Debian Bug report logs -
#469649
qemu: CVE-2008-0928 privilege escalation
Reported by: Nico Golde <nion@debian.org>
Date: Thu, 6 Mar 2008 11:18:04 UTC
Severity: important
Tags: pending, security
Found in version qemu/0.9.1-1
Fixed in version 0.9.1+svn20081207-1
Done: Aurelien Jarno <aurel32@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>:
Bug#469649; Package qemu.
(full text, mbox, link).
Acknowledgement sent to Nico Golde <nion@debian.org>:
New Bug report received and forwarded. Copy sent to Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Package: qemu
Severity: important
Tags: security patch
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for qemu.
CVE-2008-0928[0]:
| Qemu 0.9.1 and earlier does not perform range checks for block device
| read or write requests, which allows guest host users with root
| privileges to access arbitrary memory and escape the virtual machine.
A patch is on:
https://bugzilla.redhat.com/attachment.cgi?id=296005
If you fix this vulnerability please also include the CVE id
in your changelog entry.
For further information:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0928
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
[Message part 2 (application/pgp-signature, inline)]
Information forwarded to debian-bugs-dist@lists.debian.org, Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>:
Bug#469649; Package qemu.
(full text, mbox, link).
Acknowledgement sent to Aurelien Jarno <aurel32@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>.
(full text, mbox, link).
Message #10 received at 469649@bugs.debian.org (full text, mbox, reply):
# Automatically generated email from bts, devscripts version 2.10.18.1
#
# qemu (0.9.1-2) unstable; urgency=low
#
# * debian/patches/80_ui_curses.patch: pull new patch from upstream CVS
# (Closes: #442274).
# * debian/patches/42_arm_tls.patch: reenable, mistakenly disabled in the
# previous upload. (Closes: #469743).
# * debian/patches/91_security.patch: fix CVE-2008-0928 privilege
# escalation. (Closes: #469649).
# * debian/rules: fix parallel building. (Closes: #469981).
package qemu
tags 469649 + pending
tags 469743 + pending
tags 442274 + pending
tags 469981 + pending
Information forwarded to debian-bugs-dist@lists.debian.org, Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>:
Bug#469649; Package qemu.
(full text, mbox, link).
Acknowledgement sent to Aurelien Jarno <aurel32@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>.
(full text, mbox, link).
Message #15 received at 469649@bugs.debian.org (full text, mbox, reply):
# Automatically generated email from bts, devscripts version 2.10.18.1
#
# qemu (0.9.1-2) unstable; urgency=low
#
# * debian/patches/80_ui_curses.patch: pull new patch from upstream CVS
# (Closes: #442274).
# * debian/patches/42_arm_tls.patch: reenable, mistakenly disabled in the
# previous upload. (Closes: #469743).
# * debian/patches/91_security.patch: fix CVE-2008-0928 privilege
# escalation. (Closes: #469649).
#
package qemu
tags 469649 + pending
tags 469743 + pending
tags 442274 + pending
Tags added: pending
Request was from Aurelien Jarno <aurel32@debian.org>
to control@bugs.debian.org.
(Tue, 11 Mar 2008 17:40:25 GMT) (full text, mbox, link).
Tags added: pending
Request was from Aurelien Jarno <aurel32@debian.org>
to control@bugs.debian.org.
(Tue, 11 Mar 2008 17:40:35 GMT) (full text, mbox, link).
Information forwarded to debian-bugs-dist@lists.debian.org, Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>:
Bug#469649; Package qemu.
(full text, mbox, link).
Acknowledgement sent to Aurelien Jarno <aurel32@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>.
(full text, mbox, link).
