multiple security flaws in migration stream processing

Debian Bug report logs - #739589
multiple security flaws in migration stream processing

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Moritz Muehlenhoff <jmm@inutil.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: qemu: Multiple security issues

Date: Thu, 20 Feb 2014 09:24:53 +0100

Package: qemu
Severity: grave
Tags: security

Hi,
multiple security issues were reported in qemu/KVM:

CVE-2013-4148
http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00395.html

CVE-2013-4149
http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00396.html

CVE-2013-4150
http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00397.html

CVE-2013-4151
http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00425.html

CVE-2013-4526
http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00398.html

CVE-2013-4527
http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00399.html

CVE-2013-4529
http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00400.html

CVE-2013-4530
http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00401.html

CVE-2013-4531
http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00402.html

CVE-2013-4532
http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00403.html
http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00414.html
http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00404.html

CVE-2013-4533
http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00407.html

CVE-2013-4534
http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00406.html

CVE-2013-4535
http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00408.html

CVE-2013-4536
http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00408.html

CVE-2013-4537
http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00409.html

CVE-2013-4538
http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00410.html

CVE-2013-4539
http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00411.html

CVE-2013-4540
http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00412.html

CVE-2013-4541
http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00413.html

CVE-2013-4542
http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00416.html

CVE-2013-6399
http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00405.html

Cheers,
        Moritz

Message #10 received at 739589@bugs.debian.org (full text, mbox, reply):

From: Michael Tokarev <mjt@tls.msk.ru>

To: Moritz Muehlenhoff <jmm@inutil.org>, 739589@bugs.debian.org

Subject: Re: Bug#739589: qemu: Multiple security issues

Date: Thu, 20 Feb 2014 12:55:31 +0400

20.02.2014 12:24, Moritz Muehlenhoff wrote:
> Package: qemu
> Severity: grave
> Tags: security
> 
> Hi,
> multiple security issues were reported in qemu/KVM:
[...]

These are all about the same thing, with references to 23 patches
from the same thread starting there:

 http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00394.html

It is about state loading issues, which is about migration between
two (hopefully) qemu instances or guest save/load functionality.
The first message in the series explains conditions when this can
happen.

In particular, this conclusion:

 Considering the preconditions, I think that the impact on typical
 qemu usage is low.  Still, I think these patches make sense for
 qemu-stable.

So it has even been questioned whenever those fixes are good for
the next qemu stable release or not.

But now I'm not really sure what to do with this bugreport.  It
is a good amount of work, especially to backport those to wheezy
(since code changed significantly since that), with quite low
outcome (because the whole thing does not seem very important,
even for qemu developers - note that this patchset hasn't been
applied still, which might be due to another issue in qemu
community).

So.. oh well.  I'd really love to not backport all this shit to
wheezy... ;)

Thanks,

/mjt

Message #15 received at 739589@bugs.debian.org (full text, mbox, reply):

From: Moritz Muehlenhoff <jmm@inutil.org>

To: Michael Tokarev <mjt@tls.msk.ru>

Cc: 739589@bugs.debian.org

Subject: Re: Bug#739589: qemu: Multiple security issues

Date: Thu, 20 Feb 2014 10:09:13 +0100

Hi Michael,

On Thu, Feb 20, 2014 at 12:55:31PM +0400, Michael Tokarev wrote:
> > Hi,
> > multiple security issues were reported in qemu/KVM:
> [...]
> 
> These are all about the same thing, with references to 23 patches
> from the same thread starting there:
> 
>  http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00394.html
> 
> It is about state loading issues, which is about migration between
> two (hopefully) qemu instances or guest save/load functionality.
> The first message in the series explains conditions when this can
> happen.

I had missed the initial mail from the thread, that explains it well
enough. I agree that the attack scenario during migration between
nodes is negligable and a non-issue.

But I don't understand what is meant by the second part:

| * Saving/Loading state to/from file.
| For example:
| https://bugzilla.redhat.com/show_bug.cgi?id=588133#c8
| https://bugzilla.redhat.com/show_bug.cgi?id=588133#c9

The RH bugs are restricted and I don't understand what is meant with
"saving/loading state to/from file". Is this about snapshots or
malformed images? Do you have an idea?

