Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

qemu: CVE-2016-5238: scsi: esp: OOB write when using non-DMA mode in get_cmd

Related Vulnerabilities: CVE-2016-5238   CVE-2016-4454   CVE-2016-4453  

Source

Debian Bug report logs - #826152
qemu: CVE-2016-5238: scsi: esp: OOB write when using non-DMA mode in get_cmd

version graph

Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>;

Reported by: Salvatore Bonaccorso <carnil@debian.org>

Date: Thu, 2 Jun 2016 18:54:01 UTC

Severity: important

Tags: patch, security, upstream

Found in version qemu/2.1+dfsg-1

Fixed in version qemu/1:2.6+dfsg-3

Done: Michael Tokarev <mjt@tls.msk.ru>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>:
Bug#826152; Package src:qemu. (Thu, 02 Jun 2016 18:54:05 GMT) (full text, mbox, link).

Acknowledgement sent to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>. (Thu, 02 Jun 2016 18:54:05 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: qemu: CVE-2016-5238: scsi: esp: OOB write when using non-DMA mode in get_cmd
Date: Thu, 02 Jun 2016 20:51:37 +0200
Source: qemu
Version: 2.1+dfsg-1
Severity: important
Tags: security upstream patch

Hi,

the following vulnerability was published for qemu.

CVE-2016-5238[0]:
scsi: esp: OOB write when using non-DMA mode in get_cmd

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2016-5238
[1] https://marc.info/?l=oss-security&m=146488391120323&w=2
[2] https://bugzilla.redhat.com/show_bug.cgi?id=1341931

Regards,
Salvatore

Reply sent to Michael Tokarev <mjt@tls.msk.ru>:
You have taken responsibility. (Wed, 15 Jun 2016 06:21:04 GMT) (full text, mbox, link).

Notification sent to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer. (Wed, 15 Jun 2016 06:21:06 GMT) (full text, mbox, link).

Message #10 received at 826152-close@bugs.debian.org (full text, mbox, reply):

From: Michael Tokarev <mjt@tls.msk.ru>
To: 826152-close@bugs.debian.org
Subject: Bug#826152: fixed in qemu 1:2.6+dfsg-3
Date: Wed, 15 Jun 2016 06:19:06 +0000
Source: qemu
Source-Version: 1:2.6+dfsg-3

We believe that the bug you reported is fixed in the latest version of
qemu, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 826152@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Tokarev <mjt@tls.msk.ru> (supplier of updated qemu package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 15 Jun 2016 08:54:12 +0300
Source: qemu
Binary: qemu qemu-system qemu-block-extra qemu-system-common qemu-system-misc qemu-system-arm qemu-system-mips qemu-system-ppc qemu-system-sparc qemu-system-x86 qemu-user qemu-user-static qemu-user-binfmt qemu-utils qemu-guest-agent qemu-kvm
Architecture: source
Version: 1:2.6+dfsg-3
Distribution: unstable
Urgency: high
Maintainer: Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>
Changed-By: Michael Tokarev <mjt@tls.msk.ru>
Description:
 qemu       - fast processor emulator
 qemu-block-extra - extra block backend modules for qemu-system and qemu-utils
 qemu-guest-agent - Guest-side qemu-system agent
 qemu-kvm   - QEMU Full virtualization on x86 hardware
 qemu-system - QEMU full system emulation binaries
 qemu-system-arm - QEMU full system emulation binaries (arm)
 qemu-system-common - QEMU full system emulation binaries (common files)
 qemu-system-mips - QEMU full system emulation binaries (mips)
 qemu-system-misc - QEMU full system emulation binaries (miscellaneous)
 qemu-system-ppc - QEMU full system emulation binaries (ppc)
 qemu-system-sparc - QEMU full system emulation binaries (sparc)
 qemu-system-x86 - QEMU full system emulation binaries (x86)
 qemu-user  - QEMU user mode emulation binaries
 qemu-user-binfmt - QEMU user mode binfmt registration for qemu-user
 qemu-user-static - QEMU user mode emulation binaries (static version)
 qemu-utils - QEMU utilities
Closes: 826152
Changes:
 qemu (1:2.6+dfsg-3) unstable; urgency=high
 .
   * more security fixes picked from upstream:
    - CVE-2016-4454 fix (vmsvga) (Closes: CVE-2016-4454)
     vmsvga-add-more-fifo-checks-CVE-2016-4454.patch
     vmsvga-move-fifo-sanity-checks-to-vmsvga_fifo_length-CVE-2016-4454.patch
     vmsvga-shadow-fifo-registers-CVE-2016-4454.patch
    - vmsvga-don-t-process-more-than-1024-fifo-commands-at-once-CVE-2016-4453.patch
     (Closes: CVE-2016-4453)
    - scsi-check-buffer-length-before-reading-scsi-command-CVE-2016-5238.patch
     (Closes: #826152, CVE-2016-5238)
   * set urgency to high due to the amount of
     security fixes accumulated so far
Checksums-Sha1:
 caa32fef771a245a56fe084e030bc3ad498adc1a 5374 qemu_2.6+dfsg-3.dsc
 670546a1b1c8009e3a3eae029a9ee6e93be76e20 81396 qemu_2.6+dfsg-3.debian.tar.xz
Checksums-Sha256:
 05f44bd0b3cf993cdff6611140a00405baa39f23588a79a841d2db3233fc92df 5374 qemu_2.6+dfsg-3.dsc
 cdfa3eef7a354b856b7e9edbcc444a01a222c34317b4e208ded4c9297befe1a7 81396 qemu_2.6+dfsg-3.debian.tar.xz
Files:
 f1092c125121e44ccc3089072f1e01be 5374 otherosfs optional qemu_2.6+dfsg-3.dsc
 642c56b603748b29fa962014dcb91827 81396 otherosfs optional qemu_2.6+dfsg-3.debian.tar.xz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJXYO4xAAoJEL7lnXSkw9fbLOQIAMFcdwuXsbuTY51KL89Jujos
mXqTexXNKMhs7+7fjR/AtGA50LF0fl44fGMdHyYLnUdHyZTVXCETdKrzNVePsP4g
OcIAaJLSIAW3RPpFe375wQQFtwk0OTfMZ1YYIV/bdWFOFonm3wHwlimaMJxcgpSU
Fw73ZE01xlZJiPdlifkJuEQ+zkgVvE+q7knQyV/0VoQZqg9F24uVTNuZdWij7N7P
uyK5CuxEvdXaY9bzNQgWBv4piSWX6lRcJwak0YWuHbgoE02NpB/kDLYAN6fNBDJ9
WJnbhu8dNtBoidXLLhS2j+aOjfW+5IYJX1n4mGHm3INhAAe9jphh6S+0QPpZRCU=
=2NDy
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Fri, 15 Jul 2016 07:31:08 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 16:01:42 2019; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started