CVE-2017-7539 (retired)

Priority
Description
An assertion-failure flaw was found in Qemu before 2.10.1, in the Network
Block Device (NBD) server's initial connection negotiation, where the I/O
coroutine was undefined. This could crash the qemu-nbd server if a client
sent unexpected data during connection negotiation. A remote user or
process could use this flaw to crash the qemu-nbd server resulting in
denial of service.
Notes
 sarnold> Debian triage suggests it was introduced in v2.9.0-rc0
Package
Source: qemu (LP Ubuntu Debian)
Upstream:needed
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):not-affected
Ubuntu 16.04 LTS (Xenial Xerus):not-affected
Patches:
Upstream:http://git.qemu.org/?p=qemu.git;a=commitdiff;h=2b0bbc4f8809c972bad134bc1a2570dbb01dea0b
Package
Upstream:needed
Ubuntu 12.04 ESM (Precise Pangolin):not-affected
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Patches:
Upstream:http://git.qemu.org/?p=qemu.git;a=commitdiff;h=2b0bbc4f8809c972bad134bc1a2570dbb01dea0b
More Information

Updated: 2019-03-26 12:26:22 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)