Ubuntu
qemu package

  1. Xenial (16.04)
  2. Bug #1789551
  3. Activity log

Activity log for bug #1789551

Date Who What changed Old value New value Message
2018-08-29 06:06:09 Christian Ehrhardt  bug added bug
2018-08-29 06:36:57 Christian Ehrhardt  bug watch added https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=907500
2018-08-29 06:36:57 Christian Ehrhardt  bug task added qemu (Debian)
2018-08-29 06:44:40 Christian Ehrhardt  nominated for series Ubuntu Xenial
2018-08-29 06:44:40 Christian Ehrhardt  bug task added qemu (Ubuntu Xenial)
2018-08-29 06:44:40 Christian Ehrhardt  nominated for series Ubuntu Trusty
2018-08-29 06:44:40 Christian Ehrhardt  bug task added qemu (Ubuntu Trusty)
2018-08-29 06:44:40 Christian Ehrhardt  nominated for series Ubuntu Cosmic
2018-08-29 06:44:40 Christian Ehrhardt  bug task added qemu (Ubuntu Cosmic)
2018-08-29 06:44:40 Christian Ehrhardt  nominated for series Ubuntu Bionic
2018-08-29 06:44:40 Christian Ehrhardt  bug task added qemu (Ubuntu Bionic)
2018-08-29 06:44:57 Christian Ehrhardt  qemu (Ubuntu Trusty): assignee Ubuntu Security Team (ubuntu-security)
2018-08-29 06:45:02 Christian Ehrhardt  qemu (Ubuntu Xenial): assignee Ubuntu Security Team (ubuntu-security)
2018-08-29 06:45:06 Christian Ehrhardt  qemu (Ubuntu Bionic): assignee  Christian Ehrhardt  (paelzer)
2018-08-29 06:45:07 Christian Ehrhardt  qemu (Ubuntu Cosmic): assignee  Christian Ehrhardt  (paelzer)
2018-08-29 06:45:11 Christian Ehrhardt  qemu (Ubuntu Bionic): status New Triaged
2018-08-29 06:45:13 Christian Ehrhardt  qemu (Ubuntu Cosmic): status New In Progress
2018-08-29 06:45:17 Christian Ehrhardt  qemu (Ubuntu Cosmic): importance Undecided High
2018-08-29 06:45:20 Christian Ehrhardt  qemu (Ubuntu Bionic): importance Undecided High
2018-08-29 06:46:45 Christian Ehrhardt  bug added subscriber James Page
2018-08-29 08:13:31 Bug Watch Updater qemu (Debian): status Unknown Confirmed
2018-08-29 18:52:37 Seth Arnold information type Private Security Public Security
2018-08-30 07:09:57 Christian Ehrhardt  qemu (Ubuntu Trusty): status New Won't Fix
2018-08-30 07:10:00 Christian Ehrhardt  qemu (Ubuntu Xenial): status New Won't Fix
2018-08-30 07:10:11 Christian Ehrhardt  qemu (Ubuntu Bionic): assignee  Christian Ehrhardt  (paelzer) Ubuntu Security Team (ubuntu-security)
2018-09-04 18:53:45 Launchpad Janitor qemu (Ubuntu Cosmic): status In Progress Fix Released
2018-09-04 18:53:45 Launchpad Janitor cve linked 2018-15746
2018-09-06 18:23:41 Bryan Quigley bug added subscriber Bryan Quigley
2018-09-07 07:07:21 Dominique Poulain bug added subscriber Dominique Poulain
2018-09-13 10:06:24 Christian Ehrhardt  description The Qemu changes are public, so nothing to hide here IMHO, but leaving that to the security team. Copy from the related Debian bug that I commented on: " The following vulnerability was published for qemu. CVE-2018-15746[0]: seccomp: blacklist is not applied to all threads If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-15746 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15746 [1] https://lists.gnu.org/archive/html/qemu-devel/2018-08/msg04892.html [2] https://lists.gnu.org/archive/html/qemu-devel/2018-08/msg02289.html " In addition I think that: - it is available (built in since all still supported releases) - it is default enabled with qemu 2.11 (Bionic) - with libvirt >4.3 (Cosmic) more of the filters are set That in my bad security severity guessing capability makes it - Medium prio <Bionic - High prio >=Bionic OTOH, when checking the upstream reproducer with a qemu 2.11 I see nothing being used - so maybe all of it is a red herring (checked on Bionic): $ for pid in $(pidof qemu-system-x86_64); do echo PID $pid; for task in /proc/$pid/task/*; do cat $task/status | grep