Debian Bug report logs -
#526040
qemu: CVE-2008-4539 buffer overlflow vulnerability
Reported by: "Michael S. Gilbert" <michael.s.gilbert@gmail.com>
Date: Tue, 28 Apr 2009 19:36:01 UTC
Severity: important
Tags: fixed
Found in versions qemu/0.9.1-10, qemu/0.9.1-1
Fixed in versions 0.9.1+svn20081101-1, qemu/0.9.1-10lenny1
Done: Aurelien Jarno <aurel32@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>:
Bug#526040; Package qemu.
(Tue, 28 Apr 2009 19:36:03 GMT) (full text, mbox, link).
Acknowledgement sent
to "Michael S. Gilbert" <michael.s.gilbert@gmail.com>:
New Bug report received and forwarded. Copy sent to Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>.
(Tue, 28 Apr 2009 19:36:03 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: qemu
Severity: important
Tags: security
Tags: fixed 0.9.1+svn20081101-1
Hi,
The following CVE (Common Vulnerabilities & Exposures) id was
published for qemu.
CVE-2008-4539[0]:
| Heap-based buffer overflow in the Cirrus VGA implementation in (1) KVM
| before kvm-82 and (2) QEMU on Debian GNU/Linux and Ubuntu might allow
| local users to gain privileges by using the VNC console for a
| connection, aka the LGD-54XX "bitblt" heap overflow. NOTE: this issue
| exists because of an incorrect fix for CVE-2007-1320.
This is already fixed in version 0.9.1+svn20081101-1 in unstable.
Please coordinate with the security team (team@security.debian.org) to
prepare packages for the stable releases.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4539
http://security-tracker.debian.net/tracker/CVE-2008-4539
Bug marked as fixed in version 0.9.1+svn20081101-1.
Request was from Paul Wise <pabs@debian.org>
to control@bugs.debian.org.
(Tue, 28 Apr 2009 19:45:07 GMT) (full text, mbox, link).
Bug marked as found in version 0.9.1-10.
Request was from Aurelien Jarno <aurel32@debian.org>
to control@bugs.debian.org.
(Sat, 02 May 2009 13:27:05 GMT) (full text, mbox, link).
Tags added: pending
Request was from Aurelien Jarno <aurel32@alioth.debian.org>
to control@bugs.debian.org.
(Sat, 02 May 2009 13:36:05 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>:
Bug#526040; Package qemu.
(Sat, 02 May 2009 13:39:02 GMT) (full text, mbox, link).
Acknowledgement sent
to Aurelien Jarno <aurelien@aurel32.net>:
Extra info received and forwarded to list. Copy sent to Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>.
(Sat, 02 May 2009 13:39:02 GMT) (full text, mbox, link).
Message #16 received at 526040@bugs.debian.org (full text, mbox, reply):
On Tue, Apr 28, 2009 at 03:34:32PM -0400, Michael S. Gilbert wrote:
> Package: qemu
> Severity: important
> Tags: security
> Tags: fixed 0.9.1+svn20081101-1
>
> Hi,
>
> The following CVE (Common Vulnerabilities & Exposures) id was
> published for qemu.
>
> CVE-2008-4539[0]:
> | Heap-based buffer overflow in the Cirrus VGA implementation in (1) KVM
> | before kvm-82 and (2) QEMU on Debian GNU/Linux and Ubuntu might allow
> | local users to gain privileges by using the VNC console for a
> | connection, aka the LGD-54XX "bitblt" heap overflow. NOTE: this issue
> | exists because of an incorrect fix for CVE-2007-1320.
>
> This is already fixed in version 0.9.1+svn20081101-1 in unstable.
> Please coordinate with the security team (team@security.debian.org) to
> prepare packages for the stable releases.
>
> If you fix the vulnerability please also make sure to include the
> CVE id in your changelog entry.
>
This is fixed in the lenny branch of the SVN.
The bug is not present in etch, as the correct original fix for
CVE-2007-1320 is applied.
--
Aurelien Jarno GPG: 1024D/F1BCDB73
aurelien@aurel32.net http://www.aurel32.net
Bug marked as found in version 0.9.1-1.
Request was from Aurelien Jarno <aurel32@debian.org>
to control@bugs.debian.org.
(Sat, 02 May 2009 13:39:03 GMT) (full text, mbox, link).
Bug no longer marked as found in version 0.8.2-4.
Request was from Aurelien Jarno <aurel32@debian.org>
to control@bugs.debian.org.
(Sat, 02 May 2009 13:39:05 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>:
Bug#526040; Package qemu.
(Sun, 03 May 2009 18:42:04 GMT) (full text, mbox, link).
Acknowledgement sent
to "Michael S. Gilbert" <michael.s.gilbert@gmail.com>:
Extra info received and forwarded to list. Copy sent to Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>.