Message #24 received at 469649@bugs.debian.org (full text, mbox, reply):
# Automatically generated email from bts, devscripts version 2.10.18.1
#
# qemu (0.9.1-2) unstable; urgency=low
#
# * debian/patches/80_ui_curses.patch: pull new patch from upstream CVS
# (Closes: #442274).
# * debian/patches/65_kfreebsd.patch: link with -lfreebsd. (Closes:
# #465932).
# * debian/patches/42_arm_tls.patch: reenable, mistakenly disabled in the
# previous upload. (Closes: #469743).
# * debian/patches/91_security.patch: fix CVE-2008-0928 privilege
# escalation. (Closes: #469649).
# * debian/rules: fix parallel building. (Closes: #469981).
package qemu
tags 469649 + pending
tags 469743 + pending
tags 442274 + pending
tags 465932 + pending
tags 469981 + pending
Tags added: pending
Request was from Aurelien Jarno <aurel32@debian.org>
to control@bugs.debian.org.
(Tue, 11 Mar 2008 17:40:55 GMT) (full text, mbox, link).
Information forwarded to debian-bugs-dist@lists.debian.org, Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>:
Bug#469649; Package qemu.
(full text, mbox, link).
Acknowledgement sent to Jan Lübbe <jluebbe@lasnet.de>:
Extra info received and forwarded to list. Copy sent to Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>.
(full text, mbox, link).
Message #31 received at 469649@bugs.debian.org (full text, mbox, reply):
I'm the maintainer for kvm in debian. The patch for this bug also
applies to kvm and i've released kvm-63 with it.
The current patch brakes support for qcow images as described in
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=470664
I've just tested the current svn version of qemu (0.9.1-2) which also
has the same problem. So you probably don't want to use the patch in the
current form.
--
Jan Lübbe <jluebbe@lasnet.de> http://sicherheitsschwankung.de
gpg-key 1024D/D8480F2E 2002-03-20
fingerprint 1B25 F91F 9E7B 5D4F 1282 02D6 8A83 8BE4 D848 0F2E
Information forwarded to debian-bugs-dist@lists.debian.org, Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>:
Bug#469649; Package qemu.
(full text, mbox, link).
Acknowledgement sent to Jan Lübbe <jluebbe@lasnet.de>:
Extra info received and forwarded to list. Copy sent to Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>.
(full text, mbox, link).
Information forwarded to debian-bugs-dist@lists.debian.org, Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>:
Bug#469649; Package qemu.
(full text, mbox, link).
Acknowledgement sent to Aurelien Jarno <aurelien@aurel32.net>:
Extra info received and forwarded to list. Copy sent to Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>.
(full text, mbox, link).
Message #41 received at 469649@bugs.debian.org (full text, mbox, reply):
Jan Lübbe a écrit :
> I'm the maintainer for kvm in debian. The patch for this bug also
> applies to kvm and i've released kvm-63 with it.
>
> The current patch brakes support for qcow images as described in
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=470664
>
> I've just tested the current svn version of qemu (0.9.1-2) which also
> has the same problem. So you probably don't want to use the patch in the
> current form.
Thanks for the info, I have disabled the patch in the SVN.
--
.''`. Aurelien Jarno | GPG: 1024D/F1BCDB73
: :' : Debian developer | Electrical Engineer
`. `' aurel32@debian.org | aurelien@aurel32.net
`- people.debian.org/~aurel32 | www.aurel32.net
Tags removed: pending
Request was from Aurelien Jarno <aurel32@debian.org>
to control@bugs.debian.org.
(Thu, 13 Mar 2008 10:12:04 GMT) (full text, mbox, link).
Tags removed: patch
Request was from Aurelien Jarno <aurel32@debian.org>
to control@bugs.debian.org.
(Sun, 16 Mar 2008 17:45:03 GMT) (full text, mbox, link).
Information forwarded to debian-bugs-dist@lists.debian.org, Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>:
Bug#469649; Package qemu.
(full text, mbox, link).
Acknowledgement sent to Steffen Joeris <steffen.joeris@skolelinux.de>:
Extra info received and forwarded to list. Copy sent to Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>.
(full text, mbox, link).
