1,223 @@ + + 2018-010 + + Ignore network packet sizes larger than INT_MAX + + + + + + + + + + + + + + + + Daniel Shapira + daniel@twistlock.com + + + Jason Wang + jasonwang@redhat.com + + + + + 20180521 + 20180926 + + + + + + + + + + master + 9a6ecb308b1c668fff84d56a356dbd595c51d556 + + + master + + 36772a6341af7c0f100b8e55a1e779db5fe818da + + v1.0 + v1.1.0 + v1.2.0 + v1.3.0 + v1.4.0 + v1.5.0 + v1.6.0 + v1.7.0 + v2.0.0 + v2.1.0 + v2.2.0 + v2.3.0 + v2.4.0 + v2.5.0 + v2.6.0 + v2.7.0 + v2.8.0 + v2.9.0 + v2.10.0 + v2.11.0 + v2.12.0 + v3.0.0 + 9a6ecb308b1c668fff84d56a356dbd595c51d556 + + + stable-0.12 + v0.12.0 + v0.12.1 + v0.12.2 + v0.12.3 + v0.12.4 + v0.12.5 + 9a6ecb308b1c668fff84d56a356dbd595c51d556 + + + stable-0.13 + v0.13.0 + 9a6ecb308b1c668fff84d56a356dbd595c51d556 + + + stable-0.14 + v0.14.0 + v0.14.1 + 9a6ecb308b1c668fff84d56a356dbd595c51d556 + + + stable-0.15 + v0.15.0 + v0.15.1 + 9a6ecb308b1c668fff84d56a356dbd595c51d556 + + + stable-1.0 + v1.0.1 + 9a6ecb308b1c668fff84d56a356dbd595c51d556 + + + stable-1.1 + v1.1.1 + v1.1.2 + 9a6ecb308b1c668fff84d56a356dbd595c51d556 + + + stable-1.2 + v1.2.1 + v1.2.2 + 9a6ecb308b1c668fff84d56a356dbd595c51d556 + + + stable-1.3 + v1.3.1 + 9a6ecb308b1c668fff84d56a356dbd595c51d556 + + + stable-1.4 + v1.4.1 + v1.4.2 + 9a6ecb308b1c668fff84d56a356dbd595c51d556 + + + stable-1.5 + v1.5.1 + v1.5.2 + v1.5.3 + 9a6ecb308b1c668fff84d56a356dbd595c51d556 + + + stable-1.6 + v1.6.1 + v1.6.2 + 9a6ecb308b1c668fff84d56a356dbd595c51d556 + + + stable-1.7 + v1.7.1 + v1.7.2 + 9a6ecb308b1c668fff84d56a356dbd595c51d556 + + + stable-2.0 + v2.0.1 + v2.0.2 + 9a6ecb308b1c668fff84d56a356dbd595c51d556 + + + stable-2.1 + v2.1.1 + v2.1.2 + v2.1.3 + 9a6ecb308b1c668fff84d56a356dbd595c51d556 + + + stable-2.2 + v2.2.1 + 9a6ecb308b1c668fff84d56a356dbd595c51d556 + + + stable-2.3 + v2.3.1 + 9a6ecb308b1c668fff84d56a356dbd595c51d556 + + + stable-2.4 + v2.4.0.1 + v2.4.1 + 9a6ecb308b1c668fff84d56a356dbd595c51d556 + + + stable-2.5 + v2.5.1 + v2.5.1.1 + 9a6ecb308b1c668fff84d56a356dbd595c51d556 + + + stable-2.6 + v2.6.1 + v2.6.2 + 9a6ecb308b1c668fff84d56a356dbd595c51d556 + + + stable-2.7 + v2.7.1 + 9a6ecb308b1c668fff84d56a356dbd595c51d556 + + + stable-2.8 + v2.8.1 + v2.8.1.1 + 9a6ecb308b1c668fff84d56a356dbd595c51d556 + + + stable-2.9 + v2.9.1 + 9a6ecb308b1c668fff84d56a356dbd595c51d556 + + + stable-2.10 + v2.10.1 + v2.10.2 + 9a6ecb308b1c668fff84d56a356dbd595c51d556 + + + stable-2.11 + v2.11.1 + v2.11.2 + 9a6ecb308b1c668fff84d56a356dbd595c51d556 + + + stable-2.12 + v2.12.1 + 9a6ecb308b1c668fff84d56a356dbd595c51d556 + + + + diff --git a/secnotice/2018/011.xml b/secnotice/2018/011.xml new file mode 100644 index 0000000..811df0d --- /dev/null +++ b/secnotice/2018/011.xml @@ -0,0 +1,199 @@ + + 2018-011 + + CCID integer overflow reading data + + + + + + + + + + + + + + + + Arash Tohidi + tohidi.arash@gmail.com + + + Philippe Mathieu-Daudé + philmd@redhat.com + + + + + 20180726 + 20181011 + + + + + + + + + + master + + + + v1.0 + v1.1.0 + v1.2.0 + v1.3.0 + v1.4.0 + v1.5.0 + v1.6.0 + v1.7.0 + v2.0.0 + v2.1.0 + v2.2.0 + v2.3.0 + v2.4.0 + v2.5.0 + v2.6.0 + v2.7.0 + v2.8.0 + v2.9.0 + v2.10.0 + v2.11.0 + v2.12.0 + v3.0.0 + edbb21363fbfe40e050f583df921484cbc31c79d + + + stable-0.15 + v0.15.0 + v0.15.1 + edbb21363fbfe40e050f583df921484cbc31c79d + + + stable-1.0 + v1.0.1 + edbb21363fbfe40e050f583df921484cbc31c79d + + + stable-1.1 + v1.1.1 + v1.1.2 + edbb21363fbfe40e050f583df921484cbc31c79d + + + stable-1.2 + v1.2.1 + v1.2.2 + edbb21363fbfe40e050f583df921484cbc31c79d + + + stable-1.3 + v1.3.1 + edbb21363fbfe40e050f583df921484cbc31c79d + + + stable-1.4 + v1.4.1 + v1.4.2 + edbb21363fbfe40e050f583df921484cbc31c79d + + + stable-1.5 + v1.5.1 + v1.5.2 + v1.5.3 + edbb21363fbfe40e050f583df921484cbc31c79d + + + stable-1.6 + v1.6.1 + v1.6.2 + edbb21363fbfe40e050f583df921484cbc31c79d + + + stable-1.7 + v1.7.1 + v1.7.2 + edbb21363fbfe40e050f583df921484cbc31c79d + + + stable-2.0 + v2.0.1 + v2.0.2 + edbb21363fbfe40e050f583df921484cbc31c79d + + + stable-2.1 + v2.1.1 + v2.1.2 + v2.1.3 + edbb21363fbfe40e050f583df921484cbc31c79d + + + stable-2.2 + v2.2.1 + edbb21363fbfe40e050f583df921484cbc31c79d + + + stable-2.3 + v2.3.1 + edbb21363fbfe40e050f583df921484cbc31c79d + + + stable-2.4 + v2.4.0.1 + v2.4.1 + edbb21363fbfe40e050f583df921484cbc31c79d + + + stable-2.5 + v2.5.1 + v2.5.1.1 + edbb21363fbfe40e050f583df921484cbc31c79d + + + stable-2.6 + v2.6.1 + v2.6.2 + edbb21363fbfe40e050f583df921484cbc31c79d + + + stable-2.7 + v2.7.1 + edbb21363fbfe40e050f583df921484cbc31c79d + + + stable-2.8 + v2.8.1 + v2.8.1.1 + edbb21363fbfe40e050f583df921484cbc31c79d + + + stable-2.9 + v2.9.1 + edbb21363fbfe40e050f583df921484cbc31c79d + + + stable-2.10 + v2.10.1 + v2.10.2 + edbb21363fbfe40e050f583df921484cbc31c79d + + + stable-2.11 + v2.11.1 + v2.11.2 + edbb21363fbfe40e050f583df921484cbc31c79d + + + stable-2.12 + v2.12.1 + edbb21363fbfe40e050f583df921484cbc31c79d + + + + From patchwork Thu Oct 18 14:52:03 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= X-Patchwork-Id: 10647463 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 966AC15E2 for ; Thu, 18 Oct 2018 15:08:30 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 4689D28627 for ; Thu, 18 Oct 2018 15:08:30 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 33FC728C60; Thu, 18 Oct 2018 15:08:30 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id C427E28627 for ; Thu, 18 Oct 2018 15:08:13 +0000 (UTC) Received: from localhost ([::1]:42908 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gD9uG-0003aE-VT for patchwork-qemu-devel@patchwork.kernel.org; Thu, 18 Oct 2018 11:08:13 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:43440) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gD9fe-00070e-Vd for qemu-devel@nongnu.org; Thu, 18 Oct 2018 10:53:36 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1gD9fD-0000cx-JH for qemu-devel@nongnu.org; Thu, 18 Oct 2018 10:53:06 -0400 Received: from mx1.redhat.com ([209.132.183.28]:36156) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1gD9fC-0000Nq-5j for qemu-devel@nongnu.org; Thu, 18 Oct 2018 10:52:39 -0400 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 4DB88308403E; Thu, 18 Oct 2018 14:52:17 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-116-207.ams2.redhat.com [10.36.116.207]) by smtp.corp.redhat.com (Postfix) with ESMTP id 57D7D63BAC; Thu, 18 Oct 2018 14:52:14 +0000 (UTC) From: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= To: qemu-devel@nongnu.org Date: Thu, 18 Oct 2018 15:52:03 +0100 Message-Id: <20181018145203.11336-5-berrange@redhat.com> In-Reply-To: <20181018145203.11336-1-berrange@redhat.com> References: <20181018145203.11336-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.40]); Thu, 18 Oct 2018 14:52:17 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [web PATCH 4/4] Update pre-rendered content X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Paolo Bonzini , Thomas Huth , Prasad J Pandit Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" X-Virus-Scanned: ClamAV using ClamSMTP Signed-off-by: Daniel P. Berrangé --- secnotice/2018/001.html | 1043 ++++++++++++++++++++++++++++++++++++ secnotice/2018/001.txt | 210 ++++++++ secnotice/2018/002.html | 1044 ++++++++++++++++++++++++++++++++++++ secnotice/2018/002.txt | 206 ++++++++ secnotice/2018/003.html | 766 +++++++++++++++++++++++++++ secnotice/2018/003.txt | 160 ++++++ secnotice/2018/004.html | 1045 ++++++++++++++++++++++++++++++++++++ secnotice/2018/004.txt | 206 ++++++++ secnotice/2018/005.html | 952 +++++++++++++++++++++++++++++++++ secnotice/2018/005.txt | 191 +++++++ secnotice/2018/006.html | 1056 +++++++++++++++++++++++++++++++++++++ secnotice/2018/006.txt | 210 ++++++++ secnotice/2018/007.html | 820 ++++++++++++++++++++++++++++ secnotice/2018/007.txt | 169 ++++++ secnotice/2018/008.html | 952 +++++++++++++++++++++++++++++++++ secnotice/2018/008.txt | 191 +++++++ secnotice/2018/009.html | 952 +++++++++++++++++++++++++++++++++ secnotice/2018/009.txt | 192 +++++++ secnotice/2018/010.html | 940 +++++++++++++++++++++++++++++++++ secnotice/2018/010.txt | 188 +++++++ secnotice/2018/011.html | 823 +++++++++++++++++++++++++++++ secnotice/2018/011.txt | 169 ++++++ secnotice/2018/index.html | 46 ++ secnotice/2018/index.xml | 13 + secnotice/index.html | 46 ++ secnotice/index.xml | 13 + 26 files changed, 12603 insertions(+) create mode 100644 secnotice/2018/001.html create mode 100644 secnotice/2018/001.txt create mode 100644 secnotice/2018/002.html create mode 100644 secnotice/2018/002.txt create mode 100644 secnotice/2018/003.html create mode 100644 secnotice/2018/003.txt create mode 100644 secnotice/2018/004.html create mode 100644 secnotice/2018/004.txt create mode 100644 secnotice/2018/005.html create mode 100644 secnotice/2018/005.txt create mode 100644 secnotice/2018/006.html create mode 100644 secnotice/2018/006.txt create mode 100644 secnotice/2018/007.html create mode 100644 secnotice/2018/007.txt create mode 100644 secnotice/2018/008.html create mode 100644 secnotice/2018/008.txt create mode 100644 secnotice/2018/009.html create mode 100644 secnotice/2018/009.txt create mode 100644 secnotice/2018/010.html create mode 100644 secnotice/2018/010.txt create mode 100644 secnotice/2018/011.html create mode 100644 secnotice/2018/011.txt create mode 100644 secnotice/2018/index.html create mode 100644 secnotice/2018/index.xml create mode 100644 secnotice/index.html create mode 100644 secnotice/index.xml diff --git a/secnotice/2018/001.html b/secnotice/2018/001.html new file mode 100644 index 0000000..5395079 --- /dev/null +++ b/secnotice/2018/001.html @@ -0,0 +1,1043 @@ +--- +title: 'QSN-2018-001: Speculative store bypass' +layout: secnotice +permalink: /secnotice/2018/001 +--- + +
    +
    +

