Debian Bug report logs -
#688125
CVE-2012-2625 / CVE-2012-4544
Reported by: Moritz Muehlenhoff <jmm@inutil.org>
Date: Wed, 19 Sep 2012 15:39:07 UTC
Severity: important
Tags: security
Fixed in version 4.1.3-4
Done: Bastian Blank <waldi@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Xen Team <pkg-xen-devel@lists.alioth.debian.org>
:
Bug#688125
; Package xen
.
(Wed, 19 Sep 2012 15:39:09 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@inutil.org>
:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Xen Team <pkg-xen-devel@lists.alioth.debian.org>
.
(Wed, 19 Sep 2012 15:39:09 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: xen
Severity: important
Tags: security
Justification: user security hole
Hi,
This issue is still unfixed in Wheezy:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-2625
Patch:
http://xenbits.xensource.com/hg/xen-unstable.hg/rev/60f09d1ab1fe
Cheers,
Moritz
Reply sent
to Bastian Blank <waldi@debian.org>
:
You have taken responsibility.
(Wed, 19 Sep 2012 15:51:07 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <jmm@inutil.org>
:
Bug acknowledged by developer.
(Wed, 19 Sep 2012 15:51:07 GMT) (full text, mbox, link).
Message #10 received at 688125-done@bugs.debian.org (full text, mbox, reply):
On Wed, Sep 19, 2012 at 05:33:41PM +0200, Moritz Muehlenhoff wrote:
> This issue is still unfixed in Wheezy:
> https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-2625
> http://xenbits.xensource.com/hg/xen-unstable.hg/rev/60f09d1ab1fe
Two different problems. No known patch for the first one.
Bastian
--
Peace was the way.
-- Kirk, "The City on the Edge of Forever", stardate unknown
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Xen Team <pkg-xen-devel@lists.alioth.debian.org>
:
Bug#688125
; Package xen
.
(Fri, 21 Sep 2012 08:45:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Ian Campbell <ijc@hellion.org.uk>
:
Extra info received and forwarded to list. Copy sent to Debian Xen Team <pkg-xen-devel@lists.alioth.debian.org>
.
(Fri, 21 Sep 2012 08:45:03 GMT) (full text, mbox, link).
Message #15 received at 688125@bugs.debian.org (full text, mbox, reply):
On Wed, 2012-09-19 at 15:51 +0000, Debian Bug Tracking System wrote:
> > On Wed, Sep 19, 2012 at 05:33:41PM +0200, Moritz Muehlenhoff wrote:
> > > This issue is still unfixed in Wheezy:
> > > https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-2625
> > > http://xenbits.xensource.com/hg/xen-unstable.hg/rev/60f09d1ab1fe
> >
> > Two different problems. No known patch for the first one.
Wrong.
60f09d1ab1fe is the fix for precisely the issue described in
CVE-2012-2625.
If you think there is another issue then please tell us about it (on
security@xen.org if you prefer).
Ian.
--
Ian Campbell
Current Noise: Bastard Priest - Evil Pain
Give me a sleeping pill and tell me your troubles.
Bug reopened
Request was from Moritz Muehlenhoff <jmm@inutil.org>
to control@bugs.debian.org
.
(Fri, 21 Sep 2012 09:30:06 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Xen Team <pkg-xen-devel@lists.alioth.debian.org>
:
Bug#688125
; Package xen
.
(Fri, 21 Sep 2012 12:24:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Bastian Blank <waldi@debian.org>
:
Extra info received and forwarded to list. Copy sent to Debian Xen Team <pkg-xen-devel@lists.alioth.debian.org>
.
(Fri, 21 Sep 2012 12:24:05 GMT) (full text, mbox, link).
Message #22 received at 688125@bugs.debian.org (full text, mbox, reply):
On Fri, Sep 21, 2012 at 09:40:27AM +0100, Ian Campbell wrote:
> On Wed, 2012-09-19 at 15:51 +0000, Debian Bug Tracking System wrote:
> > > On Wed, Sep 19, 2012 at 05:33:41PM +0200, Moritz Muehlenhoff wrote:
> > > > This issue is still unfixed in Wheezy:
> > > > https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-2625
> > > > http://xenbits.xensource.com/hg/xen-unstable.hg/rev/60f09d1ab1fe
> > > Two different problems. No known patch for the first one.
