Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 608728 (CVE-2017-5931) - <app-emulation/qemu-2.8.0-r1: virtio: integer overflow in handling virtio-crypto requests
Summary: <app-emulation/qemu-2.8.0-r1: virtio: integer overflow in handling virtio-cry...
Status: RESOLVED FIXED
Alias: CVE-2017-5931
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: http://www.openwall.com/lists/oss-sec...
Whiteboard: B2 [glsa cve]
Keywords:
Depends on:
Blocks: CVE-2017-5525 CVE-2016-10155 CVE-2017-5552 CVE-2017-5578 CVE-2017-5579 CVE-2017-5667 608034 CVE-2017-5856 CVE-2017-5857 CVE-2017-5898
  Show dependency tree
 
Reported: 2017-02-09 11:00 UTC by Agostino Sarubbo
Modified: 2017-02-21 00:30 UTC (History)
1 user (show)

See Also:
Package list:
app-emulation/qemu-2.8.0-r1
Runtime testing required: ---
stable-bot: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2017-02-09 11:00:35 UTC
From ${URL} :

Quick Emulator(Qemu) built with the Virtio Crypto device emulation support is 
vulnerable to an integer overflow issue. It could occur while handling data 
encryption/decryption requests in 'virtio_crypto_handle_sym_req'.

A privileged user inside guest could use this flaw to crash the Qemu process 
resulting in DoS or potentially execute arbitrary code on the host with 
privileges of the Qemu process.

Upstream patch:
---------------
   -> https://lists.nongnu.org/archive/html/qemu-devel/2017-01/msg01368.html

Reference:
----------
   -> https://bugzilla.redhat.com/show_bug.cgi?id=1420092

This issue was reported by Mr Li Qiang of 360.cn Inc.

git commit:
http://git.qemu-project.org/?p=qemu.git;a=commit;h=a08aaff811fb194950f79711d2afe5a892ae03a4


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Matthias Maier gentoo-dev 2017-02-13 05:03:11 UTC
Stabilization on this bug.


Arches, please test and mark stable

  =app-emulation/qemu-2.8.0-r1

Target-keywords: "amd64 x86"



commit 69f166f734e87c4d5b025e9f2bbfcfba3d7cddcb
Author: Matthias Maier <tamiko@gentoo.org>
Date:   Sun Feb 12 22:50:18 2017 -0600

    app-emulation/qemu: fix various security issues, bug #608728 and others
    
    This commit applies upstream patches to 2.8.0 for the following CVEs
    
      CVE-2016-10155 #606720
      CVE-2017-2615  #608034
      CVE-2017-5525  #606264
      CVE-2017-5552  #606722
      CVE-2017-5578  #607000
      CVE-2017-5579  #607100
      CVE-2017-5667  #607766
      CVE-2017-5856  #608036
      CVE-2017-5857  #608038
      CVE-2017-5898  #608520
      CVE-2017-5931  #608728
    
    Package-Manager: Portage-2.3.3, Repoman-2.3.1
Comment 2 Agostino Sarubbo gentoo-dev 2017-02-13 11:13:33 UTC
amd64 stable
Comment 3 Agostino Sarubbo gentoo-dev 2017-02-14 15:40:10 UTC
x86 stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
Comment 4 Matthias Maier gentoo-dev 2017-02-14 16:46:43 UTC
commit 639357e1a6012e2f609a6e5956f59addb86fcf53
Author: Matthias Maier <tamiko@gentoo.org>
Date:   Tue Feb 14 10:45:26 2017 -0600

    app-emulation/qemu: remove vulnerable, bug #608728
    
    Package-Manager: Portage-2.3.3, Repoman-2.3.1
Comment 5 Thomas Deutschmann gentoo-dev Security 2017-02-16 18:31:32 UTC
New GLSA request filed.
Comment 6 GLSAMaker/CVETool Bot gentoo-dev 2017-02-21 00:30:37 UTC
This issue was resolved and addressed in
 GLSA 201702-28 at https://security.gentoo.org/glsa/201702-28
by GLSA coordinator Thomas Deutschmann (whissi).