1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
|
PublicDateAtUSN: 2012-09-06
Candidate: CVE-2012-3515
PublicDate: 2012-11-23
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3515
http://www.openwall.com/lists/oss-security/2012/09/05/10
http://www.ubuntu.com/usn/usn-1590-1
http://lists.xen.org/archives/html/xen-announce/2012-09/msg00003.html
Description:
Qemu, as used in Xen 4.0, 4.1 and possibly other products, when emulating
certain devices with a virtual console backend, allows local OS guest users
to gain privileges via a crafted escape VT100 sequence that triggers the
overwrite of a "device model's address space."
Ubuntu-Description:
Notes:
kees> for full-virtualization issues, add qemu (and kvm)
mdeslaur> This is XSA-17
mdeslaur> Also affects qemu-kvm
jdstrand> xen-qemu-dm-4.0 needs libxen-dev >= 4.0, but it isn't available in
11.04, as a result, there are no binaries available in 11.04.
Bugs:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686764
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-3515
Priority: medium
Discovered-by:
Assigned-to:
Patches_qemu-kvm:
upstream: http://git.kernel.org/?p=virt/kvm/qemu-kvm.git;a=commit;h=3eea5498ca501922520b3447ba94815bfc109743
upstream_qemu-kvm: needs-triage
hardy_qemu-kvm: DNE
lucid_qemu-kvm: released (0.12.3+noroms-0ubuntu9.20)
natty_qemu-kvm: released (0.14.0+noroms-0ubuntu4.7)
oneiric_qemu-kvm: released (0.14.1+noroms-0ubuntu6.5)
precise_qemu-kvm: released (1.0+noroms-0ubuntu14.2)
quantal_qemu-kvm: not-affected (1.2.0+noroms-0ubuntu2)
raring_qemu-kvm: DNE
saucy_qemu-kvm: DNE
devel_qemu-kvm: DNE
Patches_xen-3.1:
Tags_xen-3.1: universe-binary
upstream_xen-3.1: needs-triage
hardy_xen-3.1: ignored (reached end-of-life)
lucid_xen-3.1: DNE
natty_xen-3.1: DNE
oneiric_xen-3.1: DNE
precise_xen-3.1: DNE
quantal_xen-3.1: DNE
raring_xen-3.1: DNE
saucy_xen-3.1: DNE
devel_xen-3.1: DNE
Patches_xen-3.2:
Tags_xen-3.2: universe-binary
upstream_xen-3.2: needs-triage
hardy_xen-3.2: ignored (reached end-of-life)
lucid_xen-3.2: DNE
natty_xen-3.2: DNE
oneiric_xen-3.2: DNE
precise_xen-3.2: DNE
quantal_xen-3.2: DNE
raring_xen-3.2: DNE
saucy_xen-3.2: DNE
devel_xen-3.2: DNE
Patches_xen-3.3:
Tags_xen-3.3: universe-binary
upstream_xen-3.3: needs-triage
hardy_xen-3.3: DNE
lucid_xen-3.3: ignored (reached end-of-life)
natty_xen-3.3: ignored (reached end-of-life)
oneiric_xen-3.3: DNE
precise_xen-3.3: DNE
quantal_xen-3.3: DNE
raring_xen-3.3: DNE
saucy_xen-3.3: DNE
devel_xen-3.3: DNE
Patches_xen:
Tags_xen: universe-binary
upstream_xen: released (4.1.3-2)
hardy_xen: DNE
lucid_xen: DNE
natty_xen: DNE
oneiric_xen: released (4.1.1-2ubuntu4.4)
precise_xen: released (4.1.2-2ubuntu2.4)
quantal_xen: not-affected (4.1.3-3ubuntu1)
raring_xen: not-affected
saucy_xen: not-affected
devel_xen: not-affected
Patches_xen-qemu-dm-4.0:
vendor: http://www.debian.org/security/2012/dsa-2543
upstream_xen-qemu-dm-4.0: needs-triage
hardy_xen-qemu-dm-4.0: DNE
lucid_xen-qemu-dm-4.0: DNE
natty_xen-qemu-dm-4.0: ignored
oneiric_xen-qemu-dm-4.0: DNE
precise_xen-qemu-dm-4.0: DNE
quantal_xen-qemu-dm-4.0: DNE
raring_xen-qemu-dm-4.0: DNE
saucy_xen-qemu-dm-4.0: DNE
devel_xen-qemu-dm-4.0: DNE
|