Nico Golde
2008-Mar-06 11:36 UTC
[Pkg-xen-devel] Bug#469654: xen-unstable: CVE-2008-0928 privilege escalation
Package: xen-unstable Severity: grave Tags: security patch Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for xen-unstable. CVE-2008-0928[0]: | Qemu 0.9.1 and earlier does not perform range checks for block device | read or write requests, which allows guest host users with root | privileges to access arbitrary memory and escape the virtual machine. If you fix this vulnerability please also include the CVE id in your changelog entry. https://bugzilla.redhat.com/attachment.cgi?id=296005 is the patch (tools/ioemu/block.c should get patched). For further information: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0928 Kind regards Nico -- Nico Golde - http://www.ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.alioth.debian.org/pipermail/pkg-xen-devel/attachments/20080306/d3128f1f/attachment.pgp
Debian Bug Tracking System
2008-Mar-07 14:06 UTC
[Pkg-xen-devel] Bug#469654: marked as done (xen-unstable: CVE-2008-0928 privilege escalation)
Your message dated Fri, 07 Mar 2008 13:47:03 +0000 with message-id <E1JXcud-0000hw-Pe at ries.debian.org> and subject line Bug#469654: fixed in xen-3 3.2.0-4 has caused the Debian Bug report #469654, regarding xen-unstable: CVE-2008-0928 privilege escalation to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner at bugs.debian.org immediately.) -- 469654: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469654 Debian Bug Tracking System Contact owner at bugs.debian.org with problems -------------- next part -------------- An embedded message was scrubbed... From: Nico Golde <nion at debian.org> Subject: xen-unstable: CVE-2008-0928 privilege escalation Date: Thu, 6 Mar 2008 12:36:47 +0100 Size: 2836 Url: http://lists.alioth.debian.org/pipermail/pkg-xen-devel/attachments/20080307/fafb2cd7/attachment-0002.eml -------------- next part -------------- An embedded message was scrubbed... From: Bastian Blank <waldi at debian.org> Subject: Bug#469654: fixed in xen-3 3.2.0-4 Date: Fri, 07 Mar 2008 13:47:03 +0000 Size: 4571 Url: http://lists.alioth.debian.org/pipermail/pkg-xen-devel/attachments/20080307/fafb2cd7/attachment-0003.eml