> So.. oh well.  I'd really love to not backport all this shit to
> wheezy... ;)

If "Saving/Loading state to/from file" is negligable as well, 
I would mark it as a non-issue in the tracker.

> But now I'm not really sure what to do with this bugreport.  It
> is a good amount of work, especially to backport those to wheezy
> (since code changed significantly since that), with quite low
> outcome (because the whole thing does not seem very important,
> even for qemu developers - note that this patchset hasn't been
> applied still, which might be due to another issue in qemu
> community).

Feel free to downgrade to non-RC severity until the patches
are merged in 1.8.

Cheers,
        Moritz

Message #20 received at 739589@bugs.debian.org (full text, mbox, reply):

From: Michael Tokarev <mjt@tls.msk.ru>

To: Moritz Muehlenhoff <jmm@inutil.org>

Cc: 739589@bugs.debian.org

Subject: Re: Bug#739589: qemu: Multiple security issues

Date: Thu, 20 Feb 2014 14:02:03 +0400

20.02.2014 13:09, Moritz Muehlenhoff wrote:
> Hi Michael,
> 
> On Thu, Feb 20, 2014 at 12:55:31PM +0400, Michael Tokarev wrote:
>>> Hi,
>>> multiple security issues were reported in qemu/KVM:
>> [...]
>>
>> These are all about the same thing, with references to 23 patches
>> from the same thread starting there:
>>
>>  http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00394.html
>>
>> It is about state loading issues, which is about migration between
>> two (hopefully) qemu instances or guest save/load functionality.
>> The first message in the series explains conditions when this can
>> happen.
> 
> I had missed the initial mail from the thread, that explains it well
> enough. I agree that the attack scenario during migration between
> nodes is negligable and a non-issue.

It isn't exactly a non-issue really, or else it'd not be necessary to
assign (multiple) CVE IDs.  Even with migration scenario there are
possibilities to exploit these by using one of these vulnerabilities
together with some other vulnerability (and this is mentioned in
the first email in that thread).  Impact is quite low still.

> But I don't understand what is meant by the second part:
> 
> | * Saving/Loading state to/from file.
> | For example:
> | https://bugzilla.redhat.com/show_bug.cgi?id=588133#c8
> | https://bugzilla.redhat.com/show_bug.cgi?id=588133#c9
> 
> The RH bugs are restricted and I don't understand what is meant with
> "saving/loading state to/from file". Is this about snapshots or
> malformed images? Do you have an idea?

It is like snapshots, yes.  One can save a guest memory image into
a file and load it later.  It is pretty much like migration (and
implemented using the same mechanism), but with a delay between
saving and loading.

One of the bugs mentioned above is about giving developer such a
saved file from local qemu asking for help in diagnosing an apparent
bug, and that image will try to exploit developer's qemu by using
one of these flaws.  Something like that anyway -- see
http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00612.html

Another possible scenario is someone distributing virtual machines
for end-users, trying to exploit their qemu.

Unlike for, say, gif images or word documents or whatever, qemu
guest image _may_ come in one of 2 forms: it is just the drive
image (content of virtual hard drive), which you run and it boots
from the beginning as your regular PC will do.  Or this drive
image coupled with memory image, so when you run it, your system
is in some non-initial runtime state.  It is definitely unusual
to distribute something in the second form, together with the
memory state.

So I can imagine someone selling pre-loaded virtual machines
(doing it this way, together with memory state, is rare but can
have its reasons too, say, for a system which require significant
boot time).  Or, for example, your qemu/kvm hosting provider can
have a function to transfer whole your virtual machine (together
with the memory state) to you - either in terms of files like
that, or using online migration.

When you perform save/load locally in your usual environment where
you run qemu, you don't let stranger to modify the memory state
files created by qemu.  So locally this is not exploitable (unless
you use already hacked/modified qemu to create the images in the
first place, but that's obviously not very interesting case).

