On Fri, Sep 21, 2012 at 09:40:27AM +0100, Ian Campbell wrote: > On Wed, 2012-09-19 at 15:51 +0000, Debian Bug Tracking System wrote: > > > On Wed, Sep 19, 2012 at 05:33:41PM +0200, Moritz Muehlenhoff wrote: > > > > This issue is still unfixed in Wheezy: > > > > https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-2625 > > > > http://xenbits.xensource.com/hg/xen-unstable.hg/rev/60f09d1ab1fe > > > Two different problems. No known patch for the first one. > 60f09d1ab1fe is the fix for precisely the issue described in > CVE-2012-2625.
The referenced bug marked with CVE-2012-2625 speaks about the pv loader for bzip2 and lzma kernels. This loader is implemented in libxenctrl and the hypervisor for dom0. I see no mitigation in this code against large decompressed files. Plus there is an integer overflow. 60f09d1ab1fe fixes reading too large files from guest filesystems using pygrub. Bastian -- But Captain -- the engines can't take this much longer! -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