> 60f09d1ab1fe is the fix for precisely the issue described in
> CVE-2012-2625.
The referenced bug marked with CVE-2012-2625 speaks about the pv loader
for bzip2 and lzma kernels. This loader is implemented in libxenctrl and
the hypervisor for dom0. I see no mitigation in this code against large
decompressed files. Plus there is an integer overflow.
60f09d1ab1fe fixes reading too large files from guest filesystems using
pygrub.
Bastian
--
But Captain -- the engines can't take this much longer!
Reply sent
to Bastian Blank <waldi@debian.org>
:
You have taken responsibility.
(Sun, 07 Oct 2012 16:09:06 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <jmm@inutil.org>
:
Bug acknowledged by developer.
(Sun, 07 Oct 2012 16:09:06 GMT) (full text, mbox, link).
Message #27 received at 688125-done@bugs.debian.org (full text, mbox, reply):
On Fri, Sep 21, 2012 at 02:23:13PM +0200, Bastian Blank wrote:
> The referenced bug marked with CVE-2012-2625 speaks about the pv loader
> for bzip2 and lzma kernels. This loader is implemented in libxenctrl and
> the hypervisor for dom0. I see no mitigation in this code against large
> decompressed files. Plus there is an integer overflow.
>
> 60f09d1ab1fe fixes reading too large files from guest filesystems using
> pygrub.
I received no further information. Please reopen _after_ you figured
out, which one this is and this information got published in the CVE
list.
Bastian
--
Worlds are conquered, galaxies destroyed -- but a woman is always a woman.
-- Kirk, "The Conscience of the King", stardate 2818.9
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Xen Team <pkg-xen-devel@lists.alioth.debian.org>
:
Bug#688125
; Package xen
.
(Mon, 29 Oct 2012 08:45:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@inutil.org>
:
Extra info received and forwarded to list. Copy sent to Debian Xen Team <pkg-xen-devel@lists.alioth.debian.org>
.
(Mon, 29 Oct 2012 08:45:05 GMT) (full text, mbox, link).
Message #32 received at 688125@bugs.debian.org (full text, mbox, reply):
reopen 688125
retitle 688125 CVE-2012-2625 / CVE-2012-4544
thanks
On Sun, Oct 07, 2012 at 06:07:31PM +0200, Bastian Blank wrote:
> On Fri, Sep 21, 2012 at 02:23:13PM +0200, Bastian Blank wrote:
> > The referenced bug marked with CVE-2012-2625 speaks about the pv loader
> > for bzip2 and lzma kernels. This loader is implemented in libxenctrl and
> > the hypervisor for dom0. I see no mitigation in this code against large
> > decompressed files. Plus there is an integer overflow.
> >
> > 60f09d1ab1fe fixes reading too large files from guest filesystems using
> > pygrub.
>
> I received no further information. Please reopen _after_ you figured
> out, which one this is and this information got published in the CVE
> list.
Please see http://lists.xen.org/archives/html/xen-devel/2012-10/msg02015.html
for clarification
Cheers,
Moritz
Bug reopened
Request was from Moritz Muehlenhoff <jmm@inutil.org>
to control@bugs.debian.org
.
(Mon, 29 Oct 2012 08:45:07 GMT) (full text, mbox, link).
Changed Bug title to 'CVE-2012-2625 / CVE-2012-4544' from 'xen: CVE-2012-2625'
Request was from Moritz Muehlenhoff <jmm@inutil.org>
to control@bugs.debian.org
.
(Mon, 29 Oct 2012 08:45:07 GMT) (full text, mbox, link).
Reply sent
to Bastian Blank <waldi@debian.org>
:
You have taken responsibility.
(Thu, 31 Jan 2013 14:18:06 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <jmm@inutil.org>
:
Bug acknowledged by developer.
(Thu, 31 Jan 2013 14:18:06 GMT) (full text, mbox, link).
Message #41 received at 688125-done@bugs.debian.org (full text, mbox, reply):
Version: 4.1.3-4
--
Killing is stupid; useless!
-- McCoy, "A Private Little War", stardate 4211.8
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Sun, 17 Mar 2013 07:26:08 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 16:48:59 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.