>> So.. oh well.  I'd really love to not backport all this shit to
>> wheezy... ;)
> 
> If "Saving/Loading state to/from file" is negligable as well, 
> I would mark it as a non-issue in the tracker.

Both ways to "use" one of these vulns are real, but both are quite
difficult to use, hence the probably-low-impact.

Basically we've two possible ways to use these vulns.

First is to "spread" a break-in to other machines by, after breaking
into one machine (using some other way) and hacking qemu on it, it
becomes possible to break into qemu on the receiving-migration machine.

And second is when someone gives whole guest image (together with the
memory state) to you, tricking you to run it one way or another.

That's what issues are all about.  Not very serious, but not a non-issue
either.

>> But now I'm not really sure what to do with this bugreport.  It
>> is a good amount of work, especially to backport those to wheezy
>> (since code changed significantly since that), with quite low
>> outcome (because the whole thing does not seem very important,
>> even for qemu developers - note that this patchset hasn't been
>> applied still, which might be due to another issue in qemu
>> community).
> 
> Feel free to downgrade to non-RC severity until the patches
> are merged in 1.8.

Note that, while many people has been involved in code audit and
patching, the series received quite good criticism from Peter
Maydell who offerent alternative ways to fix some of the issues
or questioned validity of the proposed fixes, with not much
discussion following.

I'll ping this thread again - it's not nice when such a large
and good work is being thrown away.

BTW, next version of qemu will most likely be 2.0.  Without any
good reason for that :)

Thanks,

/mjt

Message #25 received at 739589@bugs.debian.org (full text, mbox, reply):

From: Moritz Muehlenhoff <jmm@inutil.org>

To: Michael Tokarev <mjt@tls.msk.ru>

Cc: 739589@bugs.debian.org

Subject: Re: Bug#739589: qemu: Multiple security issues

Date: Thu, 20 Feb 2014 14:43:56 +0100

On Thu, Feb 20, 2014 at 02:02:03PM +0400, Michael Tokarev wrote:
> > But I don't understand what is meant by the second part:
> > 
> > | * Saving/Loading state to/from file.
> > | For example:
> > | https://bugzilla.redhat.com/show_bug.cgi?id=588133#c8
> > | https://bugzilla.redhat.com/show_bug.cgi?id=588133#c9
> > 
> > The RH bugs are restricted and I don't understand what is meant with
> > "saving/loading state to/from file". Is this about snapshots or
> > malformed images? Do you have an idea?
> 
> It is like snapshots, yes.  One can save a guest memory image into
> a file and load it later.  It is pretty much like migration (and
> implemented using the same mechanism), but with a delay between
> saving and loading.
> 
> One of the bugs mentioned above is about giving developer such a
> saved file from local qemu asking for help in diagnosing an apparent
> bug, and that image will try to exploit developer's qemu by using
> one of these flaws.  Something like that anyway -- see
> http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00612.html
> 
> Another possible scenario is someone distributing virtual machines
> for end-users, trying to exploit their qemu.
> 
> Unlike for, say, gif images or word documents or whatever, qemu
> guest image _may_ come in one of 2 forms: it is just the drive
> image (content of virtual hard drive), which you run and it boots
> from the beginning as your regular PC will do.  Or this drive
> image coupled with memory image, so when you run it, your system
> is in some non-initial runtime state.  It is definitely unusual
> to distribute something in the second form, together with the
> memory state.
> 
> So I can imagine someone selling pre-loaded virtual machines
> (doing it this way, together with memory state, is rare but can
> have its reasons too, say, for a system which require significant
> boot time).  Or, for example, your qemu/kvm hosting provider can
> have a function to transfer whole your virtual machine (together
> with the memory state) to you - either in terms of files like
> that, or using online migration.
> 
> When you perform save/load locally in your usual environment where
> you run qemu, you don't let stranger to modify the memory state
> files created by qemu.  So locally this is not exploitable (unless
> you use already hacked/modified qemu to create the images in the
> first place, but that's obviously not very interesting case).
>
> >> So.. oh well.  I'd really love to not backport all this shit to
> >> wheezy... ;)
> > 
> > If "Saving/Loading state to/from file" is negligable as well, 
> > I would mark it as a non-issue in the tracker.
> 
> Both ways to "use" one of these vulns are real, but both are quite
> difficult to use, hence the probably-low-impact.
> 
> Basically we've two possible ways to use these vulns.
> 
> First is to "spread" a break-in to other machines by, after breaking
> into one machine (using some other way) and hacking qemu on it, it
> becomes possible to break into qemu on the receiving-migration machine.
> 
> And second is when someone gives whole guest image (together with the
> memory state) to you, tricking you to run it one way or another.
> 
> That's what issues are all about.  Not very serious, but not a non-issue
> either.

