qemu: CVE-2017-9503: megasas: null pointer dereference while processing megasas command

Debian Bug report logs - #865754
qemu: CVE-2017-9503: megasas: null pointer dereference while processing megasas command

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: qemu: CVE-2017-9503: megasas: null pointer dereference while processing megasas command

Date: Sat, 24 Jun 2017 16:06:01 +0200

Source: qemu
Version: 1:2.8+dfsg-6
Severity: normal
Tags: upstream security

Hi,

the following vulnerability was published for qemu.

CVE-2017-9503[0]:
| QEMU (aka Quick Emulator), when built with MegaRAID SAS 8708EM2 Host
| Bus Adapter emulation support, allows local guest OS privileged users
| to cause a denial of service (NULL pointer dereference and QEMU
| process crash) via vectors involving megasas command processing.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-9503
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9503
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1459477
[2] https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9503.html
[3] https://bugzilla.novell.com/show_bug.cgi?id=1043296

Please adjust the affected versions in the BTS as needed. Quickly
checked only the stretch (and sid) version, but not jessie. If
affected this would still rather be no-dsa.

Regards,
Salvatore

Message #14 received at 865754-close@bugs.debian.org (full text, mbox, reply):

From: Michael Tokarev <mjt@tls.msk.ru>

To: 865754-close@bugs.debian.org

Subject: Bug#865754: fixed in qemu 1:2.10.0-1

Date: Sat, 23 Sep 2017 15:17:34 +0000

Source: qemu
Source-Version: 1:2.10.0-1

We believe that the bug you reported is fixed in the latest version of
qemu, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 865754@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Tokarev <mjt@tls.msk.ru> (supplier of updated qemu package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 23 Sep 2017 16:47:02 +0300
Source: qemu
Binary: qemu qemu-system qemu-block-extra qemu-system-common qemu-system-misc qemu-system-arm qemu-system-mips qemu-system-ppc qemu-system-sparc qemu-system-x86 qemu-user qemu-user-static qemu-user-binfmt qemu-utils qemu-guest-agent qemu-kvm
Architecture: source
Version: 1:2.10.0-1
Distribution: unstable
Urgency: medium
Maintainer: Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>
Changed-By: Michael Tokarev <mjt@tls.msk.ru>
Description:
 qemu       - fast processor emulator
 qemu-block-extra - extra block backend modules for qemu-system and qemu-utils
 qemu-guest-agent - Guest-side qemu-system agent
 qemu-kvm   - QEMU Full virtualization on x86 hardware
 qemu-system - QEMU full system emulation binaries
 qemu-system-arm - QEMU full system emulation binaries (arm)
 qemu-system-common - QEMU full system emulation binaries (common files)
 qemu-system-mips - QEMU full system emulation binaries (mips)
 qemu-system-misc - QEMU full system emulation binaries (miscellaneous)
 qemu-system-ppc - QEMU full system emulation binaries (ppc)
 qemu-system-sparc - QEMU full system emulation binaries (sparc)
 qemu-system-x86 - QEMU full system emulation binaries (x86)
 qemu-user  - QEMU user mode emulation binaries
 qemu-user-binfmt - QEMU user mode binfmt registration for qemu-user
 qemu-user-static - QEMU user mode emulation binaries (static version)
 qemu-utils - QEMU utilities
Closes: 864219 865754 869945
Changes:
 qemu (1:2.10.0-1) unstable; urgency=medium
 .
   * new upstream release, 2.10
     Closes: #865754, CVE-2017-9503
     Closes: #864219, CVE-2017-9375
     Closes: #869945
     Closed in this upstream release:
      #865755, CVE-2017-9524
      #863840, CVE-2017-9310
      #863943, CVE-2017-9330
      #864216, CVE-2017-9373
      #864568, CVE-2017-9374
      #869171, CVE-2017-11434
      #869173, CVE-2017-11334
      #869706, CVE-2017-10911
      #867751, CVE-2017-10806
      #866674, CVE-2017-10664
      #873849, CVE-2017-12809
   * dropped all fixes, applied upstream
   * dropped 02_kfreebsd.patch - apparently not relevant anymore
   * dropped +dfsg, use upstream tarball directly: we do not use
     binaries shipped there, and even for those, upstream tarball
     contains the sources
   * refreshed list of targets:
       qemu-or32, qemu-system-or32 => qemu-or1k, qemu-system-or1k
       +qemu-nios2, qemu-system-nios2
       +qemu-hppa
   * added hppa binfmt entry
   * refreshed docs lists for various packages
   * new (security) patches:
     vga-stop-passing-pointers-to-vga_draw_line-functions-CVE-2017-13672.patch (#873851)
     multiboot-validate-multiboot-header-address-values-CVE-2017-14167.patch (#874606)
     slirp-fix-clearing-ifq_so-from-pending-packets-CVE-2017-13711.patch (#873875)
Checksums-Sha1:
 9b7105394e0ce407ac071d3bdb2d496ecdeec171 5497 qemu_2.10.0-1.dsc
 5d6815fa3ab1c6163c7e886f26153feabdcbb0f8 25040324 qemu_2.10.0.orig.tar.xz
 40b63b5dca1852d4dc23320de5717bec8b6714c3 74200 qemu_2.10.0-1.debian.tar.xz
 91675719046a93f7680e7f9a23c9f61e2bf532cb 10782 qemu_2.10.0-1_source.buildinfo
Checksums-Sha256:
 6468cd585a28ccbbc8d7a0064f69e0172689107e5e144b6676be1abfc5e80e09 5497 qemu_2.10.0-1.dsc
 55d81ac987a4821d2744359c026d766459319ba9c013746570369068d93ff335 25040324 qemu_2.10.0.orig.tar.xz
 4e03eeef87369670def39db672ff66a4e73f26d6f9fd76c0f2c54d395594df33 74200 qemu_2.10.0-1.debian.tar.xz
 debd5968c7f7fd37ff91d3205fedf0d518803b0048dfb4eb69163edc5b7771fb 10782 qemu_2.10.0-1_source.buildinfo
Files:
 5ef06336f9a2755b897cf4a82f336f37 5497 otherosfs optional qemu_2.10.0-1.dsc
 a89e3293cf69c32cf4be4188dfa25544 25040324 otherosfs optional qemu_2.10.0.orig.tar.xz
 b116254e3a787ff817151c6432607ac9 74200 otherosfs optional qemu_2.10.0-1.debian.tar.xz
 4079c41b9a83c085a5b883f6118a6826 10782 otherosfs optional qemu_2.10.0-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQFDBAEBCAAtFiEEe3O61ovnosKJMUsicBtPaxppPlkFAlnGb38PHG1qdEB0bHMu
bXNrLnJ1AAoJEHAbT2saaT5Z2ZQIAIF3ef2PiB149m2ZdR2IOAX4qlXY0Pk/jYs4
GFJbLUbnfpC0YrfYEccOjbZ6XNRjkMIDZWDOyLCt79R77oJUUsj9JcflOSsiCeTb
lAX2A+0xfs00NPAd+QFqBYWCn/tavSNEGIShZFimzWtl2Pp/FPtwEsI16a2wXXjs
b3xbLAzkhlQyUMKmDvaN8GumlZaaXJsoTpwc7BkmSkHqExAELyiZgZ5D57/+JK2z
HPfozvTSeJMZ2vcDaPXY5ajTaXP1dlY8ggEzb3kHYIMly6Oelh4p3aKxPKeLDI3q
i5jVgqz03v5uCzqxUyP5TZmC4wOBbSX1nNsq1NWZhoQFL0fEMeQ=
=QkT2
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.