qemu: CVE-2017-2620: cirrus_bitblt_cputovideo does not check if memory region is safe

Debian Bug report logs - #855791
qemu: CVE-2017-2620: cirrus_bitblt_cputovideo does not check if memory region is safe

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: qemu: CVE-2017-2620: cirrus_bitblt_cputovideo does not check if memory region is safe

Date: Tue, 21 Feb 2017 17:03:52 +0100

Source: qemu
Version: 1:2.8+dfsg-2
Severity: grave
Tags: upstream security patch

Hi,

the following vulnerability was published for qemu.

CVE-2017-2620[0]:
display: cirrus: out-of-bounds access issue while in cirrus_bitblt_cputovideo

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-2620
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2620
[1] https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg04700.html

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Message #12 received at 855791-close@bugs.debian.org (full text, mbox, reply):

From: Michael Tokarev <mjt@tls.msk.ru>

To: 855791-close@bugs.debian.org

Subject: Bug#855791: fixed in qemu 1:2.8+dfsg-3

Date: Wed, 01 Mar 2017 10:04:15 +0000

Source: qemu
Source-Version: 1:2.8+dfsg-3

We believe that the bug you reported is fixed in the latest version of
qemu, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 855791@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Tokarev <mjt@tls.msk.ru> (supplier of updated qemu package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 28 Feb 2017 11:40:18 +0300
Source: qemu
Binary: qemu qemu-system qemu-block-extra qemu-system-common qemu-system-misc qemu-system-arm qemu-system-mips qemu-system-ppc qemu-system-sparc qemu-system-x86 qemu-user qemu-user-static qemu-user-binfmt qemu-utils qemu-guest-agent qemu-kvm
Architecture: source
Version: 1:2.8+dfsg-3
Distribution: unstable
Urgency: high
Maintainer: Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>
Changed-By: Michael Tokarev <mjt@tls.msk.ru>
Description:
 qemu       - fast processor emulator
 qemu-block-extra - extra block backend modules for qemu-system and qemu-utils
 qemu-guest-agent - Guest-side qemu-system agent
 qemu-kvm   - QEMU Full virtualization on x86 hardware
 qemu-system - QEMU full system emulation binaries
 qemu-system-arm - QEMU full system emulation binaries (arm)
 qemu-system-common - QEMU full system emulation binaries (common files)
 qemu-system-mips - QEMU full system emulation binaries (mips)
 qemu-system-misc - QEMU full system emulation binaries (miscellaneous)
 qemu-system-ppc - QEMU full system emulation binaries (ppc)
 qemu-system-sparc - QEMU full system emulation binaries (sparc)
 qemu-system-x86 - QEMU full system emulation binaries (x86)
 qemu-user  - QEMU user mode emulation binaries
 qemu-user-binfmt - QEMU user mode binfmt registration for qemu-user
 qemu-user-static - QEMU user mode emulation binaries (static version)
 qemu-utils - QEMU utilities
Closes: 839986 846497 853002 853006 853996 854032 854729 854730 854731 854893 855159 855227 855611 855616 855659 855791
Changes:
 qemu (1:2.8+dfsg-3) unstable; urgency=high
 .
   * urgency high due to security fixes
 .
   [ Michael Tokarev ]
   * serial-fix-memory-leak-in-serial-exit-CVE-2017-5579.patch
     Closes: #853002, CVE-2017-5579
   * cirrus-ignore-source-pitch-as-needed-in-blit_is_unsafe.patch
     (needed for the next patch, CVE-2017-2620 fix)