Thanks for the verbose explanation. Since both attacks as rather far-fetched,
I'll mark these as <no-dsa> in the security tracker. So we don't need a
Wheezy backport through security.debian.org

Cheers,
        Moritz

Message #36 received at 739589-close@bugs.debian.org (full text, mbox, reply):

From: Michael Tokarev <mjt@tls.msk.ru>

To: 739589-close@bugs.debian.org

Subject: Bug#739589: fixed in qemu 2.0.0~rc1+dfsg-1exp

Date: Sat, 05 Apr 2014 16:20:02 +0000

Source: qemu
Source-Version: 2.0.0~rc1+dfsg-1exp

We believe that the bug you reported is fixed in the latest version of
qemu, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 739589@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Tokarev <mjt@tls.msk.ru> (supplier of updated qemu package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sat, 05 Apr 2014 16:23:48 +0400
Source: qemu
Binary: qemu qemu-keymaps qemu-system qemu-system-common qemu-system-misc qemu-system-arm qemu-system-mips qemu-system-ppc qemu-system-sparc qemu-system-x86 qemu-user qemu-user-static qemu-utils qemu-guest-agent qemu-kvm
Architecture: source amd64 all
Version: 2.0.0~rc1+dfsg-1exp
Distribution: experimental
Urgency: low
Maintainer: Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>
Changed-By: Michael Tokarev <mjt@tls.msk.ru>
Description: 
 qemu       - fast processor emulator
 qemu-guest-agent - Guest-side qemu-system agent
 qemu-keymaps - QEMU keyboard maps
 qemu-kvm   - QEMU Full virtualization on x86 hardware (transitional package)
 qemu-system - QEMU full system emulation binaries
 qemu-system-arm - QEMU full system emulation binaries (arm)
 qemu-system-common - QEMU full system emulation binaries (common files)
 qemu-system-mips - QEMU full system emulation binaries (mips)
 qemu-system-misc - QEMU full system emulation binaries (miscelaneous)
 qemu-system-ppc - QEMU full system emulation binaries (ppc)
 qemu-system-sparc - QEMU full system emulation binaries (sparc)
 qemu-system-x86 - QEMU full system emulation binaries (x86)
 qemu-user  - QEMU user mode emulation binaries
 qemu-user-static - QEMU user mode emulation binaries (static version)
 qemu-utils - QEMU utilities
Closes: 714249 739589 742730 743235
Changes: 
 qemu (2.0.0~rc1+dfsg-1exp) experimental; urgency=low
