Summary: | <app-emulation/xen{,-tools,-pvgrub}-4.5.0: LZO Denial of Service and Arbitrary Code Execution through embedded code | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Yury German <blueknight> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | xen |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://seclists.org/oss-sec/2014/q2/676 | ||
Whiteboard: | B3 [noglsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 515246 |
Description
Yury German
2014-06-27 00:51:35 UTC
Xen project uses kernel's lzo.c. Since release v4.5.0 it is carrying http://xenbits.xen.org/gitweb/?p=xen.git;a=commit;h=504f70b624063bbb32d43cdfe6e8409eaac1fa8e which fixed the problem in kernel and since release v4.5.3 it contains the final improved fix http://xenbits.xen.org/gitweb/?p=xen.git;a=commit;h=10a94ddbd2eb97365872cd14be93837c4613e09d v4.5.0 hit Gentoo repository via https://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/app-emulation/xen-tools/xen-tools-4.5.0.ebuild?hideattic=0&view=log Our current stable versions: =app-emulation/xen-4.6.3-r3 =app-emulation/xen-tools-4.6.3-r2 =app-emulation/xen-pvgrub-4.6.3 ...so nothing left for us todo. @ Security: Please vote! GLSA Vote: No |