625850 – (CVE-2017-7539) <app-emulation/qemu-2.10.0: qemu-nbd crashes due to undefined I/O coroutine

Bug 625850 (CVE-2017-7539) - <app-emulation/qemu-2.10.0: qemu-nbd crashes due to undefined I/O coroutine

Summary: <app-emulation/qemu-2.10.0: qemu-nbd crashes due to undefined I/O coroutine

Status:	RESOLVED FIXED

Alias:	CVE-2017-7539

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor (vote)
Assignee:	Gentoo Security

URL:	https://bugzilla.redhat.com/show_bug....
Whiteboard:	B3 [noglsa cve]
Keywords:

Depends on:
Blocks:

Reported:	2017-07-21 12:54 UTC by Christopher Díaz Riveros (RETIRED)
Modified:	2017-11-19 20:38 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Christopher Díaz Riveros (RETIRED) gentoo-dev

2017-07-21 12:54:36 UTC

From URL:

Quick Emulator(Qemu) built with the Network Block Device(NBD) Server support
is vulnerable to a crash via assertion failure. It could occur if a client sent
undue data during initial connection negotiation.

A remote user/process could use this flaw to crash the qemu-nbd server
resulting in DoS.

Upstream patch:
---------------
  -> http://git.qemu.org/?p=qemu.git;a=commitdiff;h=2b0bbc4f8809c972bad134bc1a2570dbb01dea0b

Introduced by:
--------------
  -> http://git.qemu.org/?p=qemu.git;a=commitdiff;h=ff82911cd3f69f028f2537825c9720ff78bc3f19

Reference:
----------
  -> http://www.openwall.com/lists/oss-security/2017/07/21/4

Comment 1 Matthias Maier gentoo-dev

2017-07-26 16:52:03 UTC

This CVE does not apply to any version currently in tree. Version 2.9.0 does not contain [1]


[1] http://git.qemu.org/?p=qemu.git;a=commitdiff;h=ff82911cd3f69f028f2537825c9720ff78bc3f19

Comment 2 Matthias Maier gentoo-dev

2017-07-26 17:08:00 UTC

Please disregard my last comment.

Comment 3 Matthias Maier gentoo-dev

2017-07-26 18:57:50 UTC

commit 606c4d5b81243fb243bd38a21326e60c3318138c (HEAD -> master, origin/master, origin/HEAD)
Author: Matthias Maier <tamiko@gentoo.org>
Date:   Wed Jul 26 13:53:25 2017 -0500

    app-emulation/qemu: security patches
    
     CVE-2017-7539,  bug #625850
     CVE-2017-10664, bug #623016
     CVE-2017-10806, bug #624088
    
    Package-Manager: Portage-2.3.6, Repoman-2.3.3

Comment 4 Matthias Maier gentoo-dev

2017-07-26 19:31:52 UTC

I am sorry, the last patch for this issue was not functional - I reverted the change.


At the moment it is not feasible to backport this upstream commit.

Comment 5 Matthias Maier gentoo-dev

2017-11-12 20:46:27 UTC

No vulnerable versions left in tree. Security please proceed.