From: Eduardo Habkost <ehabkost@redhat.com>
To: Anthony Liguori <anthony@codemonkey.ws>
Cc: qemu-devel@nongnu.org
Subject: [Qemu-devel] [PATCH 0/4] CVE-2008-0928 security fix
Date: Thu, 19 Feb 2009 18:19:32 -0300 [thread overview]
Message-ID: <1235078376-25559-1-git-send-email-ehabkost@redhat.com> (raw)
Hi,
This series is another try to fix CVE-2008-0928 on Qemu, a security
vulnerability that is present since a long time. The first 3 patches are
simple changes to make the way to the last patch, that is the actual fix.
This fix is similar to the previous fix tat was present on Qemu SVN
previously, but changes BlockDriverState to store total_bytes
instead of total_sectors. This should avoid problems when byte-based
reads are done on some devices, such as on qcow case. The check
based on sector range done on the previous fix caused problems for qcow,
as documented at:
https://bugzilla.redhat.com/show_bug.cgi?id=485148
The previous fix was reverted almost a year ago but no alternative
fix was committed since then. Not having a fix to the vulnerability
upstream causes pain to users of the upstream code (who have a vulnerable
Qemu) and developers of distributions including Qemu code (who have to
carry and forward-port the fix themselves).
--
Eduardo
next reply other threads:[~2009-02-19 21:20 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-02-19 21:19 Eduardo Habkost [this message]
2009-02-19 21:19 ` [Qemu-devel] [PATCH 1/4] vmdk: check for negative sector nums also Eduardo Habkost
2009-02-19 21:44 ` Stefan Weil
2009-02-19 21:56 ` Eduardo Habkost
2009-02-19 21:19 ` [Qemu-devel] [PATCH 2/4] hw/sd.c: remove ununsed SECTOR_SIZE define Eduardo Habkost
2009-02-19 21:19 ` [Qemu-devel] [PATCH 3/4] Move SECTOR_BITS/SECTOR_SIZE to block.h Eduardo Habkost
2009-02-19 21:19 ` [Qemu-devel] [PATCH 4/4] Fix CVE-2008-0928 - insufficient block device address range checking Eduardo Habkost
2009-02-19 21:40 ` Eduardo Habkost
2009-02-19 22:21 ` Aurelien Jarno
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1235078376-25559-1-git-send-email-ehabkost@redhat.com \
--to=ehabkost@redhat.com \
--cc=anthony@codemonkey.ws \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).