Launchpad has imported 5 comments from the remote bug at
https://bugzilla.redhat.com/show_bug.cgi?id=668589.
If you reply to an imported comment from within Launchpad, your comment
will be sent to the remote bug automatically. Read more about
Launchpad's inter-bugtracker facilities at
https://help
Launchpad has imported 3 comments from the remote bug at
https://bugzilla.redhat.com/show_bug.cgi?id=667097.
If you reply to an imported comment from within Launchpad, your comment
will be sent to the remote bug automatically. Read more about
Launchpad's inter-bugtracker facilities at
https://help
** Changed in: qemu
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/697197
Title:
Empty password allows access to VNC in libvirt
Status in libvirt:
Unknown
Ubuntu 12.04 is also affected
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/697197
Title:
Empty password allows access to VNC in libvirt
Status in libvirt virtualization API:
Unknown
Status in Q
** Branch linked: lp:ubuntu/precise/qemu-kvm
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/697197
Title:
Empty password allows access to VNC in libvirt
Status in libvirt virtualization API:
Unkn
** Changed in: qemu-kvm (Debian)
Status: New => Fix Released
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/697197
Title:
Empty password allows access to VNC in libvirt
Status in libvirt vir
** Changed in: qemu-kvm (Debian)
Status: Unknown => New
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/697197
Title:
Empty password allows access to VNC in libvirt
Status in libvirt virtuali
** Bug watch added: Debian Bug tracker #611134
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=611134
** Also affects: qemu-kvm (Debian) via
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=611134
Importance: Unknown
Status: Unknown
--
You received this bug notification because
** Branch linked: lp:ubuntu/lucid-proposed/qemu-kvm
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/697197
Title:
Empty password allows access to VNC in libvirt
Status in libvirt virtualization API:
** Branch linked: lp:ubuntu/maverick-updates/qemu-kvm
** Branch linked: lp:ubuntu/lucid-updates/qemu-kvm
** Branch linked: lp:ubuntu/karmic-security/qemu-kvm
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net
Nothing left to do, unsubscribing ubuntu-security-sponsors.
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/697197
Title:
Empty password allows access to VNC in libvirt
Status in libvirt virtualizat
This bug was fixed in the package qemu-kvm - 0.12.3+noroms-0ubuntu9.4
---
qemu-kvm (0.12.3+noroms-0ubuntu9.4) lucid-security; urgency=low
* SECURITY UPDATE: Setting VNC password to empty string silently
disables all authentication (LP: #697197)
- debian/patches/697197-fix-vn
This bug was fixed in the package qemu-kvm - 0.11.0-0ubuntu6.4
---
qemu-kvm (0.11.0-0ubuntu6.4) karmic-security; urgency=low
* SECURITY UPDATE: Setting VNC password to empty string silently
disables all authentication (LP: #697197)
- debian/patches/697197-fix-vnc-password-se
This bug was fixed in the package qemu-kvm - 0.12.5+noroms-0ubuntu7.2
---
qemu-kvm (0.12.5+noroms-0ubuntu7.2) maverick-security; urgency=low
[ Dustin Kirkland ]
* SECURITY UPDATE: Setting VNC password to empty string silently
disables all authentication (LP: #697197).
- de
** Changed in: qemu-kvm (Ubuntu Maverick)
Assignee: Ubuntu Security Team (ubuntu-security) => Kees Cook (kees)
** Changed in: qemu-kvm (Ubuntu Lucid)
Assignee: Ubuntu Security Team (ubuntu-security) => Kees Cook (kees)
** Changed in: qemu-kvm (Ubuntu Karmic)
Importance: Undecided =>
Attaching debdiff for karmic.
** Patch added: "697197.karmic.debdiff"
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/697197/+attachment/1844267/+files/697197.karmic.debdiff
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
** Changed in: libvirt (Ubuntu Natty)
Importance: High => Undecided
** Changed in: libvirt (Ubuntu Natty)
Assignee: Serge Hallyn (serge-hallyn) => (unassigned)
** Changed in: qemu-kvm (Ubuntu Maverick)
Milestone: maverick-updates => None
** Changed in: libvirt (Ubuntu Lucid)
S
Thanks for preparing the debdiffs! It looks like karmic is vulnerable
too, so we'll need that as well. I'll update the debdiffs to use proper
DEP-3 and fix up the formatting of the changelogs a bit ("CVE-" vs "CVE:
"), and get these building.
** Also affects: libvirt (Ubuntu Karmic)
Importance:
** Branch linked: lp:ubuntu/qemu-kvm
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/697197
Title:
Empty password allows access to VNC in libvirt
Status in libvirt virtualization API:
Unknown
Stat
** Branch linked: lp:~kirkland/ubuntu/natty/qemu-kvm/fix-build
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/697197
Title:
Empty password allows access to VNC in libvirt
Status in libvirt virtuali
** Changed in: libvirt (Ubuntu Maverick)
Status: New => Invalid
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/697197
Title:
Empty password allows access to VNC in libvirt
Status in libvirt
@security team,
Could you please sponsor this to the maverick-security queue? Thanks!
