qemu: CVE-2016-7466: memory leakage during device unplug

Debian Bug report logs - #838687
qemu: CVE-2016-7466: memory leakage during device unplug

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: qemu: CVE-2016-7466: memory leakage during device unplug

Date: Fri, 23 Sep 2016 18:18:41 +0200

Source: qemu
Version: 1:2.6+dfsg-3.1
Severity: important
Tags: security upstream patch

Hi,

the following vulnerability was published for qemu.

CVE-2016-7466[0]:
usb: xhci memory leakage during device unplug

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2016-7466

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Message #10 received at 838687@bugs.debian.org (full text, mbox, reply):

From: Michael Tokarev <mjt@tls.msk.ru>

To: 838687@bugs.debian.org

Subject: Re: Bug#838687: qemu: CVE-2016-7466: memory leakage during device unplug

Date: Fri, 14 Oct 2016 16:26:31 +0300

Control: tag -1 + pending

23.09.2016 19:18, Salvatore Bonaccorso wrote:
> Source: qemu
> Version: 1:2.6+dfsg-3.1
> Severity: important
> Tags: security upstream patch
>
> Hi,
>
> the following vulnerability was published for qemu.
>
> CVE-2016-7466[0]:
> usb: xhci memory leakage during device unplug
>
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
>
> For further information see:
>
> [0] https://security-tracker.debian.org/tracker/CVE-2016-7466
>
> Please adjust the affected versions in the BTS as needed.

The affected code has been introduced in 2.2.0-rc. Before
that, xhci devices weren't hot-un-pluggable, so the bug
didn't exist.

No previous debian releases are affected.

More, device unplug can only be triggered from the outside of
the guest, i.e., by the administrator running the virtual machine.

Thanks,

/mjt

Message #17 received at 838687-close@bugs.debian.org (full text, mbox, reply):

From: Michael Tokarev <mjt@tls.msk.ru>

To: 838687-close@bugs.debian.org

Subject: Bug#838687: fixed in qemu 1:2.7+dfsg-3

Date: Thu, 27 Oct 2016 17:42:05 +0000

Source: qemu
Source-Version: 1:2.7+dfsg-3

We believe that the bug you reported is fixed in the latest version of
qemu, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 838687@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Tokarev <mjt@tls.msk.ru> (supplier of updated qemu package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 27 Oct 2016 19:38:01 +0300
Source: qemu
Binary: qemu qemu-system qemu-block-extra qemu-system-common qemu-system-misc qemu-system-arm qemu-system-mips qemu-system-ppc qemu-system-sparc qemu-system-x86 qemu-user qemu-user-static qemu-user-binfmt qemu-utils qemu-guest-agent qemu-kvm
Architecture: source
Version: 1:2.7+dfsg-3
Distribution: unstable
Urgency: medium
Maintainer: Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>
Changed-By: Michael Tokarev <mjt@tls.msk.ru>
Description:
 qemu       - fast processor emulator
 qemu-block-extra - extra block backend modules for qemu-system and qemu-utils
 qemu-guest-agent - Guest-side qemu-system agent
 qemu-kvm   - QEMU Full virtualization on x86 hardware
 qemu-system - QEMU full system emulation binaries
 qemu-system-arm - QEMU full system emulation binaries (arm)
 qemu-system-common - QEMU full system emulation binaries (common files)
 qemu-system-mips - QEMU full system emulation binaries (mips)
 qemu-system-misc - QEMU full system emulation binaries (miscellaneous)
 qemu-system-ppc - QEMU full system emulation binaries (ppc)
 qemu-system-sparc - QEMU full system emulation binaries (sparc)
 qemu-system-x86 - QEMU full system emulation binaries (x86)
 qemu-user  - QEMU user mode emulation binaries
 qemu-user-binfmt - QEMU user mode binfmt registration for qemu-user
 qemu-user-static - QEMU user mode emulation binaries (static version)
 qemu-utils - QEMU utilities
Closes: 837574 838687
Changes:
 qemu (1:2.7+dfsg-3) unstable; urgency=medium
 .
   * add PIE.patch to change loadable modules linker flags, from Adrian
     (Closes: #837574)
   * linux-user-fix-s390x-safe-syscall-for-z900.patch - fix FTBFS on s390x
   * mention CVE-2016-7466 for 2.7+dfsg-1 (Closes: #838687, CVE-2016-7466)
Checksums-Sha1:
 b0801be757059335e73115fe3075507a269da39c 5374 qemu_2.7+dfsg-3.dsc
 66e44924f5cf41f24a83a9bcb97f333955c45fe7 73792 qemu_2.7+dfsg-3.debian.tar.xz
Checksums-Sha256:
 f03cfaece450527b1e14424d96338adcdb48c64cffef1baf5d077e82d66a61ec 5374 qemu_2.7+dfsg-3.dsc
 4a01e3217abc2a337edb9a7ff986ca872e7b2132b9083e3748dfab96ff1caa0a 73792 qemu_2.7+dfsg-3.debian.tar.xz
Files:
 b910f6b207edb014b1278a56b01da780 5374 otherosfs optional qemu_2.7+dfsg-3.dsc
 688814212aa0a7e94750f07948f8b600 73792 otherosfs optional qemu_2.7+dfsg-3.debian.tar.xz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBCAAGBQJYEi3JAAoJEHAbT2saaT5ZkMkH/j19rVR4tglr1Pr1ciSu5584
4Rgcm3mKD4PK4+E7kzTHbER9iwk7ZVOk9HE448NF8A1IbPK3n9skOqeLK5yRQd5t
hMqWxJO0s7fBG5pKLjpBHZpPISmgPG6P3PgSDxtT7usynXcrHKvl3bb86PxnY+aN
69YM/cGw+maKf2lvBYhDNfTMnas23gpAcNgn+4NOVsJv1AXVctBVJj7PwOH3QRNL
ZpAYCCctBQVPTQibNEhOpTe4ARauxxXJWw87AV2K1b+BsLR9NfUl4nJ1Rx8XGNBY
liPAiyEOOGM1HSmLn+ObJk35Ukp/pFyawHXBNd1OcGWRuNi5aisRxORjMXLQvCc=
=Mf8i
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.