 .
   * new upstream release candidate (2.0-rc1)
     Closes: #742730 -- image format processing issues
     Closes: #739589 -- migration format processing issues
     Closes: #743235
   * refreshed patches:
     02_kfreebsd.patch
     retry-pxe-after-efi.patch
     use-fixed-data-path.patch
   * removed patches applied upstream:
     qemu-1.7.1.diff
     address_space_translate-do-not-cross-page-boundaries.diff
     fix-smb-security-share.patch
     slirp-smb-redirect-port-445-too.patch
     implement-posix-timers.diff
     linux-user-fixed-s390x-clone-argument-order.patch
   * added bios-256k.bin symlink and bump seabios dependency to >= 1.7.4-2
   * recommend ovmf package for qemu-system-x86 to support UEFI boot
     (Closes: #714249)
   * switch from sdl1 to sdl2 (build-depend on libsdl2-dev)
   * output last 50 lines of config.log in case configure failed
Checksums-Sha1: 
 a4c5f268746fbf04286ac827a6710453fdd25ba5 3161 qemu_2.0.0~rc1+dfsg-1exp.dsc
 9a3f4a3a3793a07e599030662aad806e31fb8772 5017888 qemu_2.0.0~rc1+dfsg.orig.tar.xz
 dd4f20d050add89f84e94edbc0ad51982aedaac4 52496 qemu_2.0.0~rc1+dfsg-1exp.debian.tar.xz
 21bd5e082967ea428d93107970d8976e43aded50 206824 qemu_2.0.0~rc1+dfsg-1exp_amd64.deb
 feec15d31cda059e68b558b583d5802a7b14668a 57038 qemu-keymaps_2.0.0~rc1+dfsg-1exp_all.deb
 aaf79c69a0bf0deeca8c2e369383f2c9b86ef28a 45412 qemu-system_2.0.0~rc1+dfsg-1exp_amd64.deb
 cc30c0a4c079fccb4b26099464e3daa23f742996 190568 qemu-system-common_2.0.0~rc1+dfsg-1exp_amd64.deb
 8d7f7517e76ea8cb9e35dcd3fbc05c754aa84e2b 5358306 qemu-system-misc_2.0.0~rc1+dfsg-1exp_amd64.deb
 33122c9920df2bc0ee3fb14527863835955cc441 2231980 qemu-system-arm_2.0.0~rc1+dfsg-1exp_amd64.deb
 a02be625f4ce7c2d90d0e34cec018d363ee1fdd0 2764778 qemu-system-mips_2.0.0~rc1+dfsg-1exp_amd64.deb
 32ab4f232dd6645d95159ab48d1fc63f1ac7f7ec 2792682 qemu-system-ppc_2.0.0~rc1+dfsg-1exp_amd64.deb
 c13bbb5cde84d916fa42c10bc07a4072ff36de82 1645154 qemu-system-sparc_2.0.0~rc1+dfsg-1exp_amd64.deb
 be9f91cdcebd33622a37ff61d2ad892dc88af584 1986470 qemu-system-x86_2.0.0~rc1+dfsg-1exp_amd64.deb
 f8b71ba537034897ae4d14ee91b7a0d486284402 5390042 qemu-user_2.0.0~rc1+dfsg-1exp_amd64.deb
 c766d516d99b47784fbfecb24f79d71b77192a0e 7996052 qemu-user-static_2.0.0~rc1+dfsg-1exp_amd64.deb
