757126 – (XSA-355) <app-emulation/xen-{4.13.2-r2,4.14.0-r6}: stack corruption from XSA-346 change

Bug 757126 (XSA-355) - <app-emulation/xen-{4.13.2-r2,4.14.0-r6}: stack corruption from XSA-346 change

Summary: <app-emulation/xen-{4.13.2-r2,4.14.0-r6}: stack corruption from XSA-346 change

Status:	RESOLVED FIXED

Alias:	XSA-355

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	B1 [glsa+]
Keywords:

Depends on:
Blocks:

Reported:	2020-11-27 10:05 UTC by Tomáš Mózes
Modified:	2024-02-04 07:18 UTC (History)
CC List:	4 users (show)

See Also:	https://github.com/gentoo/gentoo/pull/18425 https://github.com/gentoo/gentoo/pull/18485
Package list:	app-emulation/xen-4.13.2-r2
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Tomáš Mózes 2020-11-27 10:05:26 UTC

https://xenbits.xen.org/xsa/advisory-355.html

Comment 1 Larry the Git Cow gentoo-dev

2020-11-27 16:55:55 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d529fbaa79ab4069951c33f7f3ec43dd5567fc84

commit d529fbaa79ab4069951c33f7f3ec43dd5567fc84
Author:     Tomáš Mózes <hydrapolic@gmail.com>
AuthorDate: 2020-11-27 10:21:48 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2020-11-27 16:55:48 +0000

    app-emulation/xen: add upstream patch for XSA-355
    
    Bug: https://bugs.gentoo.org/757126
    Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com>
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 app-emulation/xen/Manifest             |   2 +
 app-emulation/xen/xen-4.13.2-r2.ebuild | 165 +++++++++++++++++++++++++++++++++
 app-emulation/xen/xen-4.14.0-r6.ebuild | 165 +++++++++++++++++++++++++++++++++
 3 files changed, 332 insertions(+)

Comment 2 John Helmert III archtester

2020-11-27 17:55:26 UTC

Please proceed with stabilization when ready.

Comment 3 Tomáš Mózes 2020-12-03 05:51:26 UTC

Please proceed with stabilization.

Comment 4 Sam James archtester

2020-12-03 07:59:41 UTC

amd64 done

all arches done

Comment 5 Sam James archtester

2020-12-03 08:11:09 UTC

Please cleanup.

Comment 6 Larry the Git Cow gentoo-dev

2020-12-03 20:34:30 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=836f37bf62fe8f8a364224703fd61437215d3d82

commit 836f37bf62fe8f8a364224703fd61437215d3d82
Author:     Tomáš Mózes <hydrapolic@gmail.com>
AuthorDate: 2020-12-03 10:53:41 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2020-12-03 20:34:22 +0000

    app-emulation/xen: drop vulnerable
    
    Bug: https://bugs.gentoo.org/757126
    Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com>
    Closes: https://github.com/gentoo/gentoo/pull/18485
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 app-emulation/xen/Manifest             |   1 -
 app-emulation/xen/xen-4.13.2-r1.ebuild | 165 ---------------------------------
 2 files changed, 166 deletions(-)

Comment 7 NATTkA bot gentoo-dev

2021-02-04 22:29:03 UTC Comment hidden (obsolete)

Unable to check for sanity:

> no match for package: app-emulation/xen-4.13.2-r2

Comment 8 NATTkA bot gentoo-dev

2021-04-01 20:12:13 UTC

Unable to check for sanity:

> no match for package: app-emulation/xen-4.13.2-r2

Comment 9 Larry the Git Cow gentoo-dev

2024-02-04 07:17:09 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=3f8db3fdbc2235dee30f5c1ea206584ecabbe484

commit 3f8db3fdbc2235dee30f5c1ea206584ecabbe484
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2024-02-04 07:16:20 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2024-02-04 07:16:59 +0000

    [ GLSA 202402-07 ] Xen: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/754105
    Bug: https://bugs.gentoo.org/757126
    Bug: https://bugs.gentoo.org/826998
    Bug: https://bugs.gentoo.org/837575
    Bug: https://bugs.gentoo.org/858122
    Bug: https://bugs.gentoo.org/876790
    Bug: https://bugs.gentoo.org/879031
    Bug: https://bugs.gentoo.org/903624
    Bug: https://bugs.gentoo.org/905389
    Bug: https://bugs.gentoo.org/915970
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202402-07.xml | 112 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 112 insertions(+)