PublicDateAtUSN: 2019-09-06 17:15:00 UTC Candidate: CVE-2019-15890 PublicDate: 2019-09-06 17:15:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15890 https://www.openwall.com/lists/oss-security/2019/09/06/3 http://www.openwall.com/lists/oss-security/2019/09/06/3 https://ubuntu.com/security/notices/USN-4191-1 https://ubuntu.com/security/notices/USN-4191-2 Description: libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c. Ubuntu-Description: It was discovered that a use-after-free vulnerability existed in the SLiRP networking implementation of QEMU. A local attacker in a guest could use this to cause a denial of service. Notes: Mitigation: Bugs: Priority: low Discovered-by: Assigned-to: sbeattie CVSS: nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH] Patches_qemu-kvm: upstream_qemu-kvm: needs-triage precise/esm_qemu-kvm: ignored (end of ESM support, was needs-triage) trusty_qemu-kvm: DNE trusty/esm_qemu-kvm: DNE xenial_qemu-kvm: DNE bionic_qemu-kvm: DNE disco_qemu-kvm: DNE eoan_qemu-kvm: DNE focal_qemu-kvm: DNE groovy_qemu-kvm: DNE hirsute_qemu-kvm: DNE impish_qemu-kvm: DNE jammy_qemu-kvm: DNE devel_qemu-kvm: DNE Patches_qemu: upstream: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=b27192be13da3fb59f51185d9a1f944b3474b2fc (stable-4.0) upstream_qemu: released (1:4.1-2) precise/esm_qemu: DNE trusty_qemu: ignored (out of standard support) trusty/esm_qemu: released (2.0.0+dfsg-2ubuntu1.47) xenial_qemu: released (1:2.5+dfsg-5ubuntu10.42) esm-infra/xenial_qemu: released (1:2.5+dfsg-5ubuntu10.42) bionic_qemu: released (1:2.11+dfsg-1ubuntu7.20) disco_qemu: released (1:3.1+dfsg-2ubuntu3.6) eoan_qemu: released (1:4.0+dfsg-0ubuntu9.1) focal_qemu: released (1:4.2-1ubuntu1) groovy_qemu: released (1:4.2-1ubuntu1) hirsute_qemu: released (1:4.2-1ubuntu1) impish_qemu: released (1:4.2-1ubuntu1) jammy_qemu: released (1:4.2-1ubuntu1) devel_qemu: released (1:4.2-1ubuntu1) Patches_xen: Tags_xen: universe-binary upstream_xen: needs-triage precise/esm_xen: DNE trusty_xen: ignored (out of standard support) trusty/esm_xen: DNE xenial_xen: ignored (end of standard support, was needs-triage) esm-infra/xenial_xen: needs-triage bionic_xen: needs-triage disco_xen: ignored (reached end-of-life) eoan_xen: ignored (reached end-of-life) focal_xen: needs-triage groovy_xen: ignored (reached end-of-life) hirsute_xen: ignored (reached end-of-life) impish_xen: needs-triage jammy_xen: needs-triage devel_xen: needs-triage Patches_android: upstream_android: needs-triage precise/esm_android: DNE trusty_android: ignored (out of standard support) trusty/esm_android: DNE xenial_android: ignored (end of standard support, was needs-triage) bionic_android: DNE disco_android: DNE eoan_android: DNE focal_android: DNE groovy_android: DNE hirsute_android: DNE impish_android: DNE jammy_android: DNE devel_android: DNE Patches_basilisk2: upstream_basilisk2: needs-triage precise/esm_basilisk2: DNE trusty_basilisk2: ignored (out of standard support) trusty/esm_basilisk2: DNE xenial_basilisk2: ignored (end of standard support, was needs-triage) bionic_basilisk2: needs-triage disco_basilisk2: ignored (reached end-of-life) eoan_basilisk2: ignored (reached end-of-life) focal_basilisk2: needs-triage groovy_basilisk2: ignored (reached end-of-life) hirsute_basilisk2: ignored (reached end-of-life) impish_basilisk2: needs-triage jammy_basilisk2: needs-triage devel_basilisk2: needs-triage Patches_bochs: upstream_bochs: needs-triage precise/esm_bochs: DNE trusty_bochs: ignored (out of standard support) trusty/esm_bochs: DNE xenial_bochs: ignored (end of standard support, was needs-triage) bionic_bochs: needs-triage disco_bochs: ignored (reached end-of-life) eoan_bochs: ignored (reached end-of-life) focal_bochs: needs-triage