198995 CVE-2007-5906 2007-11-12 23:39 0000 app-emulation/xen CR4 TSC and DR7 DoS (CVE-2007-{5907,5906}) 2008-05-08 07:53:05 0000 1 1 1 Unclassified Gentoo Security Vulnerabilities unspecified All Linux RESOLVED FIXED http://secunia.com/advisories/28405/ ~3 [noglsa] P2 trivial --- 1 rbu@gentoo.org security@gentoo.org lars@chaotika.org xen@gentoo.org rbu@gentoo.org 2007-11-12 23:39:12 0000 CVE-2007-5907 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5907): Xen 3.1.1 does not prevent modification of the CR4 TSC from applications, which allows pv guests to cause a denial of service (crash). rbu@gentoo.org 2007-11-12 23:39:57 0000 xen, please advise :-) rbu@gentoo.org 2007-11-12 23:41:01 0000 CVE-2007-5906 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5906): Xen 3.1.1 allows virtual guest system users to cause a denial of service (hypervisor crash) by using a debug register (DR7) to set certain breakpoints. marineam@gentoo.org 2007-11-16 23:52:23 0000 Xen 3.1.2 has been released and include the debug register fix, I will have it in the portage tree soon. As for the TSC issue, the patch "x86: allow pv guests to disable TSC for applications" was only committed to the unstable branch (will be xen 3.2) and not included in 3.1.2. I'm not sure why. The provided patch does not apply to the 3.1.2 branch either. py@gentoo.org 2007-12-09 00:01:39 0000 xen-3.1.2 now in portage, but still waiting for 3.2 series to fix the other issue. rbu@gentoo.org 2008-01-10 13:52:44 0000 *** Bug 205206 has been marked as a duplicate of this bug. *** py@gentoo.org 2008-05-07 22:08:09 0000 (In reply to comment #4) > xen-3.1.2 now in portage, but still waiting for 3.2 series to fix the other > issue. > xen herd: 3.2 is now in portage, does it include the fix? marineam@gentoo.org 2008-05-07 22:57:57 0000 (In reply to comment #6) > (In reply to comment #4) > > xen-3.1.2 now in portage, but still waiting for 3.2 series to fix the other > > issue. > > > > xen herd: 3.2 is now in portage, does it include the fix? > Oops, forgot to comment on this. Yes it includes the fix. rbu@gentoo.org 2008-05-08 07:53:05 0000 Thanks, closing then.