    Speculative store bypass

    +

    Lifecycle

    + + + + + + + + + + + + + +
    Reported on:20180312
    Published on:20180521
    Fixed on:20180626
    +

    Credits

    + + + + + + + + + + + + + + + +
    Reported by: + Ken Johnson (Microsoft Security Response Center) +
    + + Jann Horn (Google Project Zero) +
    Patched by: + Daniel P. Berrangé +
    + + Konrad Rzeszutek Wilk +
    +

    See also

    + +

    Description

    +

    +An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). + +It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). + +

    +

    Impact

    +

    +As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. +

    +

    Mitigation

    +

    +None +

    +

    + Alternative formats: + [xml] [text]

    +
    +
    diff --git a/secnotice/2018/001.txt b/secnotice/2018/001.txt new file mode 100644 index 0000000..3d75341 --- /dev/null +++ b/secnotice/2018/001.txt @@ -0,0 +1,210 @@ + QEMU Security Notice: QSN-2018-001 + ================================== + + Summary: Speculative store bypass + Reported on: 20180312 + Published on: 20180521 + Fixed on: 20180626 + Reported by: Ken Johnson (Microsoft Security Response Center) <> + Jann Horn (Google Project Zero) <> + Patched by: Daniel P. Berrangé , + Konrad Rzeszutek Wilk + See also: CVE-2018-3639 + +Description +----------- + +An industry-wide issue was found in the way many modern +microprocessor designs have implemented speculative execution of +Load & Store instructions (a commonly used performance +optimization). It relies on the presence of a precisely-defined +instruction sequence in the privileged code as well as the fact that +memory read from address to which a recent memory write has occurred +may see an older value and subsequently cause an update into the +microprocessor's data cache even for speculatively executed +instructions that never actually commit (retire). + +Impact +------ + +As a result, an unprivileged attacker could use this flaw to read +privileged memory by conducting targeted cache side-channel attacks. + +Mitigation +---------- + +None + +Related commits +---------------- + + git://git.qemu.org/qemu.git + https://git.qemu.org/?p=qemu.git + + Branch: master + Broken in: v0.10.1 + Broken in: v0.10.2 + Broken in: v1.0 + Broken in: v1.1.0 + Broken in: v1.2.0 + Broken in: v1.3.0 + Broken in: v1.4.0 + Broken in: v1.5.0 + Broken in: v1.6.0 + Broken in: v1.7.0 + Broken in: v2.0.0 + Broken in: v2.1.0 + Broken in: v2.2.0 + Broken in: v2.3.0 + Broken in: v2.4.0 + Broken in: v2.5.0 + Broken in: v2.6.0 + Broken in: v2.7.0 + Broken in: v2.8.0 + Broken in: v2.9.0 + Broken in: v2.10.0 + Broken in: v2.11.0 + Broken in: v2.12.0 + Broken in: v3.0.0 + Fixed in: + Broken by: 7ba1e61953f4592606e60b2e7507ff6a6faf861a + Fixed by: d19d1f965904a533998739698020ff4ee8a103da + Fixed by: 403503b162ffc33fb64cfefdf7b880acf41772cd + Fixed by: a764f3f7197f4d7ad8fe8424269933de912224cb + + Branch: stable-0.10 + Broken in: v0.10.0 + Broken in: v0.10.3 + Broken in: v0.10.4 + Broken in: v0.10.5 + Broken in: v0.10.6 + Broken by: 7ba1e61953f4592606e60b2e7507ff6a6faf861a + + Branch: stable-0.11 + Broken in: v0.11.0 + Broken in: v0.11.1 + Broken by: 7ba1e61953f4592606e60b2e7507ff6a6faf861a + + Branch: stable-0.12 + Broken in: v0.12.0 + Broken in: v0.12.1 + Broken in: v0.12.2 + Broken in: v0.12.3 + Broken in: v0.12.4 + Broken in: v0.12.5 + Broken by: 7ba1e61953f4592606e60b2e7507ff6a6faf861a + + Branch: stable-0.13 + Broken in: v0.13.0 + Broken by: 7ba1e61953f4592606e60b2e7507ff6a6faf861a + + Branch: stable-0.14 + Broken in: v0.14.0 + Broken in: v0.14.1 + Broken by: 7ba1e61953f4592606e60b2e7507ff6a6faf861a + + Branch: stable-0.15 + Broken in: v0.15.0 + Broken in: v0.15.1 + Broken by: 7ba1e61953f4592606e60b2e7507ff6a6faf861a + + Branch: stable-1.0 + Broken in: v1.0.1 + Broken by: 7ba1e61953f4592606e60b2e7507ff6a6faf861a + + Branch: stable-1.1 + Broken in: v1.1.1 + Broken in: v1.1.2 + Broken by: 7ba1e61953f4592606e60b2e7507ff6a6faf861a + + Branch: stable-1.2 + Broken in: v1.2.1 + Broken in: v1.2.2 + Broken by: 7ba1e61953f4592606e60b2e7507ff6a6faf861a + + Branch: stable-1.3 + Broken in: v1.3.1 + Broken by: 7ba1e61953f4592606e60b2e7507ff6a6faf861a + + Branch: stable-1.4 + Broken in: v1.4.1 + Broken in: v1.4.2 + Broken by: 7ba1e61953f4592606e60b2e7507ff6a6faf861a + + Branch: stable-1.5 + Broken in: v1.5.1 + Broken in: v1.5.2 + Broken in: v1.5.3 + Broken by: 7ba1e61953f4592606e60b2e7507ff6a6faf861a + + Branch: stable-1.6 + Broken in: v1.6.1 + Broken in: v1.6.2 + Broken by: 7ba1e61953f4592606e60b2e7507ff6a6faf861a + + Branch: stable-1.7 + Broken in: v1.7.1 + Broken in: v1.7.2 + Broken by: 7ba1e61953f4592606e60b2e7507ff6a6faf861a + + Branch: stable-2.0 + Broken in: v2.0.1 + Broken in: v2.0.2 + Broken by: 7ba1e61953f4592606e60b2e7507ff6a6faf861a + + Branch: stable-2.1 + Broken in: v2.1.1 + Broken in: v2.1.2 + Broken in: v2.1.3 + Broken by: 7ba1e61953f4592606e60b2e7507ff6a6faf861a + + Branch: stable-2.2 + Broken in: v2.2.1 + Broken by: 7ba1e61953f4592606e60b2e7507ff6a6faf861a + + Branch: stable-2.3 + Broken in: v2.3.1 + Broken by: 7ba1e61953f4592606e60b2e7507ff6a6faf861a + + Branch: stable-2.4 + Broken in: v2.4.0.1 + Broken in: v2.4.1 + Broken by: 7ba1e61953f4592606e60b2e7507ff6a6faf861a + + Branch: stable-2.5 + Broken in: v2.5.1 + Broken in: v2.5.1.1 + Broken by: 7ba1e61953f4592606e60b2e7507ff6a6faf861a + + Branch: stable-2.6 + Broken in: v2.6.1 + Broken in: v2.6.2 + Broken by: 7ba1e61953f4592606e60b2e7507ff6a6faf861a + + Branch: stable-2.7 + Broken in: v2.7.1 + Broken by: 7ba1e61953f4592606e60b2e7507ff6a6faf861a + + Branch: stable-2.8 + Broken in: v2.8.1 + Broken in: v2.8.1.1 + Broken by: 7ba1e61953f4592606e60b2e7507ff6a6faf861a + + Branch: stable-2.9 + Broken in: v2.9.1 + Broken by: 7ba1e61953f4592606e60b2e7507ff6a6faf861a + + Branch: stable-2.10 + Broken in: v2.10.1 + Broken in: v2.10.2 + Broken by: 7ba1e61953f4592606e60b2e7507ff6a6faf861a + + Branch: stable-2.11 + Broken in: v2.11.1 + Broken in: v2.11.2 + Broken by: 7ba1e61953f4592606e60b2e7507ff6a6faf861a + + Branch: stable-2.12 + Broken in: v2.12.1 + Broken by: 7ba1e61953f4592606e60b2e7507ff6a6faf861a + diff --git a/secnotice/2018/002.html b/secnotice/2018/002.html new file mode 100644 index 0000000..ea8d96f --- /dev/null +++ b/secnotice/2018/002.html @@ -0,0 +1,1044 @@ +--- +title: 'QSN-2018-002: VGA out of bounds in vga_draw_text' +layout: secnotice +permalink: /secnotice/2018/002 +--- + +
    +
    +

    VGA out of bounds in vga_draw_text

    +

    Lifecycle

    + + + + + + + + + + + + + +
    Reported on:20171228
    Published on:20171225
    Fixed on:20180125
    +

    Credits

    + + + + + + + + + +
    Reported by: + Jiang Xin +
    Patched by: + Lin ZheCheng +
    +

    See also

    + +

    Description

    +

    +Quick Emulator(QEMU) built with the VGA emulator support is vulnerable to an out-of-bounds access issue in vga_draw_text. It could occur while updating vga display area. +

    +

    Impact

    +

    +A privileged user inside guest could use this flaw to crash the Qemu process +resulting in DoS. +

    +

    Mitigation

    +

    +Disable graphics adapters if the virtual machines can be operated +via the serial console +

    +

    + Alternative formats: + [xml] [text]