Message #50 received at 469649@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Hi
I was just wondering, if there is a sane patch for qemu available?
It would be great to get qemu fixed in testing.
Cheers
Steffen
[signature.asc (application/pgp-signature, inline)]
Information forwarded to debian-bugs-dist@lists.debian.org, Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>:
Bug#469649; Package qemu.
(full text, mbox, link).
Acknowledgement sent to Aurelien Jarno <aurelien@aurel32.net>:
Extra info received and forwarded to list. Copy sent to Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>.
(full text, mbox, link).
Message #55 received at 469649@bugs.debian.org (full text, mbox, reply):
Steffen Joeris a écrit :
> Hi
>
> I was just wondering, if there is a sane patch for qemu available?
> It would be great to get qemu fixed in testing.
Unfortunately I am not aware of a patch fixing the vulnerability, and
which doesn't break qcow format support.
OTOH this CVE mostly concerns Xen where the modified version of QEMU
runs as root.
--
.''`. Aurelien Jarno | GPG: 1024D/F1BCDB73
: :' : Debian developer | Electrical Engineer
`. `' aurel32@debian.org | aurelien@aurel32.net
`- people.debian.org/~aurel32 | www.aurel32.net
Tags added: pending
Request was from Aurelien Jarno <aurel32@alioth.debian.org>
to control@bugs.debian.org.
(Sun, 07 Dec 2008 19:06:15 GMT) (full text, mbox, link).
Reply sent
to Aurelien Jarno <aurel32@debian.org>:
You have taken responsibility.
(Sun, 07 Dec 2008 19:51:09 GMT) (full text, mbox, link).
Notification sent
to Nico Golde <nion@debian.org>:
Bug acknowledged by developer.
(Sun, 07 Dec 2008 19:51:09 GMT) (full text, mbox, link).
Message #62 received at 469649-close@bugs.debian.org (full text, mbox, reply):
Source: qemu
Source-Version: 0.9.1+svn20081207-1
We believe that the bug you reported is fixed in the latest version of
qemu, which is due to be installed in the Debian FTP archive:
libqemu-dev_0.9.1+svn20081207-1_amd64.deb
to pool/main/q/qemu/libqemu-dev_0.9.1+svn20081207-1_amd64.deb
qemu_0.9.1+svn20081207-1.diff.gz
to pool/main/q/qemu/qemu_0.9.1+svn20081207-1.diff.gz
qemu_0.9.1+svn20081207-1.dsc
to pool/main/q/qemu/qemu_0.9.1+svn20081207-1.dsc
qemu_0.9.1+svn20081207-1_amd64.deb
to pool/main/q/qemu/qemu_0.9.1+svn20081207-1_amd64.deb
qemu_0.9.1+svn20081207.orig.tar.gz
to pool/main/q/qemu/qemu_0.9.1+svn20081207.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 469649@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Aurelien Jarno <aurel32@debian.org> (supplier of updated qemu package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sun, 07 Dec 2008 19:40:09 +0100
Source: qemu
Binary: qemu libqemu-dev
Architecture: source amd64
Version: 0.9.1+svn20081207-1
Distribution: experimental
Urgency: low
Maintainer: Aurelien Jarno <aurel32@debian.org>
Changed-By: Aurelien Jarno <aurel32@debian.org>
Description:
libqemu-dev - static libraries and headers for QEMU
qemu - fast processor emulator
Closes: 422578 440425 463066 469649
Changes:
qemu (0.9.1+svn20081207-1) experimental; urgency=low
.
[ Aurelien Jarno ]
* New upstream snapshot.
- Do not depend on gcc-3.4 anymore (Closes: bug#440425, bug#463066).
- Fix broken display introduced by CVE-2007-1320 (Closes: bug#422578).
* debian/control: remove build-dependency on gcc-3.4.
* debian/rules: remove code for dyngen targets.