 bfd8b98b78769dfc9c3615d9f822fa812698b713 460432 qemu-utils_2.0.0~rc1+dfsg-1exp_amd64.deb
 dc1821a396b28fe6452e626127987332b460ee25 131386 qemu-guest-agent_2.0.0~rc1+dfsg-1exp_amd64.deb
 a61c28baf60a353afa11d8f094233615b243ce30 46400 qemu-kvm_2.0.0~rc1+dfsg-1exp_amd64.deb
Checksums-Sha256: 
 705e9aef4fe868c68655626243591ec9287bc6c01c41a43c8ce53b6288dddac2 3161 qemu_2.0.0~rc1+dfsg-1exp.dsc
 075a04ac8e5e59e7017fb1b3c64ccf161b42d5f4c868f72a60cdf86de7962ed2 5017888 qemu_2.0.0~rc1+dfsg.orig.tar.xz
 3da3626dfae07da5d43cd98f63d0d1cbb5d3fc3b6618cada8ba85d583acc3a8e 52496 qemu_2.0.0~rc1+dfsg-1exp.debian.tar.xz
 d1d4a7e02e2f39bccf89bcdfd7842b1446a0c3e1513b933dc731c83b122d0b84 206824 qemu_2.0.0~rc1+dfsg-1exp_amd64.deb
 62bdf1d3650200dc56ae206d12f622dee0e3bafff66591767901f8217f3c3be3 57038 qemu-keymaps_2.0.0~rc1+dfsg-1exp_all.deb
 cdd97beb74a6561aea359f121b4ff779cc8881eced91cea5119afcef3258508d 45412 qemu-system_2.0.0~rc1+dfsg-1exp_amd64.deb
 87ba0e43b69eb715695eb3ef753cb7fc23c2cad71ff3b56c6a7f69c9889f124f 190568 qemu-system-common_2.0.0~rc1+dfsg-1exp_amd64.deb
 b1a7438144eed83c70c5989479874dd3ba2d1d9dab06e4e41160be92f2d6defb 5358306 qemu-system-misc_2.0.0~rc1+dfsg-1exp_amd64.deb
 19df76cac4548e1d2cdb4bb22737dcd5fc15f0f9049f02dc89483384fd15cab8 2231980 qemu-system-arm_2.0.0~rc1+dfsg-1exp_amd64.deb
 5ef25bee236c80862fc6592981de32307f083dd51d158be293d46e31036000ea 2764778 qemu-system-mips_2.0.0~rc1+dfsg-1exp_amd64.deb
 750430fcfc508f3f5d6f9b963dfb71ae1cde7fbeca23ecdad34e1fa203edaae3 2792682 qemu-system-ppc_2.0.0~rc1+dfsg-1exp_amd64.deb
 ac7ca2981d35c9e988558071bf412d00f4805e51254cb5add4c9993c8ce4d58e 1645154 qemu-system-sparc_2.0.0~rc1+dfsg-1exp_amd64.deb
 29ba8e5956f8ddf8ee983edd16a0e88cfb34a11c7a05855e3088654a988265d3 1986470 qemu-system-x86_2.0.0~rc1+dfsg-1exp_amd64.deb
 9d2552bdc2d1953a78383ac73e66babedd960ca8128f38eff1ec0195b6cfe066 5390042 qemu-user_2.0.0~rc1+dfsg-1exp_amd64.deb
 ab0df57d09c28880afb2ce546925e6579d6ab3fb733b9ee45e469a9a62711bbd 7996052 qemu-user-static_2.0.0~rc1+dfsg-1exp_amd64.deb
 ce24224c83fb50b7b95edf3f05bad721e38088ad8095a2398eaa7d7b686fb878 460432 qemu-utils_2.0.0~rc1+dfsg-1exp_amd64.deb
 b63240c1738c25295cbef9519ce8e7aeaea793cbfc3b73c595bdaf96b3e4ff4b 131386 qemu-guest-agent_2.0.0~rc1+dfsg-1exp_amd64.deb
