From https://bugzilla.redhat.com/show_bug.cgi?id=870412 : The Xen PV domain builder contained no validation of the size of the supplied kernel or ramdisk either before or after decompression. This could cause the toolstack to consume all available RAM in the domain running the domain builder. A malicious guest administrator who can supply a kernel or ramdisk can exhaust memory in domain 0 leading to a denial of service attack. HVM guests are not affected by this vulnerability. Reference: http://lists.xen.org/archives/html/xen-devel/2012-10/msg02015.html http://www.openwall.com/lists/oss-security/2012/10/26/3 Acknowledgements: Red Hat would like to thank the Xen project for reporting this issue.
CVE-2012-4544 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4544): The PV domain builder in Xen 4.2 and earlier does not validate the size of the kernel or ramdisk (1) before or (2) after decompression, which allows local guest administrators to cause a denial of service (domain 0 memory consumption) via a crafted (a) kernel or (b) ramdisk.
CVE-2012-2625 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2625): The PyGrub boot loader in Xen unstable before changeset 25589:60f09d1ab1fe, 4.2.x, and 4.1.x allows local para-virtualized guest users to cause a denial of service (memory consumption) via a large (1) bzip2 or (2) lzma compressed kernel image.
right; CVE-2012-2625 XSA-25 content is in place in the xensource code in >=4.2.0. CVE-2012-4544 XSA-25 patch takes once applied to the xensource code in >=4.2.0. CVE-2012-2625 XSA-25 will become obsolete on the stabilising of xen-4.2.0. CVE-2012-4544 XSA-25 is currently valid and pertinent to xen-tools and xen-pvgrub.
@xen team: 4.2.2 is stable, can you verify whether the issues are fixed in this version?
Please confirm comment 4, as we are getting ready to release a GLSA and we would like to include this bug in to it if it is fixed.
(In reply to Yury German from comment #5) > Please confirm comment 4, as we are getting ready to release a GLSA and we > would like to include this bug in to it if it is fixed. Yes, I've verified. This is already fixed in >=xen-4.2.1, check other xen ebuilds (4.3.x, 4.4.x) in portage which are *not* affected by this. Thanks.
Thank you ... adding to existing GLSA.
This issue was resolved and addressed in GLSA 201407-03 at http://security.gentoo.org/glsa/glsa-201407-03.xml by GLSA coordinator Mikle Kolyada (Zlogene).