    +
    +
    diff --git a/secnotice/2018/002.txt b/secnotice/2018/002.txt new file mode 100644 index 0000000..b817b7f --- /dev/null +++ b/secnotice/2018/002.txt @@ -0,0 +1,206 @@ + QEMU Security Notice: QSN-2018-002 + ================================== + + Summary: VGA out of bounds in vga_draw_text + Reported on: 20171228 + Published on: 20171225 + Fixed on: 20180125 + Reported by: Jiang Xin + Patched by: Lin ZheCheng + See also: CVE-2018-5683 + +Description +----------- + +Quick Emulator(QEMU) built with the VGA emulator support is +vulnerable to an out-of-bounds access issue in vga_draw_text. It +could occur while updating vga display area. + +Impact +------ + +A privileged user inside guest could use this flaw to crash the Qemu +process resulting in DoS. + +Mitigation +---------- + +Disable graphics adapters if the virtual machines can be operated +via the serial console + +Related commits +---------------- + + git://git.qemu.org/qemu.git + https://git.qemu.org/?p=qemu.git + + Branch: master + Broken in: v0.4.4 + Broken in: v0.5.0 + Broken in: v0.5.1 + Broken in: v0.6.0 + Broken in: v0.6.1 + Broken in: v0.7.0 + Broken in: v0.7.1 + Broken in: v0.8.1 + Broken in: v0.8.2 + Broken in: v0.9.0 + Broken in: v0.9.1 + Broken in: v1.0 + Broken in: v1.1.0 + Broken in: v1.2.0 + Broken in: v1.3.0 + Broken in: v1.4.0 + Broken in: v1.5.0 + Broken in: v1.6.0 + Broken in: v1.7.0 + Broken in: v2.0.0 + Broken in: v2.1.0 + Broken in: v2.2.0 + Broken in: v2.3.0 + Broken in: v2.4.0 + Broken in: v2.5.0 + Broken in: v2.6.0 + Broken in: v2.7.0 + Broken in: v2.8.0 + Broken in: v2.9.0 + Broken in: v2.10.0 + Broken in: v2.11.0 + Fixed in: v2.12.0 + Broken by: e89f66eca974d2a9d5d89271c6041daefdab2105 + Fixed by: 191f59dc17396bb5a8da50f8c59b6e0a430711a4 + + Branch: stable-0.10 + Broken in: v0.10.0 + Broken in: v0.10.1 + Broken in: v0.10.2 + Broken in: v0.10.3 + Broken in: v0.10.4 + Broken in: v0.10.5 + Broken in: v0.10.6 + Broken by: e89f66eca974d2a9d5d89271c6041daefdab2105 + + Branch: stable-0.11 + Broken in: v0.11.0 + Broken in: v0.11.1 + Broken by: e89f66eca974d2a9d5d89271c6041daefdab2105 + + Branch: stable-0.12 + Broken in: v0.12.0 + Broken in: v0.12.1 + Broken in: v0.12.2 + Broken in: v0.12.3 + Broken in: v0.12.4 + Broken in: v0.12.5 + Broken by: e89f66eca974d2a9d5d89271c6041daefdab2105 + + Branch: stable-0.13 + Broken in: v0.13.0 + Broken by: e89f66eca974d2a9d5d89271c6041daefdab2105 + + Branch: stable-0.14 + Broken in: v0.14.0 + Broken in: v0.14.1 + Broken by: e89f66eca974d2a9d5d89271c6041daefdab2105 + + Branch: stable-0.15 + Broken in: v0.15.0 + Broken in: v0.15.1 + Broken by: e89f66eca974d2a9d5d89271c6041daefdab2105 + + Branch: stable-1.0 + Broken in: v1.0.1 + Broken by: e89f66eca974d2a9d5d89271c6041daefdab2105 + + Branch: stable-1.1 + Broken in: v1.1.1 + Broken in: v1.1.2 + Broken by: e89f66eca974d2a9d5d89271c6041daefdab2105 + + Branch: stable-1.2 + Broken in: v1.2.1 + Broken in: v1.2.2 + Broken by: e89f66eca974d2a9d5d89271c6041daefdab2105 + + Branch: stable-1.3 + Broken in: v1.3.1 + Broken by: e89f66eca974d2a9d5d89271c6041daefdab2105 + + Branch: stable-1.4 + Broken in: v1.4.1 + Broken in: v1.4.2 + Broken by: e89f66eca974d2a9d5d89271c6041daefdab2105 + + Branch: stable-1.5 + Broken in: v1.5.1 + Broken in: v1.5.2 + Broken in: v1.5.3 + Broken by: e89f66eca974d2a9d5d89271c6041daefdab2105 + + Branch: stable-1.6 + Broken in: v1.6.1 + Broken in: v1.6.2 + Broken by: e89f66eca974d2a9d5d89271c6041daefdab2105 + + Branch: stable-1.7 + Broken in: v1.7.1 + Broken in: v1.7.2 + Broken by: e89f66eca974d2a9d5d89271c6041daefdab2105 + + Branch: stable-2.0 + Broken in: v2.0.1 + Broken in: v2.0.2 + Broken by: e89f66eca974d2a9d5d89271c6041daefdab2105 + + Branch: stable-2.1 + Broken in: v2.1.1 + Broken in: v2.1.2 + Broken in: v2.1.3 + Broken by: e89f66eca974d2a9d5d89271c6041daefdab2105 + + Branch: stable-2.2 + Broken in: v2.2.1 + Broken by: e89f66eca974d2a9d5d89271c6041daefdab2105 + + Branch: stable-2.3 + Broken in: v2.3.1 + Broken by: e89f66eca974d2a9d5d89271c6041daefdab2105 + + Branch: stable-2.4 + Broken in: v2.4.0.1 + Broken in: v2.4.1 + Broken by: e89f66eca974d2a9d5d89271c6041daefdab2105 + + Branch: stable-2.5 + Broken in: v2.5.1 + Broken in: v2.5.1.1 + Broken by: e89f66eca974d2a9d5d89271c6041daefdab2105 + + Branch: stable-2.6 + Broken in: v2.6.1 + Broken in: v2.6.2 + Broken by: e89f66eca974d2a9d5d89271c6041daefdab2105 + + Branch: stable-2.7 + Broken in: v2.7.1 + Broken by: e89f66eca974d2a9d5d89271c6041daefdab2105 + + Branch: stable-2.8 + Broken in: v2.8.1 + Broken in: v2.8.1.1 + Broken by: e89f66eca974d2a9d5d89271c6041daefdab2105 + + Branch: stable-2.9 + Broken in: v2.9.1 + Broken by: e89f66eca974d2a9d5d89271c6041daefdab2105 + + Branch: stable-2.10 + Broken in: v2.10.1 + Broken in: v2.10.2 + Broken by: e89f66eca974d2a9d5d89271c6041daefdab2105 + + Branch: stable-2.11 + Broken in: v2.11.1 + Broken in: v2.11.2 + Broken by: e89f66eca974d2a9d5d89271c6041daefdab2105 + diff --git a/secnotice/2018/003.html b/secnotice/2018/003.html new file mode 100644 index 0000000..8e8530a --- /dev/null +++ b/secnotice/2018/003.html @@ -0,0 +1,766 @@ +--- +title: 'QSN-2018-003: Multiboot out of bounds loading kernel' +layout: secnotice +permalink: /secnotice/2018/003 +--- + +
    +
    +

    Multiboot out of bounds loading kernel

    +

    Lifecycle

    + + + + + + + + + + + + + +
    Reported on:20180221
    Published on:20180227
    Fixed on:20180328
    +

    Credits

    + + + + + + + + + +
    Reported by: + +
    Patched by: + +
    +

    See also

    + +

    Description

    +

    +Quick Emulator(QEMU) built with the PC System Emulator with multiboot feature +support is vulnerable to an OOB memory access issue. It could occur while +loading a kernel image during a guest boot if multiboot head addresses +mh_load_end_addr was greater than mh_bss_end_addr. +

    +

    Impact

    +

    +A user/process could use this flaw to potentially achieve arbitrary code +execution on a host. +

    +

    Mitigation

    +

    +Do not use the -kernel argument to QEMU for providing the boot kernel. +Allow the guest firmware and bootloader (eg grub) to load the boot kernel from +inside the confined guest execution environment +

    +

    + Alternative formats: + [xml] [text]

    +
    +
    diff --git a/secnotice/2018/003.txt b/secnotice/2018/003.txt new file mode 100644 index 0000000..b33b5cb --- /dev/null +++ b/secnotice/2018/003.txt @@ -0,0 +1,160 @@ + QEMU Security Notice: QSN-2018-003 + ================================== + + Summary: Multiboot out of bounds loading kernel + Reported on: 20180221 + Published on: 20180227 + Fixed on: 20180328 + Reported by: <> + Patched by: <> + See also: CVE-2018-7550 + +Description +----------- + +Quick Emulator(QEMU) built with the PC System Emulator with +multiboot feature support is vulnerable to an OOB memory access +issue. It could occur while loading a kernel image during a guest +boot if multiboot head addresses mh_load_end_addr was greater than +mh_bss_end_addr. + +Impact +------ + +A user/process could use this flaw to potentially achieve arbitrary +code execution on a host. + +Mitigation +---------- + +Do not use the -kernel argument to QEMU for providing the boot +kernel. Allow the guest firmware and bootloader (eg grub) to load +the boot kernel from inside the confined guest execution environment + +Related commits +---------------- + + git://git.qemu.org/qemu.git + https://git.qemu.org/?p=qemu.git + + Branch: master + Broken in: v1.0 + Broken in: v1.1.0 + Broken in: v1.2.0 + Broken in: v1.3.0 + Broken in: v1.4.0 + Broken in: v1.5.0 + Broken in: v1.6.0 + Broken in: v1.7.0 + Broken in: v2.0.0 + Broken in: v2.1.0 + Broken in: v2.2.0 + Broken in: v2.3.0 + Broken in: v2.4.0 + Broken in: v2.5.0 + Broken in: v2.6.0 + Broken in: v2.7.0 + Broken in: v2.8.0 + Broken in: v2.9.0 + Broken in: v2.10.0 + Broken in: v2.11.0 + Fixed in: v2.12.0 + Broken by: 6b8273a1b97876950d91c228a420a851e10e12bb + Fixed by: 2a8fcd119eb7c6bb3837fc3669eb1b2dfb31daf8 + + Branch: stable-1.0 + Broken in: v1.0.1 + Broken by: 6b8273a1b97876950d91c228a420a851e10e12bb + + Branch: stable-1.1 + Broken in: v1.1.1 + Broken in: v1.1.2 + Broken by: 6b8273a1b97876950d91c228a420a851e10e12bb + + Branch: stable-1.2 + Broken in: v1.2.1 + Broken in: v1.2.2 + Broken by: 6b8273a1b97876950d91c228a420a851e10e12bb + + Branch: stable-1.3 + Broken in: v1.3.1 + Broken by: 6b8273a1b97876950d91c228a420a851e10e12bb + + Branch: stable-1.4 + Broken in: v1.4.1 + Broken in: v1.4.2 + Broken by: 6b8273a1b97876950d91c228a420a851e10e12bb + + Branch: stable-1.5 + Broken in: v1.5.1 + Broken in: v1.5.2 + Broken in: v1.5.3 + Broken by: 6b8273a1b97876950d91c228a420a851e10e12bb + + Branch: stable-1.6 + Broken in: v1.6.1 + Broken in: v1.6.2 + Broken by: 6b8273a1b97876950d91c228a420a851e10e12bb + + Branch: stable-1.7 + Broken in: v1.7.1 + Broken in: v1.7.2 + Broken by: 6b8273a1b97876950d91c228a420a851e10e12bb + + Branch: stable-2.0 + Broken in: v2.0.1 + Broken in: v2.0.2 + Broken by: 6b8273a1b97876950d91c228a420a851e10e12bb + + Branch: stable-2.1 + Broken in: v2.1.1 + Broken in: v2.1.2 + Broken in: v2.1.3 + Broken by: 6b8273a1b97876950d91c228a420a851e10e12bb + + Branch: stable-2.2 + Broken in: v2.2.1 + Broken by: 6b8273a1b97876950d91c228a420a851e10e12bb + + Branch: stable-2.3 + Broken in: v2.3.1 + Broken by: 6b8273a1b97876950d91c228a420a851e10e12bb + + Branch: stable-2.4 + Broken in: v2.4.0.1 + Broken in: v2.4.1 + Broken by: 6b8273a1b97876950d91c228a420a851e10e12bb + + Branch: stable-2.5 + Broken in: v2.5.1 + Broken in: v2.5.1.1 + Broken by: 6b8273a1b97876950d91c228a420a851e10e12bb + + Branch: stable-2.6 + Broken in: v2.6.1 + Broken in: v2.6.2 + Broken by: 6b8273a1b97876950d91c228a420a851e10e12bb + + Branch: stable-2.7 + Broken in: v2.7.1 + Broken by: 6b8273a1b97876950d91c228a420a851e10e12bb + + Branch: stable-2.8 + Broken in: v2.8.1 + Broken in: v2.8.1.1 + Broken by: 6b8273a1b97876950d91c228a420a851e10e12bb + + Branch: stable-2.9 + Broken in: v2.9.1 + Broken by: 6b8273a1b97876950d91c228a420a851e10e12bb + + Branch: stable-2.10 + Broken in: v2.10.1 + Broken in: v2.10.2 + Broken by: 6b8273a1b97876950d91c228a420a851e10e12bb + + Branch: stable-2.11 + Broken in: v2.11.1 + Broken in: v2.11.2 + Broken by: 6b8273a1b97876950d91c228a420a851e10e12bb + diff --git a/secnotice/2018/004.html b/secnotice/2018/004.html new file mode 100644 index 0000000..aee9788 --- /dev/null +++ b/secnotice/2018/004.html @@ -0,0 +1,1045 @@ +--- +title: 'QSN-2018-004: Cirrus out of bounds access updating VGA display' +layout: secnotice +permalink: /secnotice/2018/004 +--- + +
    +
    +