(Sun, 03 May 2009 18:42:04 GMT) (full text, mbox, link).
Message #25 received at 526040@bugs.debian.org (full text, mbox, reply):
On Sat, 2 May 2009 15:37:52 +0200 Aurelien Jarno wrote:
> This is fixed in the lenny branch of the SVN.
great to hear. do you plan to work with the security team to issue a
DSA for this one, or is it minor enough that it would make more sense
to do it in an spu?
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>:
Bug#526040; Package qemu.
(Sun, 03 May 2009 21:21:02 GMT) (full text, mbox, link).
Acknowledgement sent
to Aurelien Jarno <aurelien@aurel32.net>:
Extra info received and forwarded to list. Copy sent to Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>.
(Sun, 03 May 2009 21:21:02 GMT) (full text, mbox, link).
Message #30 received at 526040@bugs.debian.org (full text, mbox, reply):
On Sun, May 03, 2009 at 02:38:35PM -0400, Michael S. Gilbert wrote:
> On Sat, 2 May 2009 15:37:52 +0200 Aurelien Jarno wrote:
> > This is fixed in the lenny branch of the SVN.
>
> great to hear. do you plan to work with the security team to issue a
> DSA for this one, or is it minor enough that it would make more sense
> to do it in an spu?
Given there are other security bugs to fix, I think it can be fixed in a
DSA. I have sent patches to the security team for both etch and lenny
earlier today.
--
Aurelien Jarno GPG: 1024D/F1BCDB73
aurelien@aurel32.net http://www.aurel32.net
Reply sent
to Aurelien Jarno <aurel32@debian.org>:
You have taken responsibility.
(Mon, 08 Jun 2009 22:36:12 GMT) (full text, mbox, link).
Notification sent
to "Michael S. Gilbert" <michael.s.gilbert@gmail.com>:
Bug acknowledged by developer.
(Mon, 08 Jun 2009 22:36:12 GMT) (full text, mbox, link).
Message #35 received at 526040-close@bugs.debian.org (full text, mbox, reply):
Source: qemu
Source-Version: 0.9.1-10lenny1
We believe that the bug you reported is fixed in the latest version of
qemu, which is due to be installed in the Debian FTP archive:
qemu_0.9.1-10lenny1.diff.gz
to pool/main/q/qemu/qemu_0.9.1-10lenny1.diff.gz
qemu_0.9.1-10lenny1.dsc
to pool/main/q/qemu/qemu_0.9.1-10lenny1.dsc
qemu_0.9.1-10lenny1_amd64.deb
to pool/main/q/qemu/qemu_0.9.1-10lenny1_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 526040@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Aurelien Jarno <aurel32@debian.org> (supplier of updated qemu package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sat, 02 May 2009 15:29:10 +0200
Source: qemu
Binary: qemu
Architecture: source amd64
Version: 0.9.1-10lenny1
Distribution: stable-security
Urgency: low
Maintainer: Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>
Changed-By: Aurelien Jarno <aurel32@debian.org>
Description:
qemu - fast processor emulator
Closes: 469649 526013 526040
Changes:
qemu (0.9.1-10lenny1) stable-security; urgency=low
.
* debian/patches/91_security.patch: fix privilege escalation.
(CVE-2008-0928). Closes: bug#469649.
* debian/patches/97_security.patch: fix heap-based buffer overflow in
the Cirrus VGA implementation (CVE-2008-4539). Closes: bug#526040.
* debian/patches/98_security.patch: fix media handling vulnerability
(CVE-2008-1945). Closes: bug#526013.
Checksums-Sha1:
d0ef3cd50d65cdd7bd14e9a43964797bedd7da22 1638 qemu_0.9.1-10lenny1.dsc
15a5cc9a82dfedca9d679901a1e7281134ed9420 2392515 qemu_0.9.1.orig.tar.gz
a8d66924bdd5af86998237bbda19f4ac38902a15 80162 qemu_0.9.1-10lenny1.diff.gz
dcdc5f828fd152f0cf7e2af943ac1a24b7220376 11030660 qemu_0.9.1-10lenny1_amd64.deb
Checksums-Sha256:
111ae1899b8701ecdac6c74cd6143970282c6c42c647d3c5eee3a7a98496449c 1638 qemu_0.9.1-10lenny1.dsc
0868ad1439da3edb750b5ef0d4f7ca54ebdcd76582fa5c2a60c5290f8a3f7ebe 2392515 qemu_0.9.1.orig.tar.gz
ba0f3919062760cfe3e869ca638fac9502d0a6769fb598c798dab888e467e148 80162 qemu_0.9.1-10lenny1.diff.gz
dcd416aab0e2a8d9f07847ee3caeca72af34716e25ad0cc70ce11042e51f1940 11030660 qemu_0.9.1-10lenny1_amd64.deb
Files:
1c8e6db187f4b58e5655f2b06581b56f 1638 misc optional qemu_0.9.1-10lenny1.dsc
937c34632a59e12ba7b55054419bbe7d 2392515 misc optional qemu_0.9.1.orig.tar.gz
f5d593dcea9ec54a148c76a3883fa537 80162 misc optional qemu_0.9.1-10lenny1.diff.gz
02d39005c7b486f1d3541875052435d0 11030660 misc optional qemu_0.9.1-10lenny1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkn9+2kACgkQXm3vHE4uylpaRgCeKYsUJ87I9MpyQI6Og3p55yvU
244AoIilhn98N0eQHTqhJPiODN2BMLXm
=632A
-----END PGP SIGNATURE-----
Reply sent
to Aurelien Jarno <aurel32@debian.org>:
You have taken responsibility.