* Split 90_security.patch into
- security/CVE-2007-5730.patch
- security/leftover.patch
* Replace 91_security.patch by security/CVE-2008-0928-fedora.patch taken
from fedora repository and enable it (Closes: #469649).
.
[ Riku Voipio ]
* 2 patches gone, 19 to go:
- 10_signal_jobs.patch: drop, merged upstream
- 11_signal_sigaction.patch: drop, merged upstream
- series: update
Checksums-Sha1:
ac5005dc865be156bf0251368dba5ab24cf8a162 1806 qemu_0.9.1+svn20081207-1.dsc
56ee7009fbe02c57fe655c9d2d2158b007054fa8 2979009 qemu_0.9.1+svn20081207.orig.tar.gz
206b328d27243ed6441930178515794a45a18aa0 35743 qemu_0.9.1+svn20081207-1.diff.gz
ce5b916032b39564937dfde739fe350365f47659 14791020 qemu_0.9.1+svn20081207-1_amd64.deb
524e65ed754c76b134ab300fe6553ce5a1cf75fa 4527538 libqemu-dev_0.9.1+svn20081207-1_amd64.deb
Checksums-Sha256:
d548c18bf354e31b84e63197cd1a9fc66493b4086da03cb155f5d66f20783945 1806 qemu_0.9.1+svn20081207-1.dsc
a04e7c71f9c17e93f4a730b86a6a8d50180200da75347879d6504bfbdbd10d47 2979009 qemu_0.9.1+svn20081207.orig.tar.gz
f61925d34503136bfcba21de10364c328538f0529d2e070680d773ec0c8c74b9 35743 qemu_0.9.1+svn20081207-1.diff.gz
c1c48ffe6435b23607871ec657175221a288c3b3ea0876705b24d5d264fe2782 14791020 qemu_0.9.1+svn20081207-1_amd64.deb
f72e258c108af08f9d2d81333f46bcf5f10925ae80fa1a9fa9a96cef0a2e73f8 4527538 libqemu-dev_0.9.1+svn20081207-1_amd64.deb
Files:
0f1c1e00bf495b26a6812214e6b53382 1806 misc optional qemu_0.9.1+svn20081207-1.dsc
dfff3d2aaeb094682ef3d7a049b4ee5d 2979009 misc optional qemu_0.9.1+svn20081207.orig.tar.gz
c09ae6e984ec4c2b9af95bbfc81fe3eb 35743 misc optional qemu_0.9.1+svn20081207-1.diff.gz
2f9dd0539817087e54f4c0f03a370941 14791020 misc optional qemu_0.9.1+svn20081207-1_amd64.deb
5f36774387e08c9ffa7488ca298d967f 4527538 libdevel optional libqemu-dev_0.9.1+svn20081207-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFJPCOAw3ao2vG823MRAuoIAJ9lkm4uJRjlMYoqMDUSGc57YiB8fQCfQvq7
0bBsc3U1s7+iqLwg/dwsFAQ=
=nXie
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Mon, 05 Jan 2009 07:26:20 GMT) (full text, mbox, link).
Bug unarchived.
Request was from Aurelien Jarno <aurel32@debian.org>
to control@bugs.debian.org.
(Sat, 02 May 2009 13:57:03 GMT) (full text, mbox, link).
Bug marked as found in version 0.9.1-1.
Request was from Aurelien Jarno <aurel32@debian.org>
to control@bugs.debian.org.
(Sat, 02 May 2009 13:57:05 GMT) (full text, mbox, link).
Tags added: pending
Request was from Aurelien Jarno <aurel32@alioth.debian.org>
to control@bugs.debian.org.
(Sun, 03 May 2009 13:36:04 GMT) (full text, mbox, link).
Tags added: pending
Request was from Aurelien Jarno <aurel32@alioth.debian.org>
to control@bugs.debian.org.
(Sun, 03 May 2009 16:12:06 GMT) (full text, mbox, link).
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Mon, 01 Jun 2009 07:29:40 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 18:35:23 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon