Summary: | <app-emulation/xen-4.4.0-r4: insufficient permissions checks accessing guest memory on ARM (CVE-2014-3969) (XSA-98) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | trivial | CC: | xen |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.openwall.com/lists/oss-security/2014/06/04/19 | ||
Whiteboard: | ~1 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2014-06-06 07:56:58 UTC
*xen-4.4.0-r4 (14 Jun 2014) *xen-4.3.2-r3 (14 Jun 2014) *xen-4.2.4-r3 (14 Jun 2014) 14 Jun 2014; Yixun Lan <dlan@gentoo.org> +xen-4.2.4-r3.ebuild, +xen-4.3.2-r3.ebuild, +xen-4.4.0-r4.ebuild: bump security patches, fix bug 482138, 512572, 512294 Thank you for your work, since this is ARM only if you can cleanup vulnerable version we can close this. CVE-2014-3969 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3969): Xen 4.4.x, when running on an ARM system, does not properly check write permissions on virtual addresses, which allows local guest administrators to gain privileges via unspecified vectors. (In reply to GLSAMaker/CVETool Bot from comment #3) > CVE-2014-3969 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3969): > Xen 4.4.x, when running on an ARM system, does not properly check write > permissions on virtual addresses, which allows local guest administrators > to > gain privileges via unspecified vectors. this is already fixed, see comment #1 dlan, Thank you for cleanup! No GLSA needed as there are no stable versions for ARM. |