Bug#490409: marked as done (CVE-2008-2004: privilege escalation)

Debian Bug Tracking System Wed, 01 Jul 2009 10:54:13 -0700

Your message dated Wed, 01 Jul 2009 17:41:17 +0000
with message-id <[email protected]>
and subject line Bug#490409: fixed in xen-3 3.4.0-1
has caused the Debian Bug report #490409,
regarding CVE-2008-2004: privilege escalation
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
490409: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=490409
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Package: xen-3
Severity: grave
Tags: security
Justification: user security hole

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for xen-3.

CVE-2008-2004[0]:
| The drive_init function in QEMU 0.9.1 determines the format of a raw
| disk image based on the header, which allows local guest users to read
| arbitrary files on the host by modifying the header to identify a
| different format, which is used when the guest is restarted.

The patch for qemu can be found here[1].

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2004
    http://security-tracker.debian.net/tracker/CVE-2008-2004

[1] 
http://svn.savannah.gnu.org/viewvc/trunk/vl.c?root=qemu&r1=4277&r2=4276&pathrev=4277

--- End Message ---

--- Begin Message ---

Source: xen-3
Source-Version: 3.4.0-1

We believe that the bug you reported is fixed in the latest version of
xen-3, which is due to be installed in the Debian FTP archive:

libxen-dev_3.4.0-1_amd64.deb
  to pool/main/x/xen-3/libxen-dev_3.4.0-1_amd64.deb
libxenstore3.0_3.4.0-1_amd64.deb
  to pool/main/x/xen-3/libxenstore3.0_3.4.0-1_amd64.deb
xen-3_3.4.0-1.diff.gz
  to pool/main/x/xen-3/xen-3_3.4.0-1.diff.gz
xen-3_3.4.0-1.dsc
  to pool/main/x/xen-3/xen-3_3.4.0-1.dsc
xen-3_3.4.0.orig.tar.gz
  to pool/main/x/xen-3/xen-3_3.4.0.orig.tar.gz
xen-docs-3.4_3.4.0-1_all.deb
  to pool/main/x/xen-3/xen-docs-3.4_3.4.0-1_all.deb
xen-hypervisor-3.4-amd64_3.4.0-1_amd64.deb
  to pool/main/x/xen-3/xen-hypervisor-3.4-amd64_3.4.0-1_amd64.deb
xen-utils-3.4_3.4.0-1_amd64.deb
  to pool/main/x/xen-3/xen-utils-3.4_3.4.0-1_amd64.deb
xenstore-utils_3.4.0-1_amd64.deb
  to pool/main/x/xen-3/xenstore-utils_3.4.0-1_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Bastian Blank <[email protected]> (supplier of updated xen-3 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 30 Jun 2009 22:33:22 +0200
Source: xen-3
Binary: xen-docs-3.4 libxenstore3.0 libxen-dev xenstore-utils xen-utils-3.4 
xen-hypervisor-3.4-amd64 xen-hypervisor-3.4-i386
Architecture: source all amd64
Version: 3.4.0-1
Distribution: unstable
Urgency: low
Maintainer: Debian Xen Team <[email protected]>
Changed-By: Bastian Blank <[email protected]>
Description: 
 libxen-dev - Public headers and libs for Xen
 libxenstore3.0 - Xenstore communications library for Xen
 xen-docs-3.4 - Documentation for Xen
 xen-hypervisor-3.4-amd64 - The Xen Hypervisor on AMD64
 xen-hypervisor-3.4-i386 - The Xen Hypervisor on i386
 xen-utils-3.4 - XEN administrative tools
