593038 – (CVE-2016-7157) <app-emulation/qemu-2.7.0-r2: scsi: mptsas: invalid memory access while building configuration pages

Bug 593038 (CVE-2016-7157) - <app-emulation/qemu-2.7.0-r2: scsi: mptsas: invalid memory access while building configuration pages

Summary: <app-emulation/qemu-2.7.0-r2: scsi: mptsas: invalid memory access while build...

Status:	RESOLVED FIXED

Alias:	CVE-2016-7157

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor
Assignee:	Gentoo Security

URL:	http://www.openwall.com/lists/oss-sec...
Whiteboard:	B3 [glsa cve]
Keywords:

Depends on:
Blocks:	CVE-2016-7155 CVE-2016-7156 CVE-2016-7170 CVE-2016-7421 CVE-2016-7422
	Show dependency tree

Reported:	2016-09-07 09:38 UTC by Agostino Sarubbo
Modified:	2016-09-26 00:39 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Agostino Sarubbo gentoo-dev

2016-09-07 09:38:30 UTC

From ${URL} :

Quick emulator(Qemu) built with the LSI SAS1068 Host Bus emulation support, is 
vulnerable to an invalid memory access issue. It could occur while building 
configuration page headers in 'mptsas_config_manufacturing_1'.

A privileged user inside guest could use this flaw to crash the Qemu process 
on the host, resulting in DoS.

Upstream patches:
-----------------
   -> https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg04295.html
   -> https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg04296.html


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.

Comment 1 Matthias Maier gentoo-dev

2016-09-09 05:28:00 UTC

commit b28fcd11405545eb2e4973f96823337531eebb08
Author: Matthias Maier <tamiko@gentoo.org>
Date:   Fri Sep 9 00:10:05 2016 -0500

    app-emulation/qemu: fix static-user dep, security patches, bug #593038
    
    This commit resolves
    
      bug #591202
      bug #593024
      bug #593034 CVE-2016-7155
      bug #593036 CVE-2016-7156
      bug #593038 CVE-2016-7157
    
    Package-Manager: portage-2.2.28

Comment 2 Yury German Gentoo Infrastructure

2016-09-10 01:40:11 UTC

Maintainer(s), please advise if you are ready for stabilization or call for stabilization yourself.

Comment 3 Matthias Maier gentoo-dev

2016-09-10 02:29:14 UTC

Arches, please stabilize
 =app-emulation/qemu-2.7.0-r2

Target-keywords:"amd64 x86"

Comment 4 Agostino Sarubbo gentoo-dev

2016-09-10 12:50:24 UTC

amd64 stable

Comment 5 Matthias Maier gentoo-dev

2016-09-18 04:40:18 UTC

I hijack the stabilization for another round:


Arches, please stabilize
 =app-emulation/qemu-2.7.0-r3

Target-keywords:"amd64 x86"



commit b50850bf14489740441b408a2d45f6e64d724f7d
Author: Matthias Maier <tamiko@gentoo.org>
Date:   Sat Sep 17 23:02:53 2016 -0500

    app-emulation/qemu: security fixes, ebuild maintenance
    
    bug 593956: CVE-2016-7422
    bug 593950: CVE-2016-7421
    bug 590230: missing use depend opengl? ( media-libs/mesa[...,gbm] )
    bug 575326: update to readme.gentoo-r1 eclass
    
    Package-Manager: portage-2.2.28

Comment 6 Agostino Sarubbo gentoo-dev

2016-09-18 17:10:36 UTC

amd64 stable

Comment 7 Agostino Sarubbo gentoo-dev

2016-09-18 17:11:36 UTC

x86 stable.

Maintainer(s), please cleanup.
Security, please vote.

Comment 8 Yury German Gentoo Infrastructure

2016-09-25 23:07:25 UTC

Arches, Thank you for your work.
Added to an existing GLSA Request.

Maintainer(s), please drop the vulnerable version(s).
2.7.0-r2
2.7.0

Comment 9 Matthias Maier gentoo-dev

2016-09-26 00:16:25 UTC

commit 4dd281902e043e8e8299cf9991aa4841076ae66b
Author: Matthias Maier <tamiko@gentoo.org>
Date:   Sun Sep 25 19:15:20 2016 -0500

    app-emulation/qemu: drop vulnerable versions 2.7.0, 2.7.0-r2
    
    Package-Manager: portage-2.2.28

Comment 10 GLSAMaker/CVETool Bot gentoo-dev

2016-09-26 00:39:31 UTC

This issue was resolved and addressed in
 GLSA 201609-01 at https://security.gentoo.org/glsa/201609-01
by GLSA coordinator Yury German (BlueKnight).