[Pkg-xen-devel] Bug#688125: Bug#688125: Bug#688125: marked as done (xen: CVE-2012-2625)
Bastian Blank
waldi at debian.org
Fri Sep 21 12:23:13 UTC 2012
On Fri, Sep 21, 2012 at 09:40:27AM +0100, Ian Campbell wrote:
> On Wed, 2012-09-19 at 15:51 +0000, Debian Bug Tracking System wrote:
> > > On Wed, Sep 19, 2012 at 05:33:41PM +0200, Moritz Muehlenhoff wrote:
> > > > This issue is still unfixed in Wheezy:
> > > > https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-2625
> > > > http://xenbits.xensource.com/hg/xen-unstable.hg/rev/60f09d1ab1fe
> > > Two different problems. No known patch for the first one.
> 60f09d1ab1fe is the fix for precisely the issue described in
> CVE-2012-2625.
The referenced bug marked with CVE-2012-2625 speaks about the pv loader
for bzip2 and lzma kernels. This loader is implemented in libxenctrl and
the hypervisor for dom0. I see no mitigation in this code against large
decompressed files. Plus there is an integer overflow.
60f09d1ab1fe fixes reading too large files from guest filesystems using
pygrub.
Bastian
--
But Captain -- the engines can't take this much longer!
More information about the Pkg-xen-devel
mailing list