    Cirrus out of bounds access updating VGA display

    +

    Lifecycle

    + + + + + + + + + + + + + +
    Reported on:20180228
    Published on:20180308
    Fixed on:20180312
    +

    Credits

    + + + + + + + + + +
    Reported by: + Ross Lagerwall +
    Patched by: + Gerd Hoffmann +
    +

    See also

    + +

    Description

    +

    +Quick emulator(QEMU) built with the Cirrus CLGD 54xx VGA Emulator support is +vulnerable to an out-of-bounds access issue. It could occur while updating +VGA display, after guest has adjusted the display dimensions. +

    +

    Impact

    +

    +A privileged user inside guest could use this flaw to crash the Qemu process +resulting in DoS. +

    +

    Mitigation

    +

    +Replace use of the cirrus video adapter with an alternative model +

    +

    + Alternative formats: + [xml] [text]

    +
    +
    diff --git a/secnotice/2018/004.txt b/secnotice/2018/004.txt new file mode 100644 index 0000000..940aab3 --- /dev/null +++ b/secnotice/2018/004.txt @@ -0,0 +1,206 @@ + QEMU Security Notice: QSN-2018-004 + ================================== + + Summary: Cirrus out of bounds access updating VGA display + Reported on: 20180228 + Published on: 20180308 + Fixed on: 20180312 + Reported by: Ross Lagerwall + Patched by: Gerd Hoffmann + See also: CVE-2018-7858 + +Description +----------- + +Quick emulator(QEMU) built with the Cirrus CLGD 54xx VGA Emulator +support is vulnerable to an out-of-bounds access issue. It could +occur while updating VGA display, after guest has adjusted the +display dimensions. + +Impact +------ + +A privileged user inside guest could use this flaw to crash the Qemu +process resulting in DoS. + +Mitigation +---------- + +Replace use of the cirrus video adapter with an alternative model + +Related commits +---------------- + + git://git.qemu.org/qemu.git + https://git.qemu.org/?p=qemu.git + + Branch: master + Broken in: v0.4.4 + Broken in: v0.5.0 + Broken in: v0.5.1 + Broken in: v0.6.0 + Broken in: v0.6.1 + Broken in: v0.7.0 + Broken in: v0.7.1 + Broken in: v0.8.1 + Broken in: v0.8.2 + Broken in: v0.9.0 + Broken in: v0.9.1 + Broken in: v1.0 + Broken in: v1.1.0 + Broken in: v1.2.0 + Broken in: v1.3.0 + Broken in: v1.4.0 + Broken in: v1.5.0 + Broken in: v1.6.0 + Broken in: v1.7.0 + Broken in: v2.0.0 + Broken in: v2.1.0 + Broken in: v2.2.0 + Broken in: v2.3.0 + Broken in: v2.4.0 + Broken in: v2.5.0 + Broken in: v2.6.0 + Broken in: v2.7.0 + Broken in: v2.8.0 + Broken in: v2.9.0 + Broken in: v2.10.0 + Broken in: v2.11.0 + Fixed in: v2.12.0 + Broken by: e89f66eca974d2a9d5d89271c6041daefdab2105 + Fixed by: 7cdc61becd095b64a786b2625f321624e7111f3d + + Branch: stable-0.10 + Broken in: v0.10.0 + Broken in: v0.10.1 + Broken in: v0.10.2 + Broken in: v0.10.3 + Broken in: v0.10.4 + Broken in: v0.10.5 + Broken in: v0.10.6 + Broken by: e89f66eca974d2a9d5d89271c6041daefdab2105 + + Branch: stable-0.11 + Broken in: v0.11.0 + Broken in: v0.11.1 + Broken by: e89f66eca974d2a9d5d89271c6041daefdab2105 + + Branch: stable-0.12 + Broken in: v0.12.0 + Broken in: v0.12.1 + Broken in: v0.12.2 + Broken in: v0.12.3 + Broken in: v0.12.4 + Broken in: v0.12.5 + Broken by: e89f66eca974d2a9d5d89271c6041daefdab2105 + + Branch: stable-0.13 + Broken in: v0.13.0 + Broken by: e89f66eca974d2a9d5d89271c6041daefdab2105 + + Branch: stable-0.14 + Broken in: v0.14.0 + Broken in: v0.14.1 + Broken by: e89f66eca974d2a9d5d89271c6041daefdab2105 + + Branch: stable-0.15 + Broken in: v0.15.0 + Broken in: v0.15.1 + Broken by: e89f66eca974d2a9d5d89271c6041daefdab2105 + + Branch: stable-1.0 + Broken in: v1.0.1 + Broken by: e89f66eca974d2a9d5d89271c6041daefdab2105 + + Branch: stable-1.1 + Broken in: v1.1.1 + Broken in: v1.1.2 + Broken by: e89f66eca974d2a9d5d89271c6041daefdab2105 + + Branch: stable-1.2 + Broken in: v1.2.1 + Broken in: v1.2.2 + Broken by: e89f66eca974d2a9d5d89271c6041daefdab2105 + + Branch: stable-1.3 + Broken in: v1.3.1 + Broken by: e89f66eca974d2a9d5d89271c6041daefdab2105 + + Branch: stable-1.4 + Broken in: v1.4.1 + Broken in: v1.4.2 + Broken by: e89f66eca974d2a9d5d89271c6041daefdab2105 + + Branch: stable-1.5 + Broken in: v1.5.1 + Broken in: v1.5.2 + Broken in: v1.5.3 + Broken by: e89f66eca974d2a9d5d89271c6041daefdab2105 + + Branch: stable-1.6 + Broken in: v1.6.1 + Broken in: v1.6.2 + Broken by: e89f66eca974d2a9d5d89271c6041daefdab2105 + + Branch: stable-1.7 + Broken in: v1.7.1 + Broken in: v1.7.2 + Broken by: e89f66eca974d2a9d5d89271c6041daefdab2105 + + Branch: stable-2.0 + Broken in: v2.0.1 + Broken in: v2.0.2 + Broken by: e89f66eca974d2a9d5d89271c6041daefdab2105 + + Branch: stable-2.1 + Broken in: v2.1.1 + Broken in: v2.1.2 + Broken in: v2.1.3 + Broken by: e89f66eca974d2a9d5d89271c6041daefdab2105 + + Branch: stable-2.2 + Broken in: v2.2.1 + Broken by: e89f66eca974d2a9d5d89271c6041daefdab2105 + + Branch: stable-2.3 + Broken in: v2.3.1 + Broken by: e89f66eca974d2a9d5d89271c6041daefdab2105 + + Branch: stable-2.4 + Broken in: v2.4.0.1 + Broken in: v2.4.1 + Broken by: e89f66eca974d2a9d5d89271c6041daefdab2105 + + Branch: stable-2.5 + Broken in: v2.5.1 + Broken in: v2.5.1.1 + Broken by: e89f66eca974d2a9d5d89271c6041daefdab2105 + + Branch: stable-2.6 + Broken in: v2.6.1 + Broken in: v2.6.2 + Broken by: e89f66eca974d2a9d5d89271c6041daefdab2105 + + Branch: stable-2.7 + Broken in: v2.7.1 + Broken by: e89f66eca974d2a9d5d89271c6041daefdab2105 + + Branch: stable-2.8 + Broken in: v2.8.1 + Broken in: v2.8.1.1 + Broken by: e89f66eca974d2a9d5d89271c6041daefdab2105 + + Branch: stable-2.9 + Broken in: v2.9.1 + Broken by: e89f66eca974d2a9d5d89271c6041daefdab2105 + + Branch: stable-2.10 + Broken in: v2.10.1 + Broken in: v2.10.2 + Broken by: e89f66eca974d2a9d5d89271c6041daefdab2105 + + Branch: stable-2.11 + Broken in: v2.11.1 + Broken in: v2.11.2 + Broken by: e89f66eca974d2a9d5d89271c6041daefdab2105 + diff --git a/secnotice/2018/005.html b/secnotice/2018/005.html new file mode 100644 index 0000000..f3ba09d --- /dev/null +++ b/secnotice/2018/005.html @@ -0,0 +1,952 @@ +--- +title: 'QSN-2018-005: ne2000 integer overflow in buffer access' +layout: secnotice +permalink: /secnotice/2018/005 +--- + +
    +
    +

    ne2000 integer overflow in buffer access

    +

    Lifecycle

    + + + + + + + + + + + + +
    Reported on:20180522
    Published on:20180926
    Fixed on: +
    +

    Credits

    + + + + + + + + + +
    Reported by: + Daniel Shapira +
    Patched by: + Jason Wang +
    +

    See also

    + +

    Description

    +

    +Qemu emulator built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. +

    +

    Impact

    +

    +A user inside guest could use this flaw to crash the Qemu process resulting in DoS. +

    +

    Mitigation

    +

    +Replace use of the NE2000 network adapter with an alternative model +

    +

    + Alternative formats: + [xml] [text]

    +
    +
    diff --git a/secnotice/2018/005.txt b/secnotice/2018/005.txt new file mode 100644 index 0000000..c80107b --- /dev/null +++ b/secnotice/2018/005.txt @@ -0,0 +1,191 @@ + QEMU Security Notice: QSN-2018-005 + ================================== + + Summary: ne2000 integer overflow in buffer access + Reported on: 20180522 + Published on: 20180926 + Fixed on: + Reported by: Daniel Shapira + Patched by: Jason Wang + See also: CVE-2018-10839 + +Description +----------- + +Qemu emulator built with the NE2000 NIC emulation support is +vulnerable to an integer overflow, which could lead to buffer +overflow issue. It could occur when receiving packets over the +network. + +Impact +------ + +A user inside guest could use this flaw to crash the Qemu process +resulting in DoS. + +Mitigation +---------- + +Replace use of the NE2000 network adapter with an alternative model + +Related commits +---------------- + + git://git.qemu.org/qemu.git + https://git.qemu.org/?p=qemu.git + + Branch: master + Broken in: v1.0 + Broken in: v1.1.0 + Broken in: v1.2.0 + Broken in: v1.3.0 + Broken in: v1.4.0 + Broken in: v1.5.0 + Broken in: v1.6.0 + Broken in: v1.7.0 + Broken in: v2.0.0 + Broken in: v2.1.0 + Broken in: v2.2.0 + Broken in: v2.3.0 + Broken in: v2.4.0 + Broken in: v2.5.0 + Broken in: v2.6.0 + Broken in: v2.7.0 + Broken in: v2.8.0 + Broken in: v2.9.0 + Broken in: v2.10.0 + Broken in: v2.11.0 + Broken in: v2.12.0 + Broken in: v3.0.0 + Fixed in: + Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e + Fixed by: 0caf499e2f26ae305a16ae2c4e7a2f295ddf64d1 + + Branch: stable-0.11 + Broken in: v0.11.0 + Broken in: v0.11.1 + Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + Branch: stable-0.12 + Broken in: v0.12.0 + Broken in: v0.12.1 + Broken in: v0.12.2 + Broken in: v0.12.3 + Broken in: v0.12.4 + Broken in: v0.12.5 + Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + Branch: stable-0.13 + Broken in: v0.13.0 + Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + Branch: stable-0.14 + Broken in: v0.14.0 + Broken in: v0.14.1 + Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + Branch: stable-0.15 + Broken in: v0.15.0 + Broken in: v0.15.1 + Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + Branch: stable-1.0 + Broken in: v1.0.1 + Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + Branch: stable-1.1 + Broken in: v1.1.1 + Broken in: v1.1.2 + Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + Branch: stable-1.2 + Broken in: v1.2.1 + Broken in: v1.2.2 + Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + Branch: stable-1.3 + Broken in: v1.3.1 + Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + Branch: stable-1.4 + Broken in: v1.4.1 + Broken in: v1.4.2 + Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + Branch: stable-1.5 + Broken in: v1.5.1 + Broken in: v1.5.2 + Broken in: v1.5.3 + Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + Branch: stable-1.6 + Broken in: v1.6.1 + Broken in: v1.6.2 + Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + Branch: stable-1.7 + Broken in: v1.7.1 + Broken in: v1.7.2 + Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + Branch: stable-2.0 + Broken in: v2.0.1 + Broken in: v2.0.2 + Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + Branch: stable-2.1 + Broken in: v2.1.1 + Broken in: v2.1.2 + Broken in: v2.1.3 + Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + Branch: stable-2.2 + Broken in: v2.2.1 + Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + Branch: stable-2.3 + Broken in: v2.3.1 + Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + Branch: stable-2.4 + Broken in: v2.4.0.1 + Broken in: v2.4.1 + Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + Branch: stable-2.5 + Broken in: v2.5.1 + Broken in: v2.5.1.1 + Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + Branch: stable-2.6 + Broken in: v2.6.1 + Broken in: v2.6.2 + Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + Branch: stable-2.7 + Broken in: v2.7.1 + Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + Branch: stable-2.8 + Broken in: v2.8.1 + Broken in: v2.8.1.1 + Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + Branch: stable-2.9 + Broken in: v2.9.1 + Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + Branch: stable-2.10 + Broken in: v2.10.1 + Broken in: v2.10.2 + Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + Branch: stable-2.11 + Broken in: v2.11.1 + Broken in: v2.11.2 + Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + Branch: stable-2.12 + Broken in: v2.12.1 + Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e + diff --git a/secnotice/2018/006.html b/secnotice/2018/006.html new file mode 100644 index 0000000..16039d4 --- /dev/null +++ b/secnotice/2018/006.html @@ -0,0 +1,1056 @@ +--- +title: 'QSN-2018-006: slirp buffer overflow assembling fragmented datastream' +layout: secnotice +permalink: /secnotice/2018/006 +--- + +
    +
    +

    slirp buffer overflow assembling fragmented datastream

    +

    Lifecycle

    + + + + + + + + + + + + + +
    Reported on:20180427
    Published on:20180605
    Fixed on:20180608
    +

    Credits

    + + + + + + + + + +
    Reported by: + ZDI Disclosures +
    Patched by: + Prasad J Pandit +
    +

    See also

    + +

    Description

    +

    +A heap buffer overflow issue was found in the way Slirp networking back-end +in QEMU processes fragmented packets. It could occur while reassembling the +fragmented datagrams of an incoming packet. +

    +

    Impact

    +

    +A privileged user/process inside guest could use this flaw to crash the QEMU +process resulting in DoS OR potentially leverage it to execute arbitrary code +on the host with privileges of the QEMU process. +

    +

    Mitigation

    +

    +Replace use of the "user" network backend with an alternative choice +

    +

    + Alternative formats: + [xml] [text]

    +
    +
    diff --git a/secnotice/2018/006.txt b/secnotice/2018/006.txt new file mode 100644 index 0000000..cbb2b8d --- /dev/null +++ b/secnotice/2018/006.txt @@ -0,0 +1,210 @@ + QEMU Security Notice: QSN-2018-006 + ================================== + + Summary: slirp buffer overflow assembling fragmented + datastream + Reported on: 20180427 + Published on: 20180605 + Fixed on: 20180608 + Reported by: ZDI Disclosures + Patched by: Prasad J Pandit + See also: CVE-2018-11806 + +Description +----------- + +A heap buffer overflow issue was found in the way Slirp networking +back-end in QEMU processes fragmented packets. It could occur while +reassembling the fragmented datagrams of an incoming packet. + +Impact +------ + +A privileged user/process inside guest could use this flaw to crash +the QEMU process resulting in DoS OR potentially leverage it to +execute arbitrary code on the host with privileges of the QEMU +process. + +Mitigation +---------- + +Replace use of the "user" network backend with an alternative choice + +Related commits +---------------- + + git://git.qemu.org/qemu.git + https://git.qemu.org/?p=qemu.git + + Branch: master + Broken in: v0.6.0 + Broken in: v0.6.1 + Broken in: v0.7.0 + Broken in: v0.7.1 + Broken in: v0.8.1 + Broken in: v0.8.2 + Broken in: v0.9.0 + Broken in: v0.9.1 + Broken in: v1.0 + Broken in: v1.1.0 + Broken in: v1.2.0 + Broken in: v1.3.0 + Broken in: v1.4.0 + Broken in: v1.5.0 + Broken in: v1.6.0 + Broken in: v1.7.0 + Broken in: v2.0.0 + Broken in: v2.1.0 + Broken in: v2.2.0 + Broken in: v2.3.0 + Broken in: v2.4.0 + Broken in: v2.5.0 + Broken in: v2.6.0 + Broken in: v2.7.0 + Broken in: v2.8.0 + Broken in: v2.9.0 + Broken in: v2.10.0 + Broken in: v2.11.0 + Broken in: v2.12.0 + Fixed in: v3.0.0 + Broken by: f0cbd3ec9f4a3de1a9ef94deda09704543889f44 + Fixed by: 864036e251f54c99d31df124aad7f34f01f5344c + + Branch: stable-0.10 + Broken in: v0.10.0 + Broken in: v0.10.1 + Broken in: v0.10.2 + Broken in: v0.10.3 + Broken in: v0.10.4 + Broken in: v0.10.5 + Broken in: v0.10.6 + Broken by: f0cbd3ec9f4a3de1a9ef94deda09704543889f44 + + Branch: stable-0.11 + Broken in: v0.11.0 + Broken in: v0.11.1 + Broken by: f0cbd3ec9f4a3de1a9ef94deda09704543889f44 + + Branch: stable-0.12 + Broken in: v0.12.0 + Broken in: v0.12.1 + Broken in: v0.12.2 + Broken in: v0.12.3 + Broken in: v0.12.4 + Broken in: v0.12.5 + Broken by: f0cbd3ec9f4a3de1a9ef94deda09704543889f44 + + Branch: stable-0.13 + Broken in: v0.13.0 + Broken by: f0cbd3ec9f4a3de1a9ef94deda09704543889f44 + + Branch: stable-0.14 + Broken in: v0.14.0 + Broken in: v0.14.1 + Broken by: f0cbd3ec9f4a3de1a9ef94deda09704543889f44 + + Branch: stable-0.15 + Broken in: v0.15.0 + Broken in: v0.15.1 + Broken by: f0cbd3ec9f4a3de1a9ef94deda09704543889f44 + + Branch: stable-1.0 + Broken in: v1.0.1 + Broken by: f0cbd3ec9f4a3de1a9ef94deda09704543889f44 + + Branch: stable-1.1 + Broken in: v1.1.1 + Broken in: v1.1.2 + Broken by: f0cbd3ec9f4a3de1a9ef94deda09704543889f44 + + Branch: stable-1.2 + Broken in: v1.2.1 + Broken in: v1.2.2 + Broken by: f0cbd3ec9f4a3de1a9ef94deda09704543889f44 + + Branch: stable-1.3 + Broken in: v1.3.1 + Broken by: f0cbd3ec9f4a3de1a9ef94deda09704543889f44 + + Branch: stable-1.4 + Broken in: v1.4.1 + Broken in: v1.4.2 + Broken by: f0cbd3ec9f4a3de1a9ef94deda09704543889f44 + + Branch: stable-1.5 + Broken in: v1.5.1 + Broken in: v1.5.2 + Broken in: v1.5.3 + Broken by: f0cbd3ec9f4a3de1a9ef94deda09704543889f44 + + Branch: stable-1.6 + Broken in: v1.6.1 + Broken in: v1.6.2 + Broken by: f0cbd3ec9f4a3de1a9ef94deda09704543889f44 + + Branch: stable-1.7 + Broken in: v1.7.1 + Broken in: v1.7.2 + Broken by: f0cbd3ec9f4a3de1a9ef94deda09704543889f44 + + Branch: stable-2.0 + Broken in: v2.0.1 + Broken in: v2.0.2 + Broken by: f0cbd3ec9f4a3de1a9ef94deda09704543889f44 + + Branch: stable-2.1 + Broken in: v2.1.1 + Broken in: v2.1.2 + Broken in: v2.1.3 + Broken by: f0cbd3ec9f4a3de1a9ef94deda09704543889f44 + + Branch: stable-2.2 + Broken in: v2.2.1 + Broken by: f0cbd3ec9f4a3de1a9ef94deda09704543889f44 + + Branch: stable-2.3 + Broken in: v2.3.1 + Broken by: f0cbd3ec9f4a3de1a9ef94deda09704543889f44 + + Branch: stable-2.4 + Broken in: v2.4.0.1 + Broken in: v2.4.1 + Broken by: f0cbd3ec9f4a3de1a9ef94deda09704543889f44 + + Branch: stable-2.5 + Broken in: v2.5.1 + Broken in: v2.5.1.1 + Broken by: f0cbd3ec9f4a3de1a9ef94deda09704543889f44 + + Branch: stable-2.6 + Broken in: v2.6.1 + Broken in: v2.6.2 + Broken by: f0cbd3ec9f4a3de1a9ef94deda09704543889f44 + + Branch: stable-2.7 + Broken in: v2.7.1 + Broken by: f0cbd3ec9f4a3de1a9ef94deda09704543889f44 + + Branch: stable-2.8 + Broken in: v2.8.1 + Broken in: v2.8.1.1 + Broken by: f0cbd3ec9f4a3de1a9ef94deda09704543889f44 + + Branch: stable-2.9 + Broken in: v2.9.1 + Broken by: f0cbd3ec9f4a3de1a9ef94deda09704543889f44 + + Branch: stable-2.10 + Broken in: v2.10.1 + Broken in: v2.10.2 + Broken by: f0cbd3ec9f4a3de1a9ef94deda09704543889f44 + + Branch: stable-2.11 + Broken in: v2.11.1 + Broken in: v2.11.2 + Broken by: f0cbd3ec9f4a3de1a9ef94deda09704543889f44 + + Branch: stable-2.12 + Broken in: v2.12.1 + Broken by: f0cbd3ec9f4a3de1a9ef94deda09704543889f44 + diff --git a/secnotice/2018/007.html b/secnotice/2018/007.html new file mode 100644 index 0000000..3084493 --- /dev/null +++ b/secnotice/2018/007.html @@ -0,0 +1,820 @@ +--- +title: 'QSN-2018-007: qemu-guest-agent integer overflow reading guest file' +layout: secnotice +permalink: /secnotice/2018/007 +--- + +
    +
    +

    qemu-guest-agent integer overflow reading guest file

    +

    Lifecycle

    + + + + + + + + + + + + + +
    Reported on:20180622
    Published on:20180622
    Fixed on:20180705
    +

    Credits

    + + + + + + + + + +
    Reported by: + Fakhri Zulkifli +
    Patched by: + Prasad J Pandit +
    +

    See also

    + +

    Description

    +

    +The QEMU Guest Agent in QEMU is vulnerable to an integer overflow in the +qmp_guest_file_read(). An attacker could exploit this by sending a crafted QMP +command (including guest-file-read with a large count value) to the agent via +the listening socket to trigger a g_malloc() call with a large memory chunk +resulting in a segmentation fault. +

    +

    Impact

    +

    +A user could use this flaw to crash the QEMU guest agent process resulting in DoS. +

    +

    Mitigation

    +

    +Disable the QEMU guest agent or blacklist the guest-file-read command +

    +

    + Alternative formats: + [xml] [text]

    +
    +
    diff --git a/secnotice/2018/007.txt b/secnotice/2018/007.txt new file mode 100644 index 0000000..5bbb6cc --- /dev/null +++ b/secnotice/2018/007.txt @@ -0,0 +1,169 @@ + QEMU Security Notice: QSN-2018-007 + ================================== + + Summary: qemu-guest-agent integer overflow reading guest + file + Reported on: 20180622 + Published on: 20180622 + Fixed on: 20180705 + Reported by: Fakhri Zulkifli + Patched by: Prasad J Pandit + See also: CVE-2018-12617 + +Description +----------- + +The QEMU Guest Agent in QEMU is vulnerable to an integer overflow in +the qmp_guest_file_read(). An attacker could exploit this by sending +a crafted QMP command (including guest-file-read with a large count +value) to the agent via the listening socket to trigger a g_malloc() +call with a large memory chunk resulting in a segmentation fault. + +Impact +------ + +A user could use this flaw to crash the QEMU guest agent process +resulting in DoS. + +Mitigation +---------- + +Disable the QEMU guest agent or blacklist the guest-file-read command + +Related commits +---------------- + + git://git.qemu.org/qemu.git + https://git.qemu.org/?p=qemu.git + + Branch: master + Broken in: v1.0 + Broken in: v1.1.0 + Broken in: v1.2.0 + Broken in: v1.3.0 + Broken in: v1.4.0 + Broken in: v1.5.0 + Broken in: v1.6.0 + Broken in: v1.7.0 + Broken in: v2.0.0 + Broken in: v2.1.0 + Broken in: v2.2.0 + Broken in: v2.3.0 + Broken in: v2.4.0 + Broken in: v2.5.0 + Broken in: v2.6.0 + Broken in: v2.7.0 + Broken in: v2.8.0 + Broken in: v2.9.0 + Broken in: v2.10.0 + Broken in: v2.11.0 + Broken in: v2.12.0 + Fixed in: v3.0.0 + Broken by: e3d4d25206a13ca48936e4357a53591997ce6d57 + Fixed by: 141b197408ab398c4f474ac1a728ab316e921f2b + + Branch: stable-0.15 + Broken in: v0.15.0 + Broken in: v0.15.1 + Broken by: e3d4d25206a13ca48936e4357a53591997ce6d57 + + Branch: stable-1.0 + Broken in: v1.0.1 + Broken by: e3d4d25206a13ca48936e4357a53591997ce6d57 + + Branch: stable-1.1 + Broken in: v1.1.1 + Broken in: v1.1.2 + Broken by: e3d4d25206a13ca48936e4357a53591997ce6d57 + + Branch: stable-1.2 + Broken in: v1.2.1 + Broken in: v1.2.2 + Broken by: e3d4d25206a13ca48936e4357a53591997ce6d57 + + Branch: stable-1.3 + Broken in: v1.3.1 + Broken by: e3d4d25206a13ca48936e4357a53591997ce6d57 + + Branch: stable-1.4 + Broken in: v1.4.1 + Broken in: v1.4.2 + Broken by: e3d4d25206a13ca48936e4357a53591997ce6d57 + + Branch: stable-1.5 + Broken in: v1.5.1 + Broken in: v1.5.2 + Broken in: v1.5.3 + Broken by: e3d4d25206a13ca48936e4357a53591997ce6d57 + + Branch: stable-1.6 + Broken in: v1.6.1 + Broken in: v1.6.2 + Broken by: e3d4d25206a13ca48936e4357a53591997ce6d57 + + Branch: stable-1.7 + Broken in: v1.7.1 + Broken in: v1.7.2 + Broken by: e3d4d25206a13ca48936e4357a53591997ce6d57 + + Branch: stable-2.0 + Broken in: v2.0.1 + Broken in: v2.0.2 + Broken by: e3d4d25206a13ca48936e4357a53591997ce6d57 + + Branch: stable-2.1 + Broken in: v2.1.1 + Broken in: v2.1.2 + Broken in: v2.1.3 + Broken by: e3d4d25206a13ca48936e4357a53591997ce6d57 + + Branch: stable-2.2 + Broken in: v2.2.1 + Broken by: e3d4d25206a13ca48936e4357a53591997ce6d57 + + Branch: stable-2.3 + Broken in: v2.3.1 + Broken by: e3d4d25206a13ca48936e4357a53591997ce6d57 + + Branch: stable-2.4 + Broken in: v2.4.0.1 + Broken in: v2.4.1 + Broken by: e3d4d25206a13ca48936e4357a53591997ce6d57 + + Branch: stable-2.5 + Broken in: v2.5.1 + Broken in: v2.5.1.1 + Broken by: e3d4d25206a13ca48936e4357a53591997ce6d57 + + Branch: stable-2.6 + Broken in: v2.6.1 + Broken in: v2.6.2 + Broken by: e3d4d25206a13ca48936e4357a53591997ce6d57 + + Branch: stable-2.7 + Broken in: v2.7.1 + Broken by: e3d4d25206a13ca48936e4357a53591997ce6d57 + + Branch: stable-2.8 + Broken in: v2.8.1 + Broken in: v2.8.1.1 + Broken by: e3d4d25206a13ca48936e4357a53591997ce6d57 + + Branch: stable-2.9 + Broken in: v2.9.1 + Broken by: e3d4d25206a13ca48936e4357a53591997ce6d57 + + Branch: stable-2.10 + Broken in: v2.10.1 + Broken in: v2.10.2 + Broken by: e3d4d25206a13ca48936e4357a53591997ce6d57 + + Branch: stable-2.11 + Broken in: v2.11.1 + Broken in: v2.11.2 + Broken by: e3d4d25206a13ca48936e4357a53591997ce6d57 + + Branch: stable-2.12 + Broken in: v2.12.1 + Broken by: e3d4d25206a13ca48936e4357a53591997ce6d57 + diff --git a/secnotice/2018/008.html b/secnotice/2018/008.html new file mode 100644 index 0000000..68b326e --- /dev/null +++ b/secnotice/2018/008.html @@ -0,0 +1,952 @@ +--- +title: 'QSN-2018-008: rtl8139 integer overflow accessing buffer' +layout: secnotice +permalink: /secnotice/2018/008 +--- + +
    +
    +

    rtl8139 integer overflow accessing buffer

    +

    Lifecycle

    + + + + + + + + + + + + +
    Reported on:20180521
    Published on:20180926
    Fixed on: +
    +

    Credits

    + + + + + + + + + +
    Reported by: + Daniel Shapira +
    Patched by: + Jason Wang +
    +

    See also

    + +

    Description

    +

    +Qemu emulator built with the RTL8139 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. +

    +

    Impact

    +

    +A user inside guest could use this flaw to crash the Qemu process resulting in DoS. +

    +

    Mitigation

    +

    +Replace use of the RTL8139 network adapter with an alternative model +

    +

    + Alternative formats: + [xml] [text]

    +
    +
    diff --git a/secnotice/2018/008.txt b/secnotice/2018/008.txt new file mode 100644 index 0000000..d05705b --- /dev/null +++ b/secnotice/2018/008.txt @@ -0,0 +1,191 @@ + QEMU Security Notice: QSN-2018-008 + ================================== + + Summary: rtl8139 integer overflow accessing buffer + Reported on: 20180521 + Published on: 20180926 + Fixed on: + Reported by: Daniel Shapira + Patched by: Jason Wang + See also: CVE-2018-17958 + +Description +----------- + +Qemu emulator built with the RTL8139 NIC emulation support is +vulnerable to an integer overflow, which could lead to buffer +overflow issue. It could occur when receiving packets over the +network. + +Impact +------ + +A user inside guest could use this flaw to crash the Qemu process +resulting in DoS. + +Mitigation +---------- + +Replace use of the RTL8139 network adapter with an alternative model + +Related commits +---------------- + + git://git.qemu.org/qemu.git + https://git.qemu.org/?p=qemu.git + + Branch: master + Broken in: v1.0 + Broken in: v1.1.0 + Broken in: v1.2.0 + Broken in: v1.3.0 + Broken in: v1.4.0 + Broken in: v1.5.0 + Broken in: v1.6.0 + Broken in: v1.7.0 + Broken in: v2.0.0 + Broken in: v2.1.0 + Broken in: v2.2.0 + Broken in: v2.3.0 + Broken in: v2.4.0 + Broken in: v2.5.0 + Broken in: v2.6.0 + Broken in: v2.7.0 + Broken in: v2.8.0 + Broken in: v2.9.0 + Broken in: v2.10.0 + Broken in: v2.11.0 + Broken in: v2.12.0 + Broken in: v3.0.0 + Fixed in: + Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e + Fixed by: 784b912f722bc86126b290c00de72c1bc8d34950 + + Branch: stable-0.11 + Broken in: v0.11.0 + Broken in: v0.11.1 + Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + Branch: stable-0.12 + Broken in: v0.12.0 + Broken in: v0.12.1 + Broken in: v0.12.2 + Broken in: v0.12.3 + Broken in: v0.12.4 + Broken in: v0.12.5 + Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + Branch: stable-0.13 + Broken in: v0.13.0 + Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + Branch: stable-0.14 + Broken in: v0.14.0 + Broken in: v0.14.1 + Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + Branch: stable-0.15 + Broken in: v0.15.0 + Broken in: v0.15.1 + Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + Branch: stable-1.0 + Broken in: v1.0.1 + Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + Branch: stable-1.1 + Broken in: v1.1.1 + Broken in: v1.1.2 + Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + Branch: stable-1.2 + Broken in: v1.2.1 + Broken in: v1.2.2 + Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + Branch: stable-1.3 + Broken in: v1.3.1 + Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + Branch: stable-1.4 + Broken in: v1.4.1 + Broken in: v1.4.2 + Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + Branch: stable-1.5 + Broken in: v1.5.1 + Broken in: v1.5.2 + Broken in: v1.5.3 + Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + Branch: stable-1.6 + Broken in: v1.6.1 + Broken in: v1.6.2 + Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + Branch: stable-1.7 + Broken in: v1.7.1 + Broken in: v1.7.2 + Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + Branch: stable-2.0 + Broken in: v2.0.1 + Broken in: v2.0.2 + Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + Branch: stable-2.1 + Broken in: v2.1.1 + Broken in: v2.1.2 + Broken in: v2.1.3 + Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + Branch: stable-2.2 + Broken in: v2.2.1 + Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + Branch: stable-2.3 + Broken in: v2.3.1 + Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + Branch: stable-2.4 + Broken in: v2.4.0.1 + Broken in: v2.4.1 + Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + Branch: stable-2.5 + Broken in: v2.5.1 + Broken in: v2.5.1.1 + Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + Branch: stable-2.6 + Broken in: v2.6.1 + Broken in: v2.6.2 + Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + Branch: stable-2.7 + Broken in: v2.7.1 + Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + Branch: stable-2.8 + Broken in: v2.8.1 + Broken in: v2.8.1.1 + Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + Branch: stable-2.9 + Broken in: v2.9.1 + Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + Branch: stable-2.10 + Broken in: v2.10.1 + Broken in: v2.10.2 + Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + Branch: stable-2.11 + Broken in: v2.11.1 + Broken in: v2.11.2 + Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + Branch: stable-2.12 + Broken in: v2.12.1 + Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e + diff --git a/secnotice/2018/009.html b/secnotice/2018/009.html new file mode 100644 index 0000000..327b022 --- /dev/null +++ b/secnotice/2018/009.html @@ -0,0 +1,952 @@ +--- +title: 'QSN-2018-009: pcnet integer overflow accessing buffer' +layout: secnotice +permalink: /secnotice/2018/009 +--- + +
    +
    +