groovy_bochs: ignored (reached end-of-life) hirsute_bochs: ignored (reached end-of-life) impish_bochs: needs-triage jammy_bochs: needs-triage devel_bochs: needs-triage Patches_fs-uae: upstream_fs-uae: needs-triage precise/esm_fs-uae: DNE trusty_fs-uae: ignored (out of standard support) trusty/esm_fs-uae: DNE xenial_fs-uae: ignored (end of standard support, was needs-triage) bionic_fs-uae: needs-triage disco_fs-uae: ignored (reached end-of-life) eoan_fs-uae: ignored (reached end-of-life) focal_fs-uae: needs-triage groovy_fs-uae: ignored (reached end-of-life) hirsute_fs-uae: ignored (reached end-of-life) impish_fs-uae: needs-triage jammy_fs-uae: needs-triage devel_fs-uae: needs-triage Patches_ns3: upstream_ns3: needs-triage precise/esm_ns3: DNE trusty_ns3: ignored (out of standard support) trusty/esm_ns3: DNE xenial_ns3: ignored (end of standard support, was needs-triage) bionic_ns3: needs-triage disco_ns3: ignored (reached end-of-life) eoan_ns3: ignored (reached end-of-life) focal_ns3: needs-triage groovy_ns3: ignored (reached end-of-life) hirsute_ns3: ignored (reached end-of-life) impish_ns3: needs-triage jammy_ns3: needs-triage devel_ns3: needs-triage Patches_qemu-kvm-spice: upstream_qemu-kvm-spice: needs-triage precise/esm_qemu-kvm-spice: DNE trusty_qemu-kvm-spice: ignored (out of standard support) trusty/esm_qemu-kvm-spice: DNE xenial_qemu-kvm-spice: DNE bionic_qemu-kvm-spice: DNE disco_qemu-kvm-spice: DNE eoan_qemu-kvm-spice: DNE focal_qemu-kvm-spice: DNE groovy_qemu-kvm-spice: DNE hirsute_qemu-kvm-spice: DNE impish_qemu-kvm-spice: DNE jammy_qemu-kvm-spice: DNE devel_qemu-kvm-spice: DNE Patches_qemu-linaro: upstream_qemu-linaro: needs-triage precise/esm_qemu-linaro: DNE trusty_qemu-linaro: ignored (out of standard support) trusty/esm_qemu-linaro: DNE xenial_qemu-linaro: DNE bionic_qemu-linaro: DNE disco_qemu-linaro: DNE eoan_qemu-linaro: DNE focal_qemu-linaro: DNE groovy_qemu-linaro: DNE hirsute_qemu-linaro: DNE impish_qemu-linaro: DNE jammy_qemu-linaro: DNE devel_qemu-linaro: DNE Patches_redboot-imx: upstream_redboot-imx: needs-triage precise/esm_redboot-imx: DNE trusty_redboot-imx: ignored (out of standard support) trusty/esm_redboot-imx: DNE xenial_redboot-imx: ignored (end of standard support, was needs-triage) bionic_redboot-imx: needs-triage disco_redboot-imx: ignored (reached end-of-life) eoan_redboot-imx: ignored (reached end-of-life) focal_redboot-imx: DNE groovy_redboot-imx: DNE hirsute_redboot-imx: DNE impish_redboot-imx: DNE jammy_redboot-imx: DNE devel_redboot-imx: DNE Patches_slirp: upstream_slirp: needs-triage precise/esm_slirp: DNE trusty_slirp: ignored (out of standard support) trusty/esm_slirp: DNE xenial_slirp: ignored (end of standard support, was needs-triage) bionic_slirp: needs-triage disco_slirp: ignored (reached end-of-life) eoan_slirp: ignored (reached end-of-life) focal_slirp: needs-triage groovy_slirp: ignored (reached end-of-life) hirsute_slirp: ignored (reached end-of-life) impish_slirp: needs-triage jammy_slirp: needs-triage devel_slirp: needs-triage Patches_slirp4netns: upstream_slirp4netns: needs-triage precise/esm_slirp4netns: DNE trusty_slirp4netns: ignored (out of standard support) trusty/esm_slirp4netns: DNE xenial_slirp4netns: DNE bionic_slirp4netns: DNE disco_slirp4netns: ignored (reached end-of-life) eoan_slirp4netns: not-affected (0.4.1-1) focal_slirp4netns: not-affected (0.4.1-1) groovy_slirp4netns: not-affected (0.4.1-1) hirsute_slirp4netns: not-affected (0.4.1-1) impish_slirp4netns: not-affected (0.4.1-1) jammy_slirp4netns: not-affected (0.4.1-1) devel_slirp4netns: not-affected (0.4.1-1) Patches_vde2: upstream_vde2: needs-triage precise/esm_vde2: DNE trusty_vde2: ignored (out of standard support) trusty/esm_vde2: DNE xenial_vde2: ignored (end