Bug 1729958
Summary: | qemu: long interface names in qemu-bridge-helper leading to ACL bypass | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Marian Rehak <mrehak> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED DUPLICATE | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | ailan, amit, areis, berrange, carnil, cfergeau, dbecker, drjones, dwmw2, imammedo, itamar, jen, jferlan, jjoyce, jschluet, kbasil, knoel, lhh, lkundrak, lpeer, mburns, mkenneth, mrezanin, mst, pbonzini, rbalakri, ribarry, rjones, rkrcmar, rschiron, sclewis, security-response-team, slinaber, virt-maint, virt-maint, vkuznets, xen-maint |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2019-07-17 15:27:18 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1729960, 1729959 | ||
Bug Blocks: | 1729962 |
Description
Marian Rehak
2019-07-15 12:27:06 UTC
Created qemu tracking bugs for this issue: Affects: epel-7 [bug 1729960] Affects: fedora-all [bug 1729959] Hi I think the CVE id ist a typo and it should be CVE-2019-13164? The later is already mentioned in https://www.openwall.com/lists/oss-security/2019/07/02/2 and refers to https://lists.gnu.org/archive/html/qemu-devel/2019-07/msg00245.html. Regards, Salvatore (In reply to Salvatore Bonaccorso from comment #2) > Hi > > I think the CVE id ist a typo and it should be CVE-2019-13164? The later is > already mentioned in > https://www.openwall.com/lists/oss-security/2019/07/02/2 and refers to > https://lists.gnu.org/archive/html/qemu-devel/2019-07/msg00245.html. Respective Red Hat Bugzilla entry is at: https://bugzilla.redhat.com/show_bug.cgi?id=1722559 Regards, Salvatore Hi Salvatore, Setting correct needinfo, so that one of analyst working on this can review and reply. Regards YOG. Hi, I've just removed the CVE-2019-13164 alias from this bug as it was incorrectly assigned. There was a typo on a debian communication, which led to the creation of this wrong bug. The right CVE is CVE-2019-13164. Hope this helps. *** This bug has been marked as a duplicate of bug 1722559 *** |