(Sat, 27 Jun 2009 16:42:25 GMT) (full text, mbox, link).
Notification sent
to "Michael S. Gilbert" <michael.s.gilbert@gmail.com>:
Bug acknowledged by developer.
(Sat, 27 Jun 2009 16:42:25 GMT) (full text, mbox, link).
Message #40 received at 526040-close@bugs.debian.org (full text, mbox, reply):
Source: qemu
Source-Version: 0.9.1-10lenny1
We believe that the bug you reported is fixed in the latest version of
qemu, which is due to be installed in the Debian FTP archive:
qemu_0.9.1-10lenny1.diff.gz
to pool/main/q/qemu/qemu_0.9.1-10lenny1.diff.gz
qemu_0.9.1-10lenny1.dsc
to pool/main/q/qemu/qemu_0.9.1-10lenny1.dsc
qemu_0.9.1-10lenny1_amd64.deb
to pool/main/q/qemu/qemu_0.9.1-10lenny1_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 526040@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Aurelien Jarno <aurel32@debian.org> (supplier of updated qemu package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sat, 02 May 2009 15:29:10 +0200
Source: qemu
Binary: qemu
Architecture: source amd64
Version: 0.9.1-10lenny1
Distribution: stable-security
Urgency: low
Maintainer: Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>
Changed-By: Aurelien Jarno <aurel32@debian.org>
Description:
qemu - fast processor emulator
Closes: 469649 526013 526040
Changes:
qemu (0.9.1-10lenny1) stable-security; urgency=low
.
* debian/patches/91_security.patch: fix privilege escalation.
(CVE-2008-0928). Closes: bug#469649.
* debian/patches/97_security.patch: fix heap-based buffer overflow in
the Cirrus VGA implementation (CVE-2008-4539). Closes: bug#526040.
* debian/patches/98_security.patch: fix media handling vulnerability
(CVE-2008-1945). Closes: bug#526013.
Checksums-Sha1:
d0ef3cd50d65cdd7bd14e9a43964797bedd7da22 1638 qemu_0.9.1-10lenny1.dsc
15a5cc9a82dfedca9d679901a1e7281134ed9420 2392515 qemu_0.9.1.orig.tar.gz
a8d66924bdd5af86998237bbda19f4ac38902a15 80162 qemu_0.9.1-10lenny1.diff.gz
dcdc5f828fd152f0cf7e2af943ac1a24b7220376 11030660 qemu_0.9.1-10lenny1_amd64.deb
Checksums-Sha256:
111ae1899b8701ecdac6c74cd6143970282c6c42c647d3c5eee3a7a98496449c 1638 qemu_0.9.1-10lenny1.dsc
0868ad1439da3edb750b5ef0d4f7ca54ebdcd76582fa5c2a60c5290f8a3f7ebe 2392515 qemu_0.9.1.orig.tar.gz
ba0f3919062760cfe3e869ca638fac9502d0a6769fb598c798dab888e467e148 80162 qemu_0.9.1-10lenny1.diff.gz
dcd416aab0e2a8d9f07847ee3caeca72af34716e25ad0cc70ce11042e51f1940 11030660 qemu_0.9.1-10lenny1_amd64.deb
Files:
1c8e6db187f4b58e5655f2b06581b56f 1638 misc optional qemu_0.9.1-10lenny1.dsc
937c34632a59e12ba7b55054419bbe7d 2392515 misc optional qemu_0.9.1.orig.tar.gz
f5d593dcea9ec54a148c76a3883fa537 80162 misc optional qemu_0.9.1-10lenny1.diff.gz
02d39005c7b486f1d3541875052435d0 11030660 misc optional qemu_0.9.1-10lenny1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkn9+2kACgkQXm3vHE4uylpaRgCeKYsUJ87I9MpyQI6Og3p55yvU
244AoIilhn98N0eQHTqhJPiODN2BMLXm
=632A
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sun, 26 Jul 2009 07:31:43 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 13:46:10 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon