The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of QEMU: out-of-bounds memory reading via snprintf

Synthesis of the vulnerability 

An attacker can force a read at an invalid address via snprintf() of QEMU, in order to trigger a denial of service, or to obtain sensitive information.
Impacted software: Debian, Junos Space, openSUSE Leap, QEMU, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity of this computer vulnerability: 2/4.
Creation date: 06/02/2020.
Références of this announce: CVE-2020-8608, DLA-2142-1, DLA-2144-1, DLA-2288-1, DLA-2551-1, DSA-4733-1, JSA11110, openSUSE-SU-2020:0468-1, RHSA-2020:0889-01, RHSA-2020:1208-01, RHSA-2020:1209-01, RHSA-2020:1351-01, RHSA-2020:1352-01, RHSA-2020:1379-01, RHSA-2020:1403-01, RHSA-2020:2773-01, RHSA-2020:2774-01, RHSA-2020:2844-01, RHSA-2020:3040-01, SUSE-SU-2020:14444-1, SUSE-SU-2020:14448-1, SUSE-SU-2020:2141-1, SUSE-SU-2020:2171-1, SUSE-SU-2020:2234-1, SUSE-SU-2020:3880-1, SUSE-SU-2021:14706-1, USN-4283-1, USN-4632-1, VIGILANCE-VUL-31540.

Description of the vulnerability 

An attacker can force a read at an invalid address via snprintf() of QEMU, in order to trigger a denial of service, or to obtain sensitive information.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This security bulletin impacts software or systems such as Debian, Junos Space, openSUSE Leap, QEMU, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.

Our Vigil@nce team determined that the severity of this cybersecurity announce is medium.

The trust level is of type confirmed by the editor, with an origin of user shell.

An attacker with a expert ability can exploit this vulnerability alert.

Solutions for this threat 

QEMU: patch for snprintf.
A patch is available:
  https://gitlab.freedesktop.org/slirp/libslirp/commit/68ccb8021a838066f0951d4b2817eb6b6f10a843
  https://gitlab.freedesktop.org/slirp/libslirp/commit/68ccb8021a838066f0951d4b2817eb6b6f10a843
  https://gitlab.freedesktop.org/slirp/libslirp/commit/30648c03b27fb8d9611b723184216cd3174b6775

Debian 10: new qemu packages.
New packages are available:
  Debian 10: qemu 1:3.1+dfsg-8+deb10u7

Debian 8: new qemu packages.
New packages are available:
  Debian 8: qemu 1:2.1+dfsg-12+deb8u14

Debian 8: new slirp packages.
New packages are available:
  Debian 8: slirp 1:1.0.17-7+deb8u2

Debian 9: new qemu packages.
New packages are available:
  Debian 9: qemu 1:2.8+dfsg-6+deb9u10

Debian 9: new slirp packages.
New packages are available:
  Debian 9: slirp 1:1.0.17-8+deb9u1

Juniper Junos Space: version 20.3R1.
The version 20.3R1 is fixed:
  https://www.juniper.net/support/downloads/

openSUSE Leap 15.1: new qemu packages.
New packages are available:
  openSUSE Leap 15.1: qemu 3.1.1.1-lp151.7.12.1

RHEL 6.10: new qemu-kvm packages.
New packages are available:
  RHEL 6.10: qemu-kvm 0.12.1.2-2.506.el6_10.7

RHEL 7.6: new qemu-kvm packages.
New packages are available:
  RHEL 7.6: qemu-kvm 1.5.3-160.el7_6.7

RHEL 7.7: new qemu-kvm-ma packages.
New packages are available:
  RHEL 7.7: qemu-kvm-ma 2.12.0-33.el7_7.3

RHEL 7.7: new qemu-kvm packages.
New packages are available:
  RHEL 7.7: qemu-kvm 1.5.3-167.el7_7.6

RHEL 7.8: new qemu-kvm-ma packages.
New packages are available:
  RHEL 7.8: qemu-kvm-ma 2.12.0-44.el7_8.1

RHEL 7.8: new qemu-kvm packages.
New packages are available:
  RHEL 7.8: qemu-kvm 1.5.3-173.el7_8.1

RHEL 7: new slirp4netns packages.
New packages are available:
  RHEL 7.7: slirp4netns 0.3.0-8.el7_7

RHEL 8.0: new virt-rhel module (21/07/2020).
The following module is updated:
  RHEL 8.0 Module: virt:rhel

RHEL 8.0: new virt-rhel module (30/06/2020).
The following module is updated:
  RHEL 8.0 Module: virt:rhel

RHEL 8.1: new container-tools-rhel8 module.
The following module is updated:
  RHEL 8.1 Module: container-tools:rhel8

RHEL 8.1: new virt-rhel module.
The following module is updated:
  RHEL 8.1 Module: virt:rhel

SUSE LE 11 SP3: new kvm packages.
New packages are available:
  SUSE LE 11 SP3: kvm 1.4.2-53.38.1

SUSE LE 11 SP3: new xen packages.
New packages are available:
  SUSE LE 11 SP3: xen 4.2.5_22-45.36.1

SUSE LE 12 SP2: new xen packages.
New packages are available:
  SUSE LE 12 SP2: xen 4.7.6_08-43.64.1

SUSE LE 12 SP3: new xen packages.
New packages are available:
  SUSE LE 12 SP3: xen 4.9.4_10-3.71.1

SUSE LE 12 SP4: new xen packages (05/08/2020).
New packages are available:
  SUSE LE 11 SP4: xen 4.4.4_42-61.52.1

SUSE LE 12 SP4: new xen packages (06/08/2020).
New packages are available:
  SUSE LE 12 SP4: xen 4.11.4_06-2.33.1

SUSE LE 12 SP5: new xen packages.
New packages are available:
  SUSE LE 12 SP5: xen 4.12.4_06-3.36.1

Ubuntu: new qemu packages.
New packages are available:
  Ubuntu 19.10: qemu 1:4.0+dfsg-0ubuntu9.4
  Ubuntu 18.04 LTS: qemu 1:2.11+dfsg-1ubuntu7.23
  Ubuntu 16.04 LTS: qemu 1:2.5+dfsg-5ubuntu10.43

Ubuntu: new slirp packages.
New packages are available:
  Ubuntu 18.04 LTS: slirp 1:1.0.17-8ubuntu18.04.1
  Ubuntu 16.04 LTS: slirp 1:1.0.17-8ubuntu16.04.1
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a computer vulnerability workaround. Each administrator can customize the list of products for which he wants to receive vulnerability alerts.