    pcnet integer overflow accessing buffer

    +

    Lifecycle

    + + + + + + + + + + + + +
    Reported on:20180521
    Published on:20180926
    Fixed on: +
    +

    Credits

    + + + + + + + + + +
    Reported by: + Daniel Shapira +
    Patched by: + Jason Wang +
    +

    See also

    + +

    Description

    +

    +Qemu emulator built with the AMD PC-Net II (Am79C970A) emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. +

    +

    Impact

    +

    +A user inside guest could use this flaw to crash the Qemu process resulting in DoS. +

    +

    Mitigation

    +

    +Replace use of the AMD PC-Net II network adapter with an alternative model +

    +

    + Alternative formats: + [xml] [text]

    +
    +
    diff --git a/secnotice/2018/009.txt b/secnotice/2018/009.txt new file mode 100644 index 0000000..ab19a83 --- /dev/null +++ b/secnotice/2018/009.txt @@ -0,0 +1,192 @@ + QEMU Security Notice: QSN-2018-009 + ================================== + + Summary: pcnet integer overflow accessing buffer + Reported on: 20180521 + Published on: 20180926 + Fixed on: + Reported by: Daniel Shapira + Patched by: Jason Wang + See also: CVE-2018-17962 + +Description +----------- + +Qemu emulator built with the AMD PC-Net II (Am79C970A) emulation +support is vulnerable to an integer overflow, which could lead to +buffer overflow issue. It could occur when receiving packets over +the network. + +Impact +------ + +A user inside guest could use this flaw to crash the Qemu process +resulting in DoS. + +Mitigation +---------- + +Replace use of the AMD PC-Net II network adapter with an alternative +model + +Related commits +---------------- + + git://git.qemu.org/qemu.git + https://git.qemu.org/?p=qemu.git + + Branch: master + Broken in: v1.0 + Broken in: v1.1.0 + Broken in: v1.2.0 + Broken in: v1.3.0 + Broken in: v1.4.0 + Broken in: v1.5.0 + Broken in: v1.6.0 + Broken in: v1.7.0 + Broken in: v2.0.0 + Broken in: v2.1.0 + Broken in: v2.2.0 + Broken in: v2.3.0 + Broken in: v2.4.0 + Broken in: v2.5.0 + Broken in: v2.6.0 + Broken in: v2.7.0 + Broken in: v2.8.0 + Broken in: v2.9.0 + Broken in: v2.10.0 + Broken in: v2.11.0 + Broken in: v2.12.0 + Broken in: v3.0.0 + Fixed in: + Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e + Fixed by: 2fc84f6b39577ccd6fd57bdd270902f5098c3a88 + + Branch: stable-0.11 + Broken in: v0.11.0 + Broken in: v0.11.1 + Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + Branch: stable-0.12 + Broken in: v0.12.0 + Broken in: v0.12.1 + Broken in: v0.12.2 + Broken in: v0.12.3 + Broken in: v0.12.4 + Broken in: v0.12.5 + Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + Branch: stable-0.13 + Broken in: v0.13.0 + Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + Branch: stable-0.14 + Broken in: v0.14.0 + Broken in: v0.14.1 + Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + Branch: stable-0.15 + Broken in: v0.15.0 + Broken in: v0.15.1 + Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + Branch: stable-1.0 + Broken in: v1.0.1 + Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + Branch: stable-1.1 + Broken in: v1.1.1 + Broken in: v1.1.2 + Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + Branch: stable-1.2 + Broken in: v1.2.1 + Broken in: v1.2.2 + Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + Branch: stable-1.3 + Broken in: v1.3.1 + Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + Branch: stable-1.4 + Broken in: v1.4.1 + Broken in: v1.4.2 + Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + Branch: stable-1.5 + Broken in: v1.5.1 + Broken in: v1.5.2 + Broken in: v1.5.3 + Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + Branch: stable-1.6 + Broken in: v1.6.1 + Broken in: v1.6.2 + Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + Branch: stable-1.7 + Broken in: v1.7.1 + Broken in: v1.7.2 + Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + Branch: stable-2.0 + Broken in: v2.0.1 + Broken in: v2.0.2 + Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + Branch: stable-2.1 + Broken in: v2.1.1 + Broken in: v2.1.2 + Broken in: v2.1.3 + Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + Branch: stable-2.2 + Broken in: v2.2.1 + Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + Branch: stable-2.3 + Broken in: v2.3.1 + Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + Branch: stable-2.4 + Broken in: v2.4.0.1 + Broken in: v2.4.1 + Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + Branch: stable-2.5 + Broken in: v2.5.1 + Broken in: v2.5.1.1 + Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + Branch: stable-2.6 + Broken in: v2.6.1 + Broken in: v2.6.2 + Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + Branch: stable-2.7 + Broken in: v2.7.1 + Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + Branch: stable-2.8 + Broken in: v2.8.1 + Broken in: v2.8.1.1 + Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + Branch: stable-2.9 + Broken in: v2.9.1 + Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + Branch: stable-2.10 + Broken in: v2.10.1 + Broken in: v2.10.2 + Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + Branch: stable-2.11 + Broken in: v2.11.1 + Broken in: v2.11.2 + Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e + + Branch: stable-2.12 + Broken in: v2.12.1 + Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e + diff --git a/secnotice/2018/010.html b/secnotice/2018/010.html new file mode 100644 index 0000000..192c21c --- /dev/null +++ b/secnotice/2018/010.html @@ -0,0 +1,940 @@ +--- +title: 'QSN-2018-010: Ignore network packet sizes larger than INT_MAX' +layout: secnotice +permalink: /secnotice/2018/010 +--- + +
    +
    +

    Ignore network packet sizes larger than INT_MAX

    +

    Lifecycle

    + + + + + + + + + + + + +
    Reported on:20180521
    Published on:20180926
    Fixed on: +
    +

    Credits

    + + + + + + + + + +
    Reported by: + Daniel Shapira +
    Patched by: + Jason Wang +
    +

    See also

    + +

    Description

    +

    +A potential integer overflow issue was found in the QEMU emulator. It could occur when a packet with large packet size is accepted and processed. +

    +

    Impact

    +

    +A user inside guest could use this flaw to crash the Qemu process resulting in DoS. +

    +

    Mitigation

    +

    +None +

    +

    + Alternative formats: + [xml] [text]

