Re: [Qemu-stable] CVE-2018-7550 (was: multiboot: bss_end

qemu-stable

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-stable] CVE-2018-7550 (was: multiboot: bss_end_addr can be zer

From:	Kevin Wolf
Subject:	Re: [Qemu-stable] CVE-2018-7550 (was: multiboot: bss_end_addr can be zero / cleanup)
Date:	Wed, 14 Mar 2018 19:01:40 +0100
User-agent:	Mutt/1.9.1 (2017-09-22)

Am 14.03.2018 um 18:35 hat Konrad Rzeszutek Wilk geschrieben:
> On March 14, 2018 1:23:51 PM EDT, Kevin Wolf <address@hidden> wrote:
> >Am 21.12.2017 um 18:25 hat Jack Schwartz geschrieben:
> >> Properly account for the possibility of multiboot kernels with a zero
> >> bss_end_addr.  The Multiboot Specification, section 3.1.3 allows for
> >> kernels without a bss section, by allowing a zeroed bss_end_addr
> >multiboot
> >> header field.
> >> 
> >> Do some cleanup to multiboot.c as well:
> >> - Remove some unused variables.
> >> - Use more intuitive header names when displaying fields in messages.
> >> - Change fprintf(stderr...) to error_report
> >
> >[ Cc: qemu-stable ]
> >
> >This series happens to fix CVE-2018-7550.
> >http://www.openwall.com/lists/oss-security/2018/03/08/4
> >
> >Just a shame that we weren't told before merging it so that the
> >appropriate tags could have been set in the commit message (and all of
> >the problems could have been addressed; I'm going to send another
> >Multiboot series now).
> 
> Huh?
> 
> You mean the CVE tags that were created in 2018 for a patch posted in
> 2017?

Well, it seems to me that this patch was created for a different
purpose, but it happens to fix the bug for which this CVE was assigned
now. It's not your or Jack's fault, that's just how things go sometimes.

I think PJP knew that this CVE was coming before the patches were merged
into master, so if he had told us, we could have had a better commit
message. But either way, it's not a disaster to have a suboptimal commit
message.

> Or that the reporter of the security issue didn't point to this particular 
> patch?
> 
> Irrespective of that,  is there a write-up  of how security process
> works at QEMU?
> 
> That is what is the usual embargo period, the list of security folks,
> how one can become one, what are the responsibilities, how changes to
> process are being carried out (and discussed), what breath of testing
> and PoC work is done , how security fixes are being reviewed, etc?

I don't think a problem like this would be embargoed at all. Anyway,
have a look here:

https://wiki.qemu.org/SecurityProcess

Kevin

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-stable] CVE-2018-7550 (was: multiboot: bss_end_addr can be zero / cleanup), Kevin Wolf, 2018/03/14
- Re: [Qemu-stable] CVE-2018-7550 (was: multiboot: bss_end_addr can be zero / cleanup), Konrad Rzeszutek Wilk, 2018/03/14
  - Re: [Qemu-stable] CVE-2018-7550 (was: multiboot: bss_end_addr can be zero / cleanup), Kevin Wolf <=
    - Re: [Qemu-stable] CVE-2018-7550 (was: multiboot: bss_end_addr can be zero / cleanup), P J P, 2018/03/15

Prev by Date: Re: [Qemu-stable] [Qemu-devel] [PATCH 5/5] tests/multiboot: Add .gitignore
Next by Date: Re: [Qemu-stable] CVE-2018-7550 (was: multiboot: bss_end_addr can be zero / cleanup)
Previous by thread: Re: [Qemu-stable] CVE-2018-7550 (was: multiboot: bss_end_addr can be zero / cleanup)
Next by thread: Re: [Qemu-stable] CVE-2018-7550 (was: multiboot: bss_end_addr can be zero / cleanup)
Index(es):
- Date
- Thread