[Pkg-xen-devel] Bug#688125: Bug#688125: Bug#688125: Bug#688125: marked as done (xen: CVE-2012-2625)

Moritz Muehlenhoff jmm at inutil.org
Mon Oct 29 08:38:18 UTC 2012


reopen 688125
retitle 688125 CVE-2012-2625 / CVE-2012-4544
thanks

On Sun, Oct 07, 2012 at 06:07:31PM +0200, Bastian Blank wrote:
> On Fri, Sep 21, 2012 at 02:23:13PM +0200, Bastian Blank wrote:
> > The referenced bug marked with CVE-2012-2625 speaks about the pv loader
> > for bzip2 and lzma kernels. This loader is implemented in libxenctrl and
> > the hypervisor for dom0. I see no mitigation in this code against large
> > decompressed files. Plus there is an integer overflow.
> > 
> > 60f09d1ab1fe fixes reading too large files from guest filesystems using
> > pygrub.
> 
> I received no further information. Please reopen _after_ you figured
> out, which one this is and this information got published in the CVE
> list.

Please see http://lists.xen.org/archives/html/xen-devel/2012-10/msg02015.html
for clarification

Cheers,
        Moritz



More information about the Pkg-xen-devel mailing list