The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of QEMU: out-of-bounds memory reading via snprintf

Synthesis of the vulnerability 

An attacker can force a read at an invalid address via snprintf() of QEMU, in order to trigger a denial of service, or to obtain sensitive information.
Impacted software: Debian, openSUSE Leap, QEMU, RHEL, Ubuntu.
Severity of this computer vulnerability: 2/4.
Creation date: 06/02/2020.
Références of this announce: CVE-2020-8608, DLA-2142-1, DLA-2144-1, openSUSE-SU-2020:0468-1, RHSA-2020:0889-01, RHSA-2020:1208-01, RHSA-2020:1209-01, RHSA-2020:1351-01, RHSA-2020:1352-01, RHSA-2020:1379-01, RHSA-2020:1403-01, RHSA-2020:2773-01, RHSA-2020:2774-01, RHSA-2020:2844-01, USN-4283-1, VIGILANCE-VUL-31540.

Description of the vulnerability 

An attacker can force a read at an invalid address via snprintf() of QEMU, in order to trigger a denial of service, or to obtain sensitive information.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This security bulletin impacts software or systems such as Debian, openSUSE Leap, QEMU, RHEL, Ubuntu.

Our Vigil@nce team determined that the severity of this cybersecurity announce is medium.

The trust level is of type confirmed by the editor, with an origin of user shell.

An attacker with a expert ability can exploit this vulnerability alert.

Solutions for this threat 

QEMU: patch for snprintf.
A patch is available:
  https://gitlab.freedesktop.org/slirp/libslirp/commit/68ccb8021a838066f0951d4b2817eb6b6f10a843
  https://gitlab.freedesktop.org/slirp/libslirp/commit/68ccb8021a838066f0951d4b2817eb6b6f10a843
  https://gitlab.freedesktop.org/slirp/libslirp/commit/30648c03b27fb8d9611b723184216cd3174b6775

Debian 8: new qemu packages.
New packages are available:
  Debian 8: qemu 1:2.1+dfsg-12+deb8u14

Debian 8: new slirp packages.
New packages are available:
  Debian 8: slirp 1:1.0.17-7+deb8u2

openSUSE Leap 15.1: new qemu packages.
New packages are available:
  openSUSE Leap 15.1: qemu 3.1.1.1-lp151.7.12.1

RHEL 6.10: new qemu-kvm packages.
New packages are available:
  RHEL 6.10: qemu-kvm 0.12.1.2-2.506.el6_10.7

RHEL 7.6: new qemu-kvm packages.
New packages are available:
  RHEL 7.6: qemu-kvm 1.5.3-160.el7_6.7

RHEL 7.7: new qemu-kvm-ma packages.
New packages are available:
  RHEL 7.7: qemu-kvm-ma 2.12.0-33.el7_7.3

RHEL 7.7: new qemu-kvm packages.
New packages are available:
  RHEL 7.7: qemu-kvm 1.5.3-167.el7_7.6

RHEL 7.8: new qemu-kvm-ma packages.
New packages are available:
  RHEL 7.8: qemu-kvm-ma 2.12.0-44.el7_8.1

RHEL 7.8: new qemu-kvm packages.
New packages are available:
  RHEL 7.8: qemu-kvm 1.5.3-173.el7_8.1

RHEL 7: new slirp4netns packages.
New packages are available:
  RHEL 7.7: slirp4netns 0.3.0-8.el7_7

RHEL 8.0: new virt-rhel module.
The following module is updated:
  RHEL 8.0 Module: virt:rhel

RHEL 8.1: new container-tools-rhel8 module.
The following module is updated:
  RHEL 8.1 Module: container-tools:rhel8

RHEL 8.1: new virt-rhel module.
The following module is updated:
  RHEL 8.1 Module: virt:rhel

Ubuntu: new qemu packages.
New packages are available:
  Ubuntu 19.10: qemu 1:4.0+dfsg-0ubuntu9.4
  Ubuntu 18.04 LTS: qemu 1:2.11+dfsg-1ubuntu7.23
  Ubuntu 16.04 LTS: qemu 1:2.5+dfsg-5ubuntu10.43
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a computer vulnerability workaround. Each administrator can customize the list of products for which he wants to receive vulnerability alerts.