of standard support, was needs-triage) bionic_vde2: needs-triage disco_vde2: ignored (reached end-of-life) eoan_vde2: ignored (reached end-of-life) focal_vde2: needs-triage groovy_vde2: ignored (reached end-of-life) hirsute_vde2: ignored (reached end-of-life) impish_vde2: needs-triage jammy_vde2: needs-triage devel_vde2: needs-triage Patches_virtualbox: upstream_virtualbox: needs-triage precise/esm_virtualbox: DNE trusty_virtualbox: ignored (out of standard support) trusty/esm_virtualbox: DNE xenial_virtualbox: ignored (end of standard support, was needs-triage) bionic_virtualbox: needs-triage disco_virtualbox: ignored (reached end-of-life) eoan_virtualbox: ignored (reached end-of-life) focal_virtualbox: needs-triage groovy_virtualbox: ignored (reached end-of-life) hirsute_virtualbox: ignored (reached end-of-life) impish_virtualbox: needs-triage jammy_virtualbox: needs-triage devel_virtualbox: needs-triage Patches_virtualbox-hwe: upstream_virtualbox-hwe: needs-triage precise/esm_virtualbox-hwe: DNE trusty_virtualbox-hwe: ignored (out of standard support) trusty/esm_virtualbox-hwe: DNE xenial_virtualbox-hwe: ignored (end of standard support, was needs-triage) bionic_virtualbox-hwe: needs-triage disco_virtualbox-hwe: ignored (reached end-of-life) eoan_virtualbox-hwe: ignored (reached end-of-life) focal_virtualbox-hwe: needs-triage groovy_virtualbox-hwe: ignored (reached end-of-life) hirsute_virtualbox-hwe: ignored (reached end-of-life) impish_virtualbox-hwe: needs-triage jammy_virtualbox-hwe: needs-triage devel_virtualbox-hwe: needs-triage Patches_virtualbox-lts-vivid: upstream_virtualbox-lts-vivid: needs-triage precise/esm_virtualbox-lts-vivid: DNE trusty_virtualbox-lts-vivid: ignored (out of standard support) trusty/esm_virtualbox-lts-vivid: DNE xenial_virtualbox-lts-vivid: DNE bionic_virtualbox-lts-vivid: DNE disco_virtualbox-lts-vivid: DNE eoan_virtualbox-lts-vivid: DNE focal_virtualbox-lts-vivid: DNE groovy_virtualbox-lts-vivid: DNE hirsute_virtualbox-lts-vivid: DNE impish_virtualbox-lts-vivid: DNE jammy_virtualbox-lts-vivid: DNE devel_virtualbox-lts-vivid: DNE Patches_virtualbox-lts-wily: upstream_virtualbox-lts-wily: needs-triage precise/esm_virtualbox-lts-wily: DNE trusty_virtualbox-lts-wily: ignored (out of standard support) trusty/esm_virtualbox-lts-wily: DNE xenial_virtualbox-lts-wily: DNE bionic_virtualbox-lts-wily: DNE disco_virtualbox-lts-wily: DNE eoan_virtualbox-lts-wily: DNE focal_virtualbox-lts-wily: DNE groovy_virtualbox-lts-wily: DNE hirsute_virtualbox-lts-wily: DNE impish_virtualbox-lts-wily: DNE jammy_virtualbox-lts-wily: DNE devel_virtualbox-lts-wily: DNE Patches_virtualbox-lts-xenial: upstream_virtualbox-lts-xenial: needs-triage precise/esm_virtualbox-lts-xenial: DNE trusty_virtualbox-lts-xenial: ignored (out of standard support) trusty/esm_virtualbox-lts-xenial: DNE xenial_virtualbox-lts-xenial: DNE bionic_virtualbox-lts-xenial: DNE disco_virtualbox-lts-xenial: DNE eoan_virtualbox-lts-xenial: DNE focal_virtualbox-lts-xenial: DNE groovy_virtualbox-lts-xenial: DNE hirsute_virtualbox-lts-xenial: DNE impish_virtualbox-lts-xenial: DNE jammy_virtualbox-lts-xenial: DNE devel_virtualbox-lts-xenial: DNE Patches_libslirp: upstream: https://gitlab.freedesktop.org/slirp/libslirp/commit/c59279437eda91841b9d26079c70b8a540d41204 upstream_libslirp: needs-triage precise/esm_libslirp: DNE trusty_libslirp: ignored (out of standard support) trusty/esm_libslirp: DNE xenial_libslirp: DNE bionic_libslirp: DNE disco_libslirp: DNE eoan_libslirp: DNE focal_libslirp: not-affected (4.1.0-2) groovy_libslirp: not-affected (4.1.0-2) hirsute_libslirp: not-affected (4.1.0-2) impish_libslirp: not-affected (4.1.0-2) jammy_libslirp: not-affected (4.1.0-2) devel_libslirp: not-affected (4.1.0-2)