Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

qemu: CVE-2017-8086: 9pfs: host memory leakage via v9pfs_list_xattr

Related Vulnerabilities: CVE-2017-8086   CVE-2016-9602   CVE-2017-7471   CVE-2017-8112   CVE-2017-8380   CVE-2017-8379   CVE-2017-8309  

Source

Debian Bug report logs - #861348
qemu: CVE-2017-8086: 9pfs: host memory leakage via v9pfs_list_xattr

version graph

Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>;

Reported by: Salvatore Bonaccorso <carnil@debian.org>

Date: Thu, 27 Apr 2017 19:45:02 UTC

Severity: normal

Tags: patch, security, upstream

Found in version qemu/1:2.8+dfsg-4

Fixed in version qemu/1:2.8+dfsg-5

Done: Michael Tokarev <mjt@tls.msk.ru>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>:
Bug#861348; Package src:qemu. (Thu, 27 Apr 2017 19:45:04 GMT) (full text, mbox, link).

Acknowledgement sent to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>. (Thu, 27 Apr 2017 19:45:04 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: qemu: CVE-2017-8086: 9pfs: host memory leakage via v9pfs_list_xattr
Date: Thu, 27 Apr 2017 21:40:12 +0200
Source: qemu
Version: 1:2.8+dfsg-4
Severity: normal
Tags: security patch upstream

Hi,

the following vulnerability was published for qemu.

CVE-2017-8086[0]:
9pfs: host memory leakage via v9pfs_list_xattr

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-8086
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8086
[1] http://git.qemu.org/?p=qemu.git;a=commit;h=4ffcdef4277a91af15a3c09f7d16af072c29f3f2 (v2.9.0-rc4)
[2] https://bugzilla.redhat.com/show_bug.cgi?id=1444781

Please adjust the affected versions in the BTS as needed, at point of
writing this bugreport only unstable source has been checked.

Regards,
Salvatore

Information forwarded to debian-bugs-dist@lists.debian.org, Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>:
Bug#861348; Package src:qemu. (Thu, 27 Apr 2017 19:57:10 GMT) (full text, mbox, link).

Acknowledgement sent to Salvatore Bonaccorso <carnil@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>. (Thu, 27 Apr 2017 19:57:10 GMT) (full text, mbox, link).

Message #10 received at 861348@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>
To: 861348@bugs.debian.org
Subject: Re: Bug#861348: qemu: CVE-2017-8086: 9pfs: host memory leakage via v9pfs_list_xattr
Date: Thu, 27 Apr 2017 21:53:08 +0200
On Thu, Apr 27, 2017 at 09:40:12PM +0200, Salvatore Bonaccorso wrote:
> Please adjust the affected versions in the BTS as needed, at point of
> writing this bugreport only unstable source has been checked.

Please double-check the following. The issue might only have been
introduced due to applying d10142c11bdcecebe97fd834a834167053b7a05c a
commit to help/partially fix CVE-2016-9602.

So extra care needs to be done if CVE-2016-9602 is fixed as well for
jessie, then we might open CVE-2017-8086.

Regards,
Salvatore

Added tag(s) pending. Request was from <mjt@tls.msk.ru> to control@bugs.debian.org. (Sat, 29 Apr 2017 06:51:03 GMT) (full text, mbox, link).

Reply sent to Michael Tokarev <mjt@tls.msk.ru>:
You have taken responsibility. (Wed, 17 May 2017 06:42:06 GMT) (full text, mbox, link).

Notification sent to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer. (Wed, 17 May 2017 06:42:06 GMT) (full text, mbox, link).

Message #17 received at 861348-close@bugs.debian.org (full text, mbox, reply):

From: Michael Tokarev <mjt@tls.msk.ru>
To: 861348-close@bugs.debian.org
Subject: Bug#861348: fixed in qemu 1:2.8+dfsg-5
Date: Wed, 17 May 2017 06:38:07 +0000
Source: qemu
Source-Version: 1:2.8+dfsg-5

