subject:"\[PATCH 2\/2\] qemu\-img\: CVE\-XXX Sanitize untrusted output from NBD server"

Re: [PATCH 2/2] qemu-img: CVE-XXX Sanitize untrusted output from NBD server

2024-08-07 Thread Daniel P . Berrangé

On Fri, Aug 02, 2024 at 10:03:05PM +0100, Richard W.M. Jones wrote: > On Fri, Aug 02, 2024 at 02:26:06PM -0500, Eric Blake wrote: > > Error messages from an NBD server must be treated as untrusted; a > > malicious server can inject escape sequences to try and trigger RCE > > flaws via escape sequen

Re: [PATCH 2/2] qemu-img: CVE-XXX Sanitize untrusted output from NBD server

2024-08-07 Thread Stefan Hajnoczi

On Fri, Aug 02, 2024 at 11:41:35PM +0200, Philippe Mathieu-Daudé wrote: > On 2/8/24 21:26, Eric Blake wrote: > > Error messages from an NBD server must be treated as untrusted; a > > malicious server can inject escape sequences to try and trigger RCE > > flaws via escape sequences to whatever termi

Re: [PATCH 2/2] qemu-img: CVE-XXX Sanitize untrusted output from NBD server

2024-08-03 Thread Richard W.M. Jones

On Fri, Aug 02, 2024 at 11:01:36PM +0100, Richard W.M. Jones wrote: > On Fri, Aug 02, 2024 at 02:26:06PM -0500, Eric Blake wrote: > > Error messages from an NBD server must be treated as untrusted; a > > malicious server can inject escape sequences to try and trigger RCE > > flaws via escape sequen

Re: [PATCH 2/2] qemu-img: CVE-XXX Sanitize untrusted output from NBD server

2024-08-02 Thread Richard W.M. Jones

On Fri, Aug 02, 2024 at 02:26:06PM -0500, Eric Blake wrote: > Error messages from an NBD server must be treated as untrusted; a > malicious server can inject escape sequences to try and trigger RCE > flaws via escape sequences to whatever terminal happens to be running > qemu-img. This presentatio

Re: [PATCH 2/2] qemu-img: CVE-XXX Sanitize untrusted output from NBD server

2024-08-02 Thread Philippe Mathieu-Daudé

On 2/8/24 21:26, Eric Blake wrote: Error messages from an NBD server must be treated as untrusted; a malicious server can inject escape sequences to try and trigger RCE flaws via escape sequences to whatever terminal happens to be running qemu-img. The easiest solution is to sanitize the output

Re: [PATCH 2/2] qemu-img: CVE-XXX Sanitize untrusted output from NBD server

2024-08-02 Thread Richard W.M. Jones

On Fri, Aug 02, 2024 at 02:26:06PM -0500, Eric Blake wrote: > Error messages from an NBD server must be treated as untrusted; a > malicious server can inject escape sequences to try and trigger RCE > flaws via escape sequences to whatever terminal happens to be running > qemu-img. The easiest solu

[PATCH 2/2] qemu-img: CVE-XXX Sanitize untrusted output from NBD server

2024-08-02 Thread Eric Blake

Error messages from an NBD server must be treated as untrusted; a malicious server can inject escape sequences to try and trigger RCE flaws via escape sequences to whatever terminal happens to be running qemu-img. The easiest solution is to sanitize the output with the same code we use to produce

Re: [PATCH 2/2] qemu-img: CVE-XXX Sanitize untrusted output from NBD server

Re: [PATCH 2/2] qemu-img: CVE-XXX Sanitize untrusted output from NBD server

Re: [PATCH 2/2] qemu-img: CVE-XXX Sanitize untrusted output from NBD server

Re: [PATCH 2/2] qemu-img: CVE-XXX Sanitize untrusted output from NBD server

Re: [PATCH 2/2] qemu-img: CVE-XXX Sanitize untrusted output from NBD server

Re: [PATCH 2/2] qemu-img: CVE-XXX Sanitize untrusted output from NBD server

[PATCH 2/2] qemu-img: CVE-XXX Sanitize untrusted output from NBD server

7 matches

Site Navigation

Mail list logo

Footer information