Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2012-2625 CVE-2012-4544

Source

Debian Bug report logs - #688125
CVE-2012-2625 / CVE-2012-4544

Package: xen; Maintainer for xen is Debian Xen Team <pkg-xen-devel@lists.alioth.debian.org>;

Reported by: Moritz Muehlenhoff <jmm@inutil.org>

Date: Wed, 19 Sep 2012 15:39:07 UTC

Severity: important

Tags: security

Fixed in version 4.1.3-4

Done: Bastian Blank <waldi@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Xen Team <pkg-xen-devel@lists.alioth.debian.org>:
Bug#688125; Package xen. (Wed, 19 Sep 2012 15:39:09 GMT) (full text, mbox, link).

Acknowledgement sent to Moritz Muehlenhoff <jmm@inutil.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Xen Team <pkg-xen-devel@lists.alioth.debian.org>. (Wed, 19 Sep 2012 15:39:09 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

Package: xen
Severity: important
Tags: security
Justification: user security hole

Hi,
This issue is still unfixed in Wheezy:

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-2625

Patch:
http://xenbits.xensource.com/hg/xen-unstable.hg/rev/60f09d1ab1fe

Cheers,
        Moritz

Reply sent to Bastian Blank <waldi@debian.org>:
You have taken responsibility. (Wed, 19 Sep 2012 15:51:07 GMT) (full text, mbox, link).

Notification sent to Moritz Muehlenhoff <jmm@inutil.org>:
Bug acknowledged by developer. (Wed, 19 Sep 2012 15:51:07 GMT) (full text, mbox, link).

Message #10 received at 688125-done@bugs.debian.org (full text, mbox, reply):

On Wed, Sep 19, 2012 at 05:33:41PM +0200, Moritz Muehlenhoff wrote:
> This issue is still unfixed in Wheezy:
> https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-2625
> http://xenbits.xensource.com/hg/xen-unstable.hg/rev/60f09d1ab1fe

Two different problems. No known patch for the first one.

Bastian

-- 
Peace was the way.
		-- Kirk, "The City on the Edge of Forever", stardate unknown

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Xen Team <pkg-xen-devel@lists.alioth.debian.org>:
Bug#688125; Package xen. (Fri, 21 Sep 2012 08:45:03 GMT) (full text, mbox, link).

Acknowledgement sent to Ian Campbell <ijc@hellion.org.uk>:
Extra info received and forwarded to list. Copy sent to Debian Xen Team <pkg-xen-devel@lists.alioth.debian.org>. (Fri, 21 Sep 2012 08:45:03 GMT) (full text, mbox, link).

Message #15 received at 688125@bugs.debian.org (full text, mbox, reply):

On Wed, 2012-09-19 at 15:51 +0000, Debian Bug Tracking System wrote:
> > On Wed, Sep 19, 2012 at 05:33:41PM +0200, Moritz Muehlenhoff wrote:
> > > This issue is still unfixed in Wheezy:
> > > https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-2625
> > > http://xenbits.xensource.com/hg/xen-unstable.hg/rev/60f09d1ab1fe
> > 
> > Two different problems. No known patch for the first one.

Wrong. 

60f09d1ab1fe is the fix for precisely the issue described in
CVE-2012-2625.

If you think there is another issue then please tell us about it (on
security@xen.org if you prefer).

Ian.

-- 
Ian Campbell
Current Noise: Bastard Priest - Evil Pain

Give me a sleeping pill and tell me your troubles.

Bug reopened Request was from Moritz Muehlenhoff <jmm@inutil.org> to control@bugs.debian.org. (Fri, 21 Sep 2012 09:30:06 GMT) (full text, mbox, link).

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Xen Team <pkg-xen-devel@lists.alioth.debian.org>:
Bug#688125; Package xen. (Fri, 21 Sep 2012 12:24:05 GMT) (full text, mbox, link).

Acknowledgement sent to Bastian Blank <waldi@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Xen Team <pkg-xen-devel@lists.alioth.debian.org>. (Fri, 21 Sep 2012 12:24:05 GMT) (full text, mbox, link).

Message #22 received at 688125@bugs.debian.org (full text, mbox, reply):

On Fri, Sep 21, 2012 at 09:40:27AM +0100, Ian Campbell wrote:
> On Wed, 2012-09-19 at 15:51 +0000, Debian Bug Tracking System wrote:
> > > On Wed, Sep 19, 2012 at 05:33:41PM +0200, Moritz Muehlenhoff wrote:
> > > > This issue is still unfixed in Wheezy:
> > > > https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-2625
> > > > http://xenbits.xensource.com/hg/xen-unstable.hg/rev/60f09d1ab1fe
> > > Two different problems. No known patch for the first one.
> 60f09d1ab1fe is the fix for precisely the issue described in
> CVE-2012-2625.