We believe that the bug you reported is fixed in the latest version of
qemu, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 861348@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Tokarev <mjt@tls.msk.ru> (supplier of updated qemu package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 17 May 2017 09:01:24 +0300
Source: qemu
Binary: qemu qemu-system qemu-block-extra qemu-system-common qemu-system-misc qemu-system-arm qemu-system-mips qemu-system-ppc qemu-system-sparc qemu-system-x86 qemu-user qemu-user-static qemu-user-binfmt qemu-utils qemu-guest-agent qemu-kvm
Architecture: source
Version: 1:2.8+dfsg-5
Distribution: unstable
Urgency: high
Maintainer: Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>
Changed-By: Michael Tokarev <mjt@tls.msk.ru>
Description:
 qemu       - fast processor emulator
 qemu-block-extra - extra block backend modules for qemu-system and qemu-utils
 qemu-guest-agent - Guest-side qemu-system agent
 qemu-kvm   - QEMU Full virtualization on x86 hardware
 qemu-system - QEMU full system emulation binaries
 qemu-system-arm - QEMU full system emulation binaries (arm)
 qemu-system-common - QEMU full system emulation binaries (common files)
 qemu-system-mips - QEMU full system emulation binaries (mips)
 qemu-system-misc - QEMU full system emulation binaries (miscellaneous)
 qemu-system-ppc - QEMU full system emulation binaries (ppc)
 qemu-system-sparc - QEMU full system emulation binaries (sparc)
 qemu-system-x86 - QEMU full system emulation binaries (x86)
 qemu-user  - QEMU user mode emulation binaries
 qemu-user-binfmt - QEMU user mode binfmt registration for qemu-user
 qemu-user-static - QEMU user mode emulation binaries (static version)
 qemu-utils - QEMU utilities
Closes: 860785 861348 861351 862280 862282 862289
Changes:
 qemu (1:2.8+dfsg-5) unstable; urgency=high
 .
   * Security fix release
   * 9pfs-local-set-path-of-export-root-to-dot-CVE-2017-7471.patch
     Closes: #860785, CVE-2017-7471
   * 9pfs-xattr-fix-memory-leak-in-v9fs_list_xattr-CVE-2017-8086.patch
     Closes: #861348, CVE-2017-8086
   * vmw_pvscsi-check-message-ring-page-count-at-init-CVE-2017-8112.patch
     Closes: #861351, CVE-2017-8112
   * scsi-avoid-an-off-by-one-error-in-megasas_mmio_write-CVE-2017-8380.patch
     Closes: #862282, CVE-2017-8380
   * input-limit-kbd-queue-depth-CVE-2017-8379.patch
     Closes: #862289, CVE-2017-8379
   * audio-release-capture-buffers-CVE-2017-8309.patch
     Closes: #862280, CVE-2017-8309
Checksums-Sha1:
 15604eac9a024e6c67aa1307e8c6cad012e0cbd6 5551 qemu_2.8+dfsg-5.dsc
 908078bbc64384750e38099df5cd33e439a04897 116796 qemu_2.8+dfsg-5.debian.tar.xz
 1b236111206cc9b2b35ba1415bd7d3a86316b64f 10151 qemu_2.8+dfsg-5_source.buildinfo
Checksums-Sha256:
 d49d6808cd2610205293b59b1b354b98d75ec34f3452595419d8c5ffb178dd2e 5551 qemu_2.8+dfsg-5.dsc
 14f93b47667c0d8555abfc0686e39e641dfa353d4a62ec96602b0794396c1401 116796 qemu_2.8+dfsg-5.debian.tar.xz
 2ceea1bac3bb8978ad01b08d1199db6c0ba871d711920873739d0066edc2d658 10151 qemu_2.8+dfsg-5_source.buildinfo
Files:
 076b80e402580bfb3c951b94af53f943 5551 otherosfs optional qemu_2.8+dfsg-5.dsc
 9e4b382b32d6b06c71d2cbae1730f9a3 116796 otherosfs optional qemu_2.8+dfsg-5.debian.tar.xz
 22ac5889dcb1cddf5275146b1fe8b9d0 10151 otherosfs optional qemu_2.8+dfsg-5_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQFDBAEBCAAtFiEEe3O61ovnosKJMUsicBtPaxppPlkFAlkb6EIPHG1qdEB0bHMu
bXNrLnJ1AAoJEHAbT2saaT5Z8Z0H+QGIU/9BfCpA5uaYEbHBxxfzMJ8BelmiiT9m
25Zc2aIafrSlC+ciT0CfpXwHwqQejcY8TFF0CMsKN7VsuzIzW4RP3XH7lL4KNmP3
PkDvCpm/M5XtfFx1Jj8ytwUuq6koBt7wj+H8PWkrE7k4wGd5zqmnKpZ7PEXW9C7v
IcaxSCX/RoFORJci5+GZvR4l5ffKhAAHFUvct3V7Q6Cg/glNVIldeA0pq/qHYa8n
GptVRtU0NIoqT1CEBAHgb+VlQePo3YldKGsaBwZsUK019n5Ub7Ec/Bm4UpF35Bsb
URac60tlH18AMfyRkj7Fcxpyh+6gW3lq72fRDQxtWRQ3Hof44wA=
=wjmv
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 25 Jun 2017 07:26:37 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 14:19:49 2019; Machine Name: beach

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started