Summary: | <app-emulation/xen-3.4.2-r4: Host Crash Denial of Service Vulnerability (CVE-2011-2901) | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Tim Sammut (RETIRED) <underling> | ||||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||||
Status: | RESOLVED FIXED | ||||||||
Severity: | minor | CC: | idella4, xen | ||||||
Priority: | Normal | ||||||||
Version: | unspecified | ||||||||
Hardware: | All | ||||||||
OS: | Linux | ||||||||
URL: | http://www.openwall.com/lists/oss-security/2011/09/02/2 | ||||||||
Whiteboard: | B3 [glsa] | ||||||||
Package list: | Runtime testing required: | --- | |||||||
Bug Depends on: | |||||||||
Bug Blocks: | 386371 | ||||||||
Attachments: |
|
Description
Tim Sammut (RETIRED)
2011-10-02 05:19:52 UTC
@xen, Ian, is our current stable impacted by this issue? Thanks! Tim, yes, stable is xen-3 still. xen-4 is up for stabalisation, but not declared yet (testers seemingly avoiding it!!!). xen-3 will be kept a while. Shall see to getting this patch put in. Created attachment 289309 [details, diff]
the security patch in xen-3.4.2-fix-__addr_ok-limit.patch
Created attachment 289311 [details, diff]
patch to make xen-3.4.2-r4.ebuild
+*xen-3.4.2-r4 (11 Oct 2011) + + 11 Oct 2011; Tony Vroon <chainsaw@gentoo.org> +xen-3.4.2-r4.ebuild, + +files/xen-3.4.2-CVE-2011-1583.patch, + +files/xen-3.4.2-fix-__addr_ok-limit.patch: + Patches by Ian "idella4" Delaney to address security bugs #385319 and + #386371. Arches, please test & mark stable. amd64 ok x86 stable amd64 done. Thanks Agostino Thanks, everyone. GLSA Vote: yes. Votes: Yes. GLSA request filed. This issue was resolved and addressed in GLSA 201309-24 at http://security.gentoo.org/glsa/glsa-201309-24.xml by GLSA coordinator Chris Reffett (creffett). CVE-2011-2901 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2901): Off-by-one error in the __addr_ok macro in Xen 3.3 and earlier allows local 64 bit PV guest administrators to cause a denial of service (host crash) via unspecified hypercalls that ignore virtual-address bits. |