Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 608728 (CVE-2017-5931)

Summary: <app-emulation/qemu-2.8.0-r1: virtio: integer overflow in handling virtio-crypto requests
Product: Gentoo Security Reporter: Agostino Sarubbo <ago>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: qemu+disabled
Priority: Normal Flags: stable-bot: sanity-check+
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://www.openwall.com/lists/oss-security/2017/02/07/8
Whiteboard: B2 [glsa cve]
Package list:
app-emulation/qemu-2.8.0-r1
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 606264, 606720, 606722, 607000, 607100, 607766, 608034, 608036, 608038, 608520    

Description Agostino Sarubbo gentoo-dev 2017-02-09 11:00:35 UTC
From ${URL} :

Quick Emulator(Qemu) built with the Virtio Crypto device emulation support is 
vulnerable to an integer overflow issue. It could occur while handling data 
encryption/decryption requests in 'virtio_crypto_handle_sym_req'.

A privileged user inside guest could use this flaw to crash the Qemu process 
resulting in DoS or potentially execute arbitrary code on the host with 
privileges of the Qemu process.

Upstream patch:
---------------
   -> https://lists.nongnu.org/archive/html/qemu-devel/2017-01/msg01368.html

Reference:
----------
   -> https://bugzilla.redhat.com/show_bug.cgi?id=1420092

This issue was reported by Mr Li Qiang of 360.cn Inc.

git commit:
http://git.qemu-project.org/?p=qemu.git;a=commit;h=a08aaff811fb194950f79711d2afe5a892ae03a4


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Matthias Maier gentoo-dev 2017-02-13 05:03:11 UTC
Stabilization on this bug.


Arches, please test and mark stable

  =app-emulation/qemu-2.8.0-r1

Target-keywords: "amd64 x86"



commit 69f166f734e87c4d5b025e9f2bbfcfba3d7cddcb
Author: Matthias Maier <tamiko@gentoo.org>
Date:   Sun Feb 12 22:50:18 2017 -0600

    app-emulation/qemu: fix various security issues, bug #608728 and others
    
    This commit applies upstream patches to 2.8.0 for the following CVEs
    
      CVE-2016-10155 #606720
      CVE-2017-2615  #608034
      CVE-2017-5525  #606264
      CVE-2017-5552  #606722
      CVE-2017-5578  #607000
      CVE-2017-5579  #607100
      CVE-2017-5667  #607766
      CVE-2017-5856  #608036
      CVE-2017-5857  #608038
      CVE-2017-5898  #608520
      CVE-2017-5931  #608728
    
    Package-Manager: Portage-2.3.3, Repoman-2.3.1
Comment 2 Agostino Sarubbo gentoo-dev 2017-02-13 11:13:33 UTC
amd64 stable
Comment 3 Agostino Sarubbo gentoo-dev 2017-02-14 15:40:10 UTC
x86 stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
Comment 4 Matthias Maier gentoo-dev 2017-02-14 16:46:43 UTC
commit 639357e1a6012e2f609a6e5956f59addb86fcf53
Author: Matthias Maier <tamiko@gentoo.org>
Date:   Tue Feb 14 10:45:26 2017 -0600

    app-emulation/qemu: remove vulnerable, bug #608728
    
    Package-Manager: Portage-2.3.3, Repoman-2.3.1
Comment 5 Thomas Deutschmann (RETIRED) gentoo-dev 2017-02-16 18:31:32 UTC
New GLSA request filed.
Comment 6 GLSAMaker/CVETool Bot gentoo-dev 2017-02-21 00:30:37 UTC
This issue was resolved and addressed in
 GLSA 201702-28 at https://security.gentoo.org/glsa/201702-28
by GLSA coordinator Thomas Deutschmann (whissi).