Comment 1 Robert Buchholz (RETIRED) 2007-11-12 23:39:57 UTC

xen, please advise :-)

Comment 2 Robert Buchholz (RETIRED) 2007-11-12 23:41:01 UTC

CVE-2007-5906 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5906):
  Xen 3.1.1 allows virtual guest system users to cause a denial of service
  (hypervisor crash) by using a debug register (DR7) to set certain breakpoints.

Comment 3 Micheal Marineau (RETIRED) 2007-11-16 23:52:23 UTC

Xen 3.1.2 has been released and include the debug register fix, I will have it in the portage tree soon. As for the TSC issue, the patch "x86: allow pv guests to disable TSC for applications" was only committed to the unstable branch (will be xen 3.2) and not included in 3.1.2. I'm not sure why. The provided patch does not apply to the 3.1.2 branch either.

Comment 4 Pierre-Yves Rofes (RETIRED) 2007-12-09 00:01:39 UTC

xen-3.1.2 now in portage, but still waiting for 3.2 series to fix the other issue.

Comment 5 Robert Buchholz (RETIRED) 2008-01-10 13:52:44 UTC

*** Bug 205206 has been marked as a duplicate of this bug. ***

Comment 6 Pierre-Yves Rofes (RETIRED) 2008-05-07 22:08:09 UTC

(In reply to comment #4)
> xen-3.1.2 now in portage, but still waiting for 3.2 series to fix the other
> issue.
> 

xen herd: 3.2 is now in portage, does it include the fix?

Comment 7 Micheal Marineau (RETIRED) 2008-05-07 22:57:57 UTC

(In reply to comment #6)
> (In reply to comment #4)
> > xen-3.1.2 now in portage, but still waiting for 3.2 series to fix the other
> > issue.
> > 
> 
> xen herd: 3.2 is now in portage, does it include the fix?
> 

Oops, forgot to comment on this. Yes it includes the fix.

Comment 8 Robert Buchholz (RETIRED) 2008-05-08 07:53:05 UTC

Thanks, closing then.