Re: qemu: CVE-2016-7116

To: Bálint Réczey <balint@balintreczey.hu>
Cc: Debian LTS <debian-lts@lists.debian.org>
Subject: Re: qemu: CVE-2016-7116
From: Hugo Lefeuvre <hle@debian.org>
Date: Tue, 6 Sep 2016 21:46:22 +0200
Message-id: <[🔎] 20160906194621.v2zwjz6ol75qszlp@hle.local>
In-reply-to: <[🔎] CAK0Odpxq8r8yV+YySqDBzs=JgDYdHecHPO-1Fp7uALrFZ3+cKA@mail.gmail.com>
References: <[🔎] 20160902101216.ehmavdmk747yyvih@hle.local> <[🔎] 20160903155500.pdf6v7xwrgvpzaf2@bogon.m.sigxcpu.org> <[🔎] 20160904112556.oocrabkpcwhbjnr3@hle.local> <[🔎] CAK0Odpxq8r8yV+YySqDBzs=JgDYdHecHPO-1Fp7uALrFZ3+cKA@mail.gmail.com>

Hi Balint,

> I took the liberty of claiming qemu-kvm for you in dla-needed.txt.

Thanks !

> There are also new issues reported today for qemu.

I've had a quick look at them, but I'd like to fix CVE-2016-7116 firstly.

In fact, reproducing this issue turned out to be a bit more difficult than
what I expected because I have difficulties to set up a test environment
in my VM (qemu VM with host directory sharing via 9pfs). I've encountered
a bug (exact same situation as here[0]), and I have performances issues
because of inefficient VM interlocking. I'm currently setting up a physical
wheezy system to get rid of the first virtualization level.

Cheers,
 Hugo

[0] https://www.mail-archive.com/kvm@vger.kernel.org/msg30993.html

-- 
             Hugo Lefeuvre (hle)    |    www.owl.eu.com
4096/ ACB7 B67F 197F 9B32 1533 431C AC90 AC3E C524 065E

Attachment: signature.asc
Description: PGP signature

Reply to:

References:
- qemu: CVE-2016-7116
  - From: Hugo Lefeuvre <hle@debian.org>
- Re: qemu: CVE-2016-7116
  - From: Guido Günther <agx@sigxcpu.org>
- Re: qemu: CVE-2016-7116
  - From: Hugo Lefeuvre <hle@debian.org>
- Re: qemu: CVE-2016-7116
  - From: Bálint Réczey <balint@balintreczey.hu>

Prev by Date: Re: qemu: CVE-2016-7116
Next by Date: Re: squeeze update of curl?
Previous by thread: Re: qemu: CVE-2016-7116
Next by thread: Wheezy update of jsch?
Index(es):
- Date
- Thread