Secc; done; done PID 10817 Seccomp: 0 Seccomp: 0 Seccomp: 0 Seccomp: 0 PID 10657 Seccomp: 0 Seccomp: 0 Seccomp: 0 Seccomp: 0 Seccomp: 0 Seccomp: 0 PID 438 Seccomp: 0 Seccomp: 0 Seccomp: 0 Seccomp: 0 Seccomp: 0 Seccomp: 0 Seccomp: 0 Seccomp: 0 Seccomp: 0 Seccomp: 0 Seccomp: 0 [Impact] * Backport upstream CVE fix (applies as-is) * This will ensure that the seccomp rules apply to all threads. Without that the security benefit that seccomp provides can be avoided by an attacker. [Test Case] * Run qemu on Bionic, and enable the seccomp feature (not yet default on in Bionic, but in Cosmic). In qemu this is called "sandbox" $ qemu-system-x86_64 -sandbox on -nographic & pid=$!; sleep 2s; echo PID $pid; for task in /proc/$pid/task/*; do cat $task/status | grep Secc; done; kill -9 $pid That will report something like PID 23230 Seccomp: 2 Seccomp: 0 And the two lines should match. [Regression Potential] * discussion of how regressions are most likely to manifest as a result of this change. * It is assumed that any SRU candidate patch is well-tested before upload and has a low overall risk of regression, but it's important to make the effort to think about what ''could'' happen in the event of a regression. * This both shows the SRU team that the risks have been considered, and provides guidance to testers in regression-testing the SRU. [Other Info] * This was discussed for other releases e.g. Xenial, but back then the approach to seccomp was different and regression risk would be too high. ---- The Qemu changes are public, so nothing to hide here IMHO, but leaving that to the security team. Copy from the related Debian bug that I commented on: " The following vulnerability was published for qemu. CVE-2018-15746[0]: seccomp: blacklist is not applied to all threads If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-15746     https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15746 [1] https://lists.gnu.org/archive/html/qemu-devel/2018-08/msg04892.html [2] https://lists.gnu.org/archive/html/qemu-devel/2018-08/msg02289.html " In addition I think that: - it is available (built in since all still supported releases) - it is default enabled with qemu 2.11 (Bionic) - with libvirt >4.3 (Cosmic) more of the filters are set That in my bad security severity guessing capability makes it - Medium prio <Bionic - High prio >=Bionic OTOH, when checking the upstream reproducer with a qemu 2.11 I see nothing being used - so maybe all of it is a red herring (checked on Bionic): $ for pid in $(pidof qemu-system-x86_64); do echo PID $pid; for task in /proc/$pid/task/*; do cat $task/status | grep Secc; done; done PID 10817 Seccomp: 0 Seccomp: 0 Seccomp: 0 Seccomp: 0 PID 10657 Seccomp: 0 Seccomp: 0 Seccomp: 0 Seccomp: 0 Seccomp: 0 Seccomp: 0 PID 438 Seccomp: 0 Seccomp: 0 Seccomp: 0 Seccomp: 0 Seccomp: 0 Seccomp: 0 Seccomp: 0 Seccomp: 0 Seccomp: 0 Seccomp: 0 Seccomp: 0
2018-09-27 12:35:42 Łukasz Zemczak qemu (Ubuntu Bionic): status Triaged Fix Committed
2018-09-27 12:35:43 Łukasz Zemczak bug added subscriber Ubuntu Stable Release Updates Team
2018-09-27 12:35:46 Łukasz Zemczak bug added subscriber SRU Verification
2018-09-27 12:35:48 Łukasz Zemczak tags verification-needed verification-needed-bionic
2018-09-27 14:52:18 Christian Ehrhardt  tags verification-needed verification-needed-bionic verification-done verification-done-bionic
2018-10-08 13:17:50 Launchpad Janitor qemu (Ubuntu Bionic): status Fix Committed Fix Released
2018-10-08 13:18:06 Łukasz Zemczak removed subscriber Ubuntu Stable Release Updates Team
2018-10-10 12:49:59 Launchpad Janitor merge proposal linked https://code.launchpad.net/~paelzer/ubuntu/+source/qemu/+git/qemu/+merge/356406
2019-04-19 04:09:35 Bug Watch Updater qemu (Debian): status Confirmed Fix Released