Bug 1473622 (CVE-2017-7539)
Summary: | CVE-2017-7539 Qemu: qemu-nbd crashes due to undefined I/O coroutine | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Prasad Pandit <ppandit> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | ailan, amit, apevec, areis, berrange, cfergeau, chrisw, cvsbot-xmlrpc, ddepaula, drjones, dwmw2, imammedo, itamar, jen, jjoyce, jschluet, kbasil, knoel, lhh, lpeer, markmc, m.a.young, mburns, mkenneth, mrezanin, mst, pbonzini, rbryant, rjones, rkrcmar, robinlee.sysu, sclewis, slinaber, slong, srevivo, tdecacqu, virt-maint, virt-maint, vkuznets, xen-maint |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: |
An assertion-failure flaw was found in the Network Block Device (NBD) server's initial connection negotiation, where the I/O coroutine was undefined. This could crash the qemu-nbd server if a client sent unexpected data during connection negotiation. A remote user or process could use this flaw to crash the qemu-nbd server resulting in denial of service.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2019-06-08 03:17:20 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1467509, 1473624, 1473625, 1473627, 1473628, 1473629, 1473630, 1473631, 1473632, 1473633, 1473634, 1473638 | ||
Bug Blocks: | 1472118, 1520687 |
Description
Prasad Pandit
2017-07-21 10:31:30 UTC
Created xen tracking bugs for this issue: Affects: fedora-all [bug 1473625] Created qemu tracking bugs for this issue: Affects: fedora-all [bug 1473624] This issue has been addressed in the following products: RHEV 3.X Hypervisor and Agents for RHEL-7 RHEV 4.X RHEV-H and Agents for RHEL-7 Via RHSA-2017:2628 https://access.redhat.com/errata/RHSA-2017:2628 This issue has been addressed in the following products: Red Hat OpenStack Platform 8.0 (Liberty) Via RHSA-2017:3471 https://access.redhat.com/errata/RHSA-2017:3471 This issue has been addressed in the following products: Red Hat OpenStack Platform 9.0 (Mitaka) Via RHSA-2017:3470 https://access.redhat.com/errata/RHSA-2017:3470 This issue has been addressed in the following products: Red Hat OpenStack Platform 11.0 (Ocata) Via RHSA-2017:3466 https://access.redhat.com/errata/RHSA-2017:3466 This issue has been addressed in the following products: Red Hat OpenStack Platform 10.0 (Newton) Via RHSA-2017:3474 https://access.redhat.com/errata/RHSA-2017:3474 This issue has been addressed in the following products: Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7 Via RHSA-2017:3472 https://access.redhat.com/errata/RHSA-2017:3472 This issue has been addressed in the following products: Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7 Via RHSA-2017:3473 https://access.redhat.com/errata/RHSA-2017:3473 |