    +
    +
    diff --git a/secnotice/2018/010.txt b/secnotice/2018/010.txt new file mode 100644 index 0000000..918ac7f --- /dev/null +++ b/secnotice/2018/010.txt @@ -0,0 +1,188 @@ + QEMU Security Notice: QSN-2018-010 + ================================== + + Summary: Ignore network packet sizes larger than INT_MAX + Reported on: 20180521 + Published on: 20180926 + Fixed on: + Reported by: Daniel Shapira + Patched by: Jason Wang + See also: CVE-2018-17963 + +Description +----------- + +A potential integer overflow issue was found in the QEMU emulator. +It could occur when a packet with large packet size is accepted and +processed. + +Impact +------ + +A user inside guest could use this flaw to crash the Qemu process +resulting in DoS. + +Mitigation +---------- + +None + +Related commits +---------------- + + git://git.qemu.org/qemu.git + https://git.qemu.org/?p=qemu.git + + Branch: master + Broken by: 9a6ecb308b1c668fff84d56a356dbd595c51d556 + + Branch: master + Broken in: v1.0 + Broken in: v1.1.0 + Broken in: v1.2.0 + Broken in: v1.3.0 + Broken in: v1.4.0 + Broken in: v1.5.0 + Broken in: v1.6.0 + Broken in: v1.7.0 + Broken in: v2.0.0 + Broken in: v2.1.0 + Broken in: v2.2.0 + Broken in: v2.3.0 + Broken in: v2.4.0 + Broken in: v2.5.0 + Broken in: v2.6.0 + Broken in: v2.7.0 + Broken in: v2.8.0 + Broken in: v2.9.0 + Broken in: v2.10.0 + Broken in: v2.11.0 + Broken in: v2.12.0 + Broken in: v3.0.0 + Fixed in: + Broken by: 9a6ecb308b1c668fff84d56a356dbd595c51d556 + Fixed by: 36772a6341af7c0f100b8e55a1e779db5fe818da + + Branch: stable-0.12 + Broken in: v0.12.0 + Broken in: v0.12.1 + Broken in: v0.12.2 + Broken in: v0.12.3 + Broken in: v0.12.4 + Broken in: v0.12.5 + Broken by: 9a6ecb308b1c668fff84d56a356dbd595c51d556 + + Branch: stable-0.13 + Broken in: v0.13.0 + Broken by: 9a6ecb308b1c668fff84d56a356dbd595c51d556 + + Branch: stable-0.14 + Broken in: v0.14.0 + Broken in: v0.14.1 + Broken by: 9a6ecb308b1c668fff84d56a356dbd595c51d556 + + Branch: stable-0.15 + Broken in: v0.15.0 + Broken in: v0.15.1 + Broken by: 9a6ecb308b1c668fff84d56a356dbd595c51d556 + + Branch: stable-1.0 + Broken in: v1.0.1 + Broken by: 9a6ecb308b1c668fff84d56a356dbd595c51d556 + + Branch: stable-1.1 + Broken in: v1.1.1 + Broken in: v1.1.2 + Broken by: 9a6ecb308b1c668fff84d56a356dbd595c51d556 + + Branch: stable-1.2 + Broken in: v1.2.1 + Broken in: v1.2.2 + Broken by: 9a6ecb308b1c668fff84d56a356dbd595c51d556 + + Branch: stable-1.3 + Broken in: v1.3.1 + Broken by: 9a6ecb308b1c668fff84d56a356dbd595c51d556 + + Branch: stable-1.4 + Broken in: v1.4.1 + Broken in: v1.4.2 + Broken by: 9a6ecb308b1c668fff84d56a356dbd595c51d556 + + Branch: stable-1.5 + Broken in: v1.5.1 + Broken in: v1.5.2 + Broken in: v1.5.3 + Broken by: 9a6ecb308b1c668fff84d56a356dbd595c51d556 + + Branch: stable-1.6 + Broken in: v1.6.1 + Broken in: v1.6.2 + Broken by: 9a6ecb308b1c668fff84d56a356dbd595c51d556 + + Branch: stable-1.7 + Broken in: v1.7.1 + Broken in: v1.7.2 + Broken by: 9a6ecb308b1c668fff84d56a356dbd595c51d556 + + Branch: stable-2.0 + Broken in: v2.0.1 + Broken in: v2.0.2 + Broken by: 9a6ecb308b1c668fff84d56a356dbd595c51d556 + + Branch: stable-2.1 + Broken in: v2.1.1 + Broken in: v2.1.2 + Broken in: v2.1.3 + Broken by: 9a6ecb308b1c668fff84d56a356dbd595c51d556 + + Branch: stable-2.2 + Broken in: v2.2.1 + Broken by: 9a6ecb308b1c668fff84d56a356dbd595c51d556 + + Branch: stable-2.3 + Broken in: v2.3.1 + Broken by: 9a6ecb308b1c668fff84d56a356dbd595c51d556 + + Branch: stable-2.4 + Broken in: v2.4.0.1 + Broken in: v2.4.1 + Broken by: 9a6ecb308b1c668fff84d56a356dbd595c51d556 + + Branch: stable-2.5 + Broken in: v2.5.1 + Broken in: v2.5.1.1 + Broken by: 9a6ecb308b1c668fff84d56a356dbd595c51d556 + + Branch: stable-2.6 + Broken in: v2.6.1 + Broken in: v2.6.2 + Broken by: 9a6ecb308b1c668fff84d56a356dbd595c51d556 + + Branch: stable-2.7 + Broken in: v2.7.1 + Broken by: 9a6ecb308b1c668fff84d56a356dbd595c51d556 + + Branch: stable-2.8 + Broken in: v2.8.1 + Broken in: v2.8.1.1 + Broken by: 9a6ecb308b1c668fff84d56a356dbd595c51d556 + + Branch: stable-2.9 + Broken in: v2.9.1 + Broken by: 9a6ecb308b1c668fff84d56a356dbd595c51d556 + + Branch: stable-2.10 + Broken in: v2.10.1 + Broken in: v2.10.2 + Broken by: 9a6ecb308b1c668fff84d56a356dbd595c51d556 + + Branch: stable-2.11 + Broken in: v2.11.1 + Broken in: v2.11.2 + Broken by: 9a6ecb308b1c668fff84d56a356dbd595c51d556 + + Branch: stable-2.12 + Broken in: v2.12.1 + Broken by: 9a6ecb308b1c668fff84d56a356dbd595c51d556 + diff --git a/secnotice/2018/011.html b/secnotice/2018/011.html new file mode 100644 index 0000000..7f56380 --- /dev/null +++ b/secnotice/2018/011.html @@ -0,0 +1,823 @@ +--- +title: 'QSN-2018-011: CCID integer overflow reading data' +layout: secnotice +permalink: /secnotice/2018/011 +--- + +
    +
    +

    CCID integer overflow reading data

    +

    Lifecycle

    + + + + + + + + + + + + +
    Reported on:20180726
    Published on:20181011
    Fixed on: +
    +

    Credits

    + + + + + + + + + +
    Reported by: + Arash Tohidi +
    Patched by: + Philippe Mathieu-Daudé +
    +

    See also

    + +

    Description

    +

    +An integer overflow issue was found in the CCID Passthru card device emulation, while reading card data in ccid_card_vscard_read() function. The ccid_card_vscard_read() function accepts a signed integer 'size' argument, which is subsequently used as unsigned size_t value in memcpy(), copying large amounts of memory. + +

    +

    Impact

    +

    +A user inside guest could use this flaw to crash the Qemu process resulting in DoS. +

    +

    Mitigation

    +

    +Remove the CCID device emulation from virtual machines +

    +

    + Alternative formats: + [xml] [text]

    +
    +
    diff --git a/secnotice/2018/011.txt b/secnotice/2018/011.txt new file mode 100644 index 0000000..6907178 --- /dev/null +++ b/secnotice/2018/011.txt @@ -0,0 +1,169 @@ + QEMU Security Notice: QSN-2018-011 + ================================== + + Summary: CCID integer overflow reading data + Reported on: 20180726 + Published on: 20181011 + Fixed on: + Reported by: Arash Tohidi + Patched by: Philippe Mathieu-Daudé + See also: CVE-2018-18438 + +Description +----------- + +An integer overflow issue was found in the CCID Passthru card device +emulation, while reading card data in ccid_card_vscard_read() +function. The ccid_card_vscard_read() function accepts a signed +integer 'size' argument, which is subsequently used as unsigned +size_t value in memcpy(), copying large amounts of memory. + +Impact +------ + +A user inside guest could use this flaw to crash the Qemu process +resulting in DoS. + +Mitigation +---------- + +Remove the CCID device emulation from virtual machines + +Related commits +---------------- + + git://git.qemu.org/qemu.git + https://git.qemu.org/?p=qemu.git + + Branch: master + Broken in: v1.0 + Broken in: v1.1.0 + Broken in: v1.2.0 + Broken in: v1.3.0 + Broken in: v1.4.0 + Broken in: v1.5.0 + Broken in: v1.6.0 + Broken in: v1.7.0 + Broken in: v2.0.0 + Broken in: v2.1.0 + Broken in: v2.2.0 + Broken in: v2.3.0 + Broken in: v2.4.0 + Broken in: v2.5.0 + Broken in: v2.6.0 + Broken in: v2.7.0 + Broken in: v2.8.0 + Broken in: v2.9.0 + Broken in: v2.10.0 + Broken in: v2.11.0 + Broken in: v2.12.0 + Broken in: v3.0.0 + Fixed in: + Broken by: edbb21363fbfe40e050f583df921484cbc31c79d + Fixed by: + + Branch: stable-0.15 + Broken in: v0.15.0 + Broken in: v0.15.1 + Broken by: edbb21363fbfe40e050f583df921484cbc31c79d + + Branch: stable-1.0 + Broken in: v1.0.1 + Broken by: edbb21363fbfe40e050f583df921484cbc31c79d + + Branch: stable-1.1 + Broken in: v1.1.1 + Broken in: v1.1.2 + Broken by: edbb21363fbfe40e050f583df921484cbc31c79d + + Branch: stable-1.2 + Broken in: v1.2.1 + Broken in: v1.2.2 + Broken by: edbb21363fbfe40e050f583df921484cbc31c79d + + Branch: stable-1.3 + Broken in: v1.3.1 + Broken by: edbb21363fbfe40e050f583df921484cbc31c79d + + Branch: stable-1.4 + Broken in: v1.4.1 + Broken in: v1.4.2 + Broken by: edbb21363fbfe40e050f583df921484cbc31c79d + + Branch: stable-1.5 + Broken in: v1.5.1 + Broken in: v1.5.2 + Broken in: v1.5.3 + Broken by: edbb21363fbfe40e050f583df921484cbc31c79d + + Branch: stable-1.6 + Broken in: v1.6.1 + Broken in: v1.6.2 + Broken by: edbb21363fbfe40e050f583df921484cbc31c79d + + Branch: stable-1.7 + Broken in: v1.7.1 + Broken in: v1.7.2 + Broken by: edbb21363fbfe40e050f583df921484cbc31c79d + + Branch: stable-2.0 + Broken in: v2.0.1 + Broken in: v2.0.2 + Broken by: edbb21363fbfe40e050f583df921484cbc31c79d + + Branch: stable-2.1 + Broken in: v2.1.1 + Broken in: v2.1.2 + Broken in: v2.1.3 + Broken by: edbb21363fbfe40e050f583df921484cbc31c79d + + Branch: stable-2.2 + Broken in: v2.2.1 + Broken by: edbb21363fbfe40e050f583df921484cbc31c79d + + Branch: stable-2.3 + Broken in: v2.3.1 + Broken by: edbb21363fbfe40e050f583df921484cbc31c79d + + Branch: stable-2.4 + Broken in: v2.4.0.1 + Broken in: v2.4.1 + Broken by: edbb21363fbfe40e050f583df921484cbc31c79d + + Branch: stable-2.5 + Broken in: v2.5.1 + Broken in: v2.5.1.1 + Broken by: edbb21363fbfe40e050f583df921484cbc31c79d + + Branch: stable-2.6 + Broken in: v2.6.1 + Broken in: v2.6.2 + Broken by: edbb21363fbfe40e050f583df921484cbc31c79d + + Branch: stable-2.7 + Broken in: v2.7.1 + Broken by: edbb21363fbfe40e050f583df921484cbc31c79d + + Branch: stable-2.8 + Broken in: v2.8.1 + Broken in: v2.8.1.1 + Broken by: edbb21363fbfe40e050f583df921484cbc31c79d + + Branch: stable-2.9 + Broken in: v2.9.1 + Broken by: edbb21363fbfe40e050f583df921484cbc31c79d + + Branch: stable-2.10 + Broken in: v2.10.1 + Broken in: v2.10.2 + Broken by: edbb21363fbfe40e050f583df921484cbc31c79d + + Branch: stable-2.11 + Broken in: v2.11.1 + Broken in: v2.11.2 + Broken by: edbb21363fbfe40e050f583df921484cbc31c79d + + Branch: stable-2.12 + Broken in: v2.12.1 + Broken by: edbb21363fbfe40e050f583df921484cbc31c79d + diff --git a/secnotice/2018/index.html b/secnotice/2018/index.html new file mode 100644 index 0000000..cdc9bf6 --- /dev/null +++ b/secnotice/2018/index.html @@ -0,0 +1,46 @@ +--- +title: QEMU Security Notices +permalink: /secnotice/2018/ +--- + +

    + If you believe you have identified a new security issue in QEMU, please + follow the security process + to report it in a non-public way. Do NOT use the bug tracker, + mailing lists, or IRC to report non-public security issues. +

    + Alternative formats: [xml]

    diff --git a/secnotice/2018/index.xml b/secnotice/2018/index.xml new file mode 100644 index 0000000..aa57594 --- /dev/null +++ b/secnotice/2018/index.xml @@ -0,0 +1,13 @@ + + + + + + + + + + + + + diff --git a/secnotice/index.html b/secnotice/index.html new file mode 100644 index 0000000..c2a87c6 --- /dev/null +++ b/secnotice/index.html @@ -0,0 +1,46 @@ +--- +title: QEMU Security Notices +permalink: /secnotice/ +--- + +

    + If you believe you have identified a new security issue in QEMU, please + follow the security process + to report it in a non-public way. Do NOT use the bug tracker, + mailing lists, or IRC to report non-public security issues. +

    + Alternative formats: [xml]

    diff --git a/secnotice/index.xml b/secnotice/index.xml new file mode 100644 index 0000000..aa57594 --- /dev/null +++ b/secnotice/index.xml @@ -0,0 +1,13 @@ + + + + + + + + + + + + +