   * cirrus-add-blit_is_unsafe-to-cirrus_bitblt_cputovideo-CVE-2017-2620.patch
     Closes: #855791, CVE-2017-2620
   * nbd_client-fix-drop_sync-CVE-2017-2630.diff
     Closes: #855227, CVE-2017-2630
   * sd-sdhci-check-transfer-mode-register-in-multi-block-CVE-2017-5987.patch
     Closes: #855159, CVE-2017-5987
   * vmxnet3-fix-memory-corruption-on-vlan-header-stripping-CVE-2017-6058.patch
     Closes: #855616, CVE-2017-6058
   * 3 CVE fixes from upstream for #853996:
     sd-sdhci-check-data-length-during-dma_memory_read-CVE-2017-5667.patch
     megasas-fix-guest-triggered-memory-leak-CVE-2017-5856.patch
     virtio-gpu-fix-resource-leak-in-virgl_cmd_resource-CVE-2017-5857.patch
     Closes: #853996, CVE-2017-5667, CVE-2017-5856, CVE-2017-5857
   * usb-ccid-check-ccid-apdu-length-CVE-2017-5898.patch
     Closes: #854729, CVE-2017-5898
   * virtio-crypto-fix-possible-integer-and-heap-overflow-CVE-2017-5931.patch
     Closes: #854730, CVE-2017-5931
   * xhci-apply-limits-to-loops-CVE-2017-5973.patch
     Closes: #855611, CVE-2017-5973
   * net-imx-limit-buffer-descriptor-count-CVE-2016-7907.patch
     Closes: #839986, CVE-2016-7907
   * cirrus-fix-oob-access-issue-CVE-2017-2615.patch
     Closes: #854731, CVE-2017-2615
   * 9pfs-symlink-attack-fixes-CVE-2016-9602.patch
     Closes: #853006
   * vnc-do-not-disconnect-on-EAGAIN.patch
     Closes: #854032
   * xhci-fix-event-queue-IRQ-handling.patch (win7 xhci issue fix)
   * xhci-only-free-completed-transfers.patch
     Closes: #855659
   * char-fix-ctrl-a-b-not-working.patch
     Closes: https://bugs.launchpad.net/bugs/1654137
   * char-drop-data-written-to-a-disconnected-pty.patch
     Closes: https://bugs.launchpad.net/bugs/1667033
   * s390x-use-qemu-cpu-model-in-user-mode.patch
     Closes: #854893
   * d/control is autogenerated, add comment
   * check if debootstrap is available in qemu-debootstrap
     Closes: #846497
 .
   [ Christian Ehrhardt ]
   * (ubuntu) no more skip enable libiscsi (now in main)
   * (ubuntu) Disable glusterfs (Universe dependency)
   * (ubuntu) have qemu-system-arm suggest: qemu-efi;
     this should be a stronger relationship, but qemu-efi is still
     in universe right now.
   * (ubuntu) change dependencies for fix of wrong acl for newly
     created device node on ubuntu
Checksums-Sha1:
 d5dc11d3538dd060f71fbc43045bef33368d70ee 5513 qemu_2.8+dfsg-3.dsc
 6dc97a4a9ac7940ad35955fd3b5061fb25b181df 92520 qemu_2.8+dfsg-3.debian.tar.xz
Checksums-Sha256:
 c59ce113cac6a8579d9c7c56b6ab47ae2412c3847262bee4a81804fff184c3b3 5513 qemu_2.8+dfsg-3.dsc
 3ac5b4bef0d983b319f3556ea3c5182956f7c99fb5cb4cacf30eca04063aeccd 92520 qemu_2.8+dfsg-3.debian.tar.xz
Files:
 b159f7aabda3b2ba51d9f7e2355778b0 5513 otherosfs optional qemu_2.8+dfsg-3.dsc
 3fbd6bce7e95f908a86d1ea695c219f0 92520 otherosfs optional qemu_2.8+dfsg-3.debian.tar.xz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBCAAGBQJYtpbQAAoJEHAbT2saaT5ZWMUH/3Ir5jIi/XP9f215Q1yPDSml
DVJuDmH8l+IHNFgq1Hi8rxj4FWT/dVZ4tCnJewiNBrDrZ33C/C7wY0mKrVUdczS/
74mv+qkTO5+85j39XvJCLvrL4D30EccRwrCHbPDW2RELaL6MO0fdlMiH3dUy93hT
fcR93oIjWv+3qfnlC+MLXom6MdYAJ+kSoUpOIUgx23J4yYkXoIgIG9d+LFURhEEv
/7FOaIJlwHF1Hd/sUnBsmsUHBj1h0tpJ5xyY36nuhzHmgapQg1x6/WWr/Z40Xa3Z
mM4w6fdWtOTpgaSP/UVjtPOpMisNk3Wqr13NfXlm2KHtREk+NR9/K2Q8EB3JMJs=
=U/A9
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.