Quick Emulator(Qemu) built with the Network Block Device(NBD) Server support is vulnerable to a crash via assertion failure. It could occur if a client sent undue data during initial connection negotiation. A remote user/process could use this flaw to crash the qemu-nbd server resulting in DoS. Upstream patch: --------------- -> http://git.qemu.org/?p=qemu.git;a=commitdiff;h=2b0bbc4f8809c972bad134bc1a2570dbb01dea0b Introduced by: -------------- -> http://git.qemu.org/?p=qemu.git;a=commitdiff;h=ff82911cd3f69f028f2537825c9720ff78bc3f19 Reference: ---------- -> http://www.openwall.com/lists/oss-security/2017/07/21/4
Created xen tracking bugs for this issue: Affects: fedora-all [bug 1473625]
Created qemu tracking bugs for this issue: Affects: fedora-all [bug 1473624]
This issue has been addressed in the following products: RHEV 3.X Hypervisor and Agents for RHEL-7 RHEV 4.X RHEV-H and Agents for RHEL-7 Via RHSA-2017:2628 https://access.redhat.com/errata/RHSA-2017:2628
This issue has been addressed in the following products: Red Hat OpenStack Platform 8.0 (Liberty) Via RHSA-2017:3471 https://access.redhat.com/errata/RHSA-2017:3471
This issue has been addressed in the following products: Red Hat OpenStack Platform 9.0 (Mitaka) Via RHSA-2017:3470 https://access.redhat.com/errata/RHSA-2017:3470
This issue has been addressed in the following products: Red Hat OpenStack Platform 11.0 (Ocata) Via RHSA-2017:3466 https://access.redhat.com/errata/RHSA-2017:3466
This issue has been addressed in the following products: Red Hat OpenStack Platform 10.0 (Newton) Via RHSA-2017:3474 https://access.redhat.com/errata/RHSA-2017:3474
This issue has been addressed in the following products: Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7 Via RHSA-2017:3472 https://access.redhat.com/errata/RHSA-2017:3472
This issue has been addressed in the following products: Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7 Via RHSA-2017:3473 https://access.redhat.com/errata/RHSA-2017:3473