The referenced bug marked with CVE-2012-2625 speaks about the pv loader
for bzip2 and lzma kernels. This loader is implemented in libxenctrl and
the hypervisor for dom0. I see no mitigation in this code against large
decompressed files. Plus there is an integer overflow.

60f09d1ab1fe fixes reading too large files from guest filesystems using
pygrub.

Bastian

-- 
But Captain -- the engines can't take this much longer!

Reply sent to Bastian Blank <waldi@debian.org>:
You have taken responsibility. (Sun, 07 Oct 2012 16:09:06 GMT) (full text, mbox, link).

Notification sent to Moritz Muehlenhoff <jmm@inutil.org>:
Bug acknowledged by developer. (Sun, 07 Oct 2012 16:09:06 GMT) (full text, mbox, link).

Message #27 received at 688125-done@bugs.debian.org (full text, mbox, reply):

On Fri, Sep 21, 2012 at 02:23:13PM +0200, Bastian Blank wrote:
> The referenced bug marked with CVE-2012-2625 speaks about the pv loader
> for bzip2 and lzma kernels. This loader is implemented in libxenctrl and
> the hypervisor for dom0. I see no mitigation in this code against large
> decompressed files. Plus there is an integer overflow.
> 
> 60f09d1ab1fe fixes reading too large files from guest filesystems using
> pygrub.

I received no further information. Please reopen _after_ you figured
out, which one this is and this information got published in the CVE
list.

Bastian

-- 
Worlds are conquered, galaxies destroyed -- but a woman is always a woman.
		-- Kirk, "The Conscience of the King", stardate 2818.9

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Xen Team <pkg-xen-devel@lists.alioth.debian.org>:
Bug#688125; Package xen. (Mon, 29 Oct 2012 08:45:05 GMT) (full text, mbox, link).

Acknowledgement sent to Moritz Muehlenhoff <jmm@inutil.org>:
Extra info received and forwarded to list. Copy sent to Debian Xen Team <pkg-xen-devel@lists.alioth.debian.org>. (Mon, 29 Oct 2012 08:45:05 GMT) (full text, mbox, link).

Message #32 received at 688125@bugs.debian.org (full text, mbox, reply):

reopen 688125
retitle 688125 CVE-2012-2625 / CVE-2012-4544
thanks

On Sun, Oct 07, 2012 at 06:07:31PM +0200, Bastian Blank wrote:
> On Fri, Sep 21, 2012 at 02:23:13PM +0200, Bastian Blank wrote:
> > The referenced bug marked with CVE-2012-2625 speaks about the pv loader
> > for bzip2 and lzma kernels. This loader is implemented in libxenctrl and
> > the hypervisor for dom0. I see no mitigation in this code against large
> > decompressed files. Plus there is an integer overflow.
> > 
> > 60f09d1ab1fe fixes reading too large files from guest filesystems using
> > pygrub.
> 
> I received no further information. Please reopen _after_ you figured
> out, which one this is and this information got published in the CVE
> list.

Please see http://lists.xen.org/archives/html/xen-devel/2012-10/msg02015.html
for clarification

Cheers,
        Moritz

Bug reopened Request was from Moritz Muehlenhoff <jmm@inutil.org> to control@bugs.debian.org. (Mon, 29 Oct 2012 08:45:07 GMT) (full text, mbox, link).

Changed Bug title to 'CVE-2012-2625 / CVE-2012-4544' from 'xen: CVE-2012-2625' Request was from Moritz Muehlenhoff <jmm@inutil.org> to control@bugs.debian.org. (Mon, 29 Oct 2012 08:45:07 GMT) (full text, mbox, link).

Reply sent to Bastian Blank <waldi@debian.org>:
You have taken responsibility. (Thu, 31 Jan 2013 14:18:06 GMT) (full text, mbox, link).

Notification sent to Moritz Muehlenhoff <jmm@inutil.org>:
Bug acknowledged by developer. (Thu, 31 Jan 2013 14:18:06 GMT) (full text, mbox, link).

Message #41 received at 688125-done@bugs.debian.org (full text, mbox, reply):

Version: 4.1.3-4
-- 
Killing is stupid; useless!
		-- McCoy, "A Private Little War", stardate 4211.8

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 17 Mar 2013 07:26:08 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 16:48:59 2019; Machine Name: beach

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2012-2625 / CVE-2012-4544

Debian Bug report logs - #688125
CVE-2012-2625 / CVE-2012-4544

Vulmon Search

About

Products

Connect

CVE-2012-2625 / CVE-2012-4544

Debian Bug report logs - #688125 CVE-2012-2625 / CVE-2012-4544

Vulmon Search

About

Products

Connect

Debian Bug report logs - #688125
CVE-2012-2625 / CVE-2012-4544