** Patch added: "697197.debdiff"
https://bugs.launchpad.net/ubuntu/maverick/+source/qemu-kvm/+bug/697197/+attachment/1843528/+files/697197.debdiff
** Changed in: qemu-kvm (Ubuntu Maverick)
Assignee: D
The patch needs to go into Lucid as well.
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/697197
Title:
Empty password allows access to VNC in libvirt
Status in libvirt virtualization API:
Unknown
** Changed in: qemu-kvm (Ubuntu)
Importance: Undecided => Medium
** Changed in: qemu-kvm (Ubuntu)
Status: Confirmed => In Progress
** Changed in: qemu-kvm (Ubuntu)
Assignee: (unassigned) => Dustin Kirkland (kirkland)
--
You received this bug notification because you are a member
Confirmed that the affected code is also in Lucid. Adding a task for
that, and attaching a debdiff for lucid-security too.
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/697197
Title:
Empty passwor
Looks good, thanks for doing this, Neil.
I'm going to update it just slightly, as this debdiff will need to go
through the security queue, since there's an associated CVE. I'll prep
that upload and the security team will sponsor it into maverick-
security.
I'll get it uploaded to natty now.
The
Marking the libvirt tasks "invalid", as upstream libvirt has correctly pointed
out that this bug is in qemu, and not libvirt:
* https://bugzilla.redhat.com/show_bug.cgi?id=667097
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https
Attaching Lucid debdiff.
** Patch added: "697197.lucid.debdiff"
https://bugs.launchpad.net/ubuntu/lucid/+source/qemu-kvm/+bug/697197/+attachment/1843553/+files/697197.lucid.debdiff
** Changed in: qemu-kvm (Ubuntu Lucid)
Assignee: Dustin Kirkland (kirkland) => Ubuntu Security Team
(ubunt
Uploading to Natty now...
** Also affects: libvirt (Ubuntu Lucid)
Importance: Undecided
Status: New
** Also affects: qemu-kvm (Ubuntu Lucid)
Importance: Undecided
Status: New
** Changed in: qemu-kvm (Ubuntu Lucid)
Importance: Undecided => Medium
** Changed in: qemu-kvm (U
This bug was fixed in the package qemu-kvm - 0.13.0+noroms-0ubuntu13
---
qemu-kvm (0.13.0+noroms-0ubuntu13) natty; urgency=low
[ Neil Wilson ]
* SECURITY UPDATE: Setting VNC password to empty string silently
disables all authentication (LP: #697197)
- debian/patches/69719
** Also affects: libvirt (Ubuntu Maverick)
Importance: Undecided
Status: New
** Also affects: qemu-kvm (Ubuntu Maverick)
Importance: Undecided
Status: New
** Also affects: libvirt (Ubuntu Natty)
Importance: High
Assignee: Serge Hallyn (serge-hallyn)
Status: Inva
** Changed in: qemu
Status: New => Confirmed
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/697197
Title:
Empty password allows access to VNC in libvirt
Status in libvirt virtualization API:
This fault probably affects all the current versions of qemu-kvm. It's
present in 0.11 and the current qemu master branch.
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/697197
Title:
Empty password
Installed patched build onto Maverick server. vnc_listen set to 0.0.0.0
in /etc/libvirt/qemu.conf
Set vnc_password=""' with vnc_tls=1 in /etc/libvirt/qemu.conf and
confirmed that the lanched server now rejects authentication for any
password, whereas it turned off authentication and encryption com
Please sponsor for upload
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/697197
Title:
Empty password allows access to VNC in libvirt
Status in libvirt virtualization API:
Unknown
Status in QEMU:
** Patch added: "qemu-kvm_0.12.5+noroms-0ubuntu7.2.debdiff"
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/697197/+attachment/1812796/+files/qemu-kvm_0.12.5%2Bnoroms-0ubuntu7.2.debdiff
** Tags added: patch
--
You received this bug notification because you are a member of qemu-
devel
** Branch linked: lp:~brightbox/ubuntu/maverick/qemu-kvm/qemu-
kvm.fix-697197
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/697197
Title:
Empty password allows access to VNC in libvirt
Status in l
The solution to this problem is to reverse the commit
52c18be9e99dabe295321153fda7fce9f76647ac in the main Qemu archive.
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/697197
Title:
Empty password a
** Also affects: qemu
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/697197
Title:
Empty password allows access to VNC in libvirt
Status in libvirt virtu
39 matches
Mail list logo