 xenstore-utils - Xenstore utilities for Xen
Closes: 490409 496367
Changes: 
 xen-3 (3.4.0-1) unstable; urgency=low
 .
   [ Bastian Blank ]
   * New upstream version.
   * Remove ioemu for now. (closes: #490409, #496367)
   * Remove non-pae hypervisor.
   * Use debhelper compat level 7.
   * Make the init script start all daemons.
Checksums-Sha1: 
 3dff5ca6400e0d1089f7603921005e4ccdd22bfc 1552 xen-3_3.4.0-1.dsc
 b046be446866205f8c0700edd98cf0b90f7c5d18 8402789 xen-3_3.4.0.orig.tar.gz
 1b8026af405e51cd04ce897ddb98f7d760af60cb 30169 xen-3_3.4.0-1.diff.gz
 d5e21dc1d1b858cdf585c0022313657e7dc13607 1289060 xen-docs-3.4_3.4.0-1_all.deb
 65cfb53a5d82d588ac3ea759cae1a3f8a17872a9 562648 
xen-hypervisor-3.4-amd64_3.4.0-1_amd64.deb
 2f48025ec24827be86f07d68bb0ebc2a44e1adf9 226046 libxen-dev_3.4.0-1_amd64.deb
 4ab2983bcc67900df89fe4b67cbf726f44896f0a 20028 libxenstore3.0_3.4.0-1_amd64.deb
 55c00e7852a57ea627e7e11ae2b884b4d4bf513c 996470 xen-utils-3.4_3.4.0-1_amd64.deb
 a2e646fe3a741d5be280e00fdafbcc075b8d0e0c 17902 xenstore-utils_3.4.0-1_amd64.deb
Checksums-Sha256: 
 0ed4306440dc27157fa2a21e7cd3b98d1a4503151ec2c1641a8e39c1104c65e5 1552 
xen-3_3.4.0-1.dsc
 9f0a04d8ca35de2af469ae7c4f63043c237d733a263a13290c360d454c6fe37a 8402789 
xen-3_3.4.0.orig.tar.gz
 777be9450582074415806903a0c2ded323b1d49e5ba4ba768e92b1bd82be2c61 30169 
xen-3_3.4.0-1.diff.gz
 8d3f1078aecf23dfafade1f51ff7b866f684dd5896ef80758afd0ce56aaa9b80 1289060 
xen-docs-3.4_3.4.0-1_all.deb
 c750cf0b51419c08fd0744dda82b4e49fa29ff99a0f280a064d04315b66d26e9 562648 
xen-hypervisor-3.4-amd64_3.4.0-1_amd64.deb
 f2ebb41795553b49f123525f13a987ad6b787e91583e18e4bc5b0da57fd11085 226046 
libxen-dev_3.4.0-1_amd64.deb
 6fe2dfbaa84400c238d39b5a62be0fc46414ad88c3d5ede187b573cf9ac347ea 20028 
libxenstore3.0_3.4.0-1_amd64.deb
 1c72bcf8bc07599aa09a924a8cf5985e7417342faf9ce7633dc6fc0ca439ab34 996470 
xen-utils-3.4_3.4.0-1_amd64.deb
 dbce32be16577221460487d9d1b339cb30b0639536f6150e6a9bc6dea9e3432a 17902 
xenstore-utils_3.4.0-1_amd64.deb
Files: 
 69cda48499c4e239f9decf1f1fb47737 1552 misc extra xen-3_3.4.0-1.dsc
 e3951ca3ab531036944871f37a05ce11 8402789 misc extra xen-3_3.4.0.orig.tar.gz
 036ffc1452ea0dc29fb00f8c88f15004 30169 misc extra xen-3_3.4.0-1.diff.gz
 fa8ac6d49279e4715a9be8c8b96ae20d 1289060 doc extra xen-docs-3.4_3.4.0-1_all.deb
 c3b7dca46afd7d764bfeff96040a403c 562648 misc extra 
xen-hypervisor-3.4-amd64_3.4.0-1_amd64.deb
 5d1921d4052d47e3747006b537f00c80 226046 libdevel extra 
libxen-dev_3.4.0-1_amd64.deb
 91bb611521f5a9968a16093897bfe4f0 20028 libs extra 
libxenstore3.0_3.4.0-1_amd64.deb
 d1f17533793c140cc1a49e1ab960daa1 996470 misc extra 
xen-utils-3.4_3.4.0-1_amd64.deb
 0d0eb2385df1a6f1a17923181ced6ee3 17902 admin extra 
xenstore-utils_3.4.0-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkpKeSQACgkQLkAIIn9ODhFcTQCfYuKBeRk+Ts9WZzxJT/TAqLgf
hykAoKgXxbzf/cmtYdftYRSB+/TUnita
=PCBS
-----END PGP SIGNATURE-----

--- End Message ---

Bug#490409: marked as done (CVE-2008-2004: privilege escalation)

Reply via email to