 b3fa776d5f89cf07206f1a3cc31d59dcc0f9d0d67eee1d2fbd4a70380ece2942 46400 qemu-kvm_2.0.0~rc1+dfsg-1exp_amd64.deb
Files: 
 82b03d028024fa112aecba10d4d8e4af 3161 otherosfs optional qemu_2.0.0~rc1+dfsg-1exp.dsc
 db336863e3c0e14c2aa46e697ff881a8 5017888 otherosfs optional qemu_2.0.0~rc1+dfsg.orig.tar.xz
 156b398e68c43050d1a02f516ae8c394 52496 otherosfs optional qemu_2.0.0~rc1+dfsg-1exp.debian.tar.xz
 a343c02e703bf1a79db7fc6bb94e7cf4 206824 otherosfs optional qemu_2.0.0~rc1+dfsg-1exp_amd64.deb
 1e11ba4f68159b9ceafaeb298c3b7839 57038 otherosfs optional qemu-keymaps_2.0.0~rc1+dfsg-1exp_all.deb
 1fe3e9f407a721604853fb52b4559759 45412 otherosfs optional qemu-system_2.0.0~rc1+dfsg-1exp_amd64.deb
 4226c1720694e7c45978799758e8f7d9 190568 otherosfs optional qemu-system-common_2.0.0~rc1+dfsg-1exp_amd64.deb
 0282ba93e41c5a10c2cc3399611b6d6b 5358306 otherosfs optional qemu-system-misc_2.0.0~rc1+dfsg-1exp_amd64.deb
 2bcc2f254374d35abf9b3bd991477b44 2231980 otherosfs optional qemu-system-arm_2.0.0~rc1+dfsg-1exp_amd64.deb
 b341783c0bc982a2f859dafd235c5125 2764778 otherosfs optional qemu-system-mips_2.0.0~rc1+dfsg-1exp_amd64.deb
 974c420d9b578a8cc896d1d10b370be9 2792682 otherosfs optional qemu-system-ppc_2.0.0~rc1+dfsg-1exp_amd64.deb
 5035399e67103eecc39d7a47f4684cc2 1645154 otherosfs optional qemu-system-sparc_2.0.0~rc1+dfsg-1exp_amd64.deb
 3f10749fe472450b09538ef847655da1 1986470 otherosfs optional qemu-system-x86_2.0.0~rc1+dfsg-1exp_amd64.deb
 1b445d86a286db9e49d563576f656e87 5390042 otherosfs optional qemu-user_2.0.0~rc1+dfsg-1exp_amd64.deb
 c2156101bec56dffb495c1f266231806 7996052 otherosfs optional qemu-user-static_2.0.0~rc1+dfsg-1exp_amd64.deb
 6d361c9f0eb087be580a74b0022ee4a6 460432 otherosfs optional qemu-utils_2.0.0~rc1+dfsg-1exp_amd64.deb
 2c3c9dea19daf07f18b5ce2395ea577a 131386 otherosfs optional qemu-guest-agent_2.0.0~rc1+dfsg-1exp_amd64.deb
 6aede97e6bbe192ca4e3ad4f42cce52a 46400 otherosfs optional qemu-kvm_2.0.0~rc1+dfsg-1exp_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iJwEAQECAAYFAlNAKZMACgkQUlPFrXTwyDha1gQAic2dpwZBrigCn4P1vBuGJDfL
rVPjbZ2aj5fY813ZD8XBSnBWBIyM4w5rltm/K1vsWj6/0eLb7lrjbAkFLHgZ+AdA
pykcz11Z5U4Qa1fVr0IC80OxWgMPAhwTyt9goBt/9ygl6O99LSlO57XpVBmkWFvT
3u+i8bvpV9R6JcUMf+U=
=ZS3q
-----END PGP SIGNATURE-----

Message #45 received at 739589@bugs.debian.org (full text, mbox, reply):

From: Michael Tokarev <mjt@tls.msk.ru>

To: Moritz Muehlenhoff <jmm@inutil.org>, 739589@bugs.debian.org

Subject: Re: Bug#739589: qemu: Multiple security issues

Date: Wed, 14 May 2014 12:22:17 +0400

Adding more issues to the same bugreport.

CVE-2014-3461
 http://article.gmane.org/gmane.comp.emulators.qemu/272322

Thanks,

/mjt

Message #52 received at 739589-close@bugs.debian.org (full text, mbox, reply):

From: Michael Tokarev <mjt@tls.msk.ru>

To: 739589-close@bugs.debian.org

Subject: Bug#739589: fixed in qemu 2.1+dfsg-1

Date: Fri, 01 Aug 2014 16:37:43 +0000

Source: qemu
Source-Version: 2.1+dfsg-1

We believe that the bug you reported is fixed in the latest version of
qemu, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 739589@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Tokarev <mjt@tls.msk.ru> (supplier of updated qemu package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Fri, 01 Aug 2014 20:06:22 +0400
Source: qemu
Binary: qemu qemu-system qemu-system-common qemu-system-misc qemu-system-arm qemu-system-mips qemu-system-ppc qemu-system-sparc qemu-system-x86 qemu-user qemu-user-static qemu-user-binfmt qemu-utils qemu-guest-agent qemu-kvm
Architecture: source
Version: 2.1+dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>
Changed-By: Michael Tokarev <mjt@tls.msk.ru>
Description:
 qemu       - fast processor emulator
 qemu-guest-agent - Guest-side qemu-system agent
 qemu-kvm   - QEMU Full virtualization on x86 hardware
 qemu-system - QEMU full system emulation binaries
 qemu-system-arm - QEMU full system emulation binaries (arm)
 qemu-system-common - QEMU full system emulation binaries (common files)
 qemu-system-mips - QEMU full system emulation binaries (mips)
 qemu-system-misc - QEMU full system emulation binaries (miscelaneous)
 qemu-system-ppc - QEMU full system emulation binaries (ppc)
 qemu-system-sparc - QEMU full system emulation binaries (sparc)
 qemu-system-x86 - QEMU full system emulation binaries (x86)
 qemu-user  - QEMU user mode emulation binaries
 qemu-user-binfmt - QEMU user mode binfmt registration for qemu-user
 qemu-user-static - QEMU user mode emulation binaries (static version)
 qemu-utils - QEMU utilities
Closes: 735618 739589 755988
Changes:
 qemu (2.1+dfsg-1) unstable; urgency=medium
 .
   * new upstream release
     Closes: #739589 CVE-2014-3461
     Closes: #735618
   * versioned build-depend on libiscsi-dev (>>1.9.0~)
   * added ppc64le user target
   * fix description of qemu-user-binfmt wrt "empty" (Closes: #755988)
   * use /usr/share/dpkg/pkg-info.mk instead of inventing the same locally
   * added debian/get-orig-source.sh (and a d/rules target)
   * set ubuntu vcs branch to ubuntu-utopic
   * binfmt-update-in: make sure to filter out compat arches
Checksums-Sha1:
 c999e6ecc6c712b0c2216aeed8e714682cea05a9 5106 qemu_2.1+dfsg-1.dsc
 d0c0314af2b710cf3dbd91522963cc0eefa51390 5163316 qemu_2.1+dfsg.orig.tar.xz
 18c9a2e9ab99209ff325112c59aa6f9187cc7e9b 56052 qemu_2.1+dfsg-1.debian.tar.xz
Checksums-Sha256:
 83709db7c6963a8b6e864a87639fcc22be5c8d0c782a4b39517bdb1929df59ca 5106 qemu_2.1+dfsg-1.dsc
 34b610c2538c7617638b8f1bdedf8a96ca2ff8cd8ad97b920a70c4d8d481d97f 5163316 qemu_2.1+dfsg.orig.tar.xz
 902ec244c89f64d1c25e1b2cace78743d0322a586e2a721af85d03fe806024e4 56052 qemu_2.1+dfsg-1.debian.tar.xz
Files:
 462abc5ceef7b9420437456ab34f9f2b 5106 otherosfs optional qemu_2.1+dfsg-1.dsc
 eae7dcf964948cb0f4ed58d0488ae0de 5163316 otherosfs optional qemu_2.1+dfsg.orig.tar.xz
 51ba066f70e6f203557fec029dff3570 56052 otherosfs optional qemu_2.1+dfsg-1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBAgAGBQJT279oAAoJEL7lnXSkw9fbS5oIAMVB+I7ROwYcxFPUWxmTJtqs
32Tn1B9W9HzDv9lHdqFB+JnVZemawDq5BDGSGD+u7qJo9KaGs6ep7msQH7gL3BDJ
RzVrmxpeNWGttlkz4mkm/rFjNqd6jN8m46dI8d+OLzeMNLfq7HpvT+kvh4v2DwjV
Dpmf8FoaDvRKPvnhsfeIf8r3QqCfpWPNn/EBOz/BcaiMIJX0bY/OMhZnCxnONyUi
PG71uTyeTQxFMte/Jq8sw/X34HjXi/qlNYliR29JUvT6GUR9Wxh4l9DbNJ/xFotA
vf7fIMt3qD8zGUxHu5fajD5rZtbFYfJvTUcgiVoOsq9oCJshvN4HGU6N2wa/j2g=
=ENLr
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.