Summary: | <app-emulation/xen-3.4.2-r4: Execution of arbitrary code (CVE-2011-{1583,3262}) | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> | ||||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||||
Status: | RESOLVED FIXED | ||||||||
Severity: | normal | CC: | idella4, xen | ||||||
Priority: | Normal | ||||||||
Version: | unspecified | ||||||||
Hardware: | All | ||||||||
OS: | Linux | ||||||||
Whiteboard: | B3 [glsa] | ||||||||
Package list: | Runtime testing required: | --- | |||||||
Bug Depends on: | 385319 | ||||||||
Bug Blocks: | |||||||||
Attachments: |
|
Description
GLSAMaker/CVETool Bot
2011-10-08 15:45:15 UTC
CVE-2011-3262 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3262): tools/libxc/xc_dom_bzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 allows local users to cause a denial of service (management software infinite loop and management domain resource consumption) via unspecified vectors related to "Lack of error checking in the decompression loop." Created attachment 289345 [details, diff]
re-written patch for xen-3, xen-3.4.2-sec-2011-1583.patch
Created attachment 289347 [details, diff]
revised ebuild patch to bump to xen-3.4.2-r4
patch adds the two sec patches + a copy of the fix for /.config dir
Oh, forgot to mention, the patch is not required for xen-4. The content is already in the source. All done +*xen-3.4.2-r4 (11 Oct 2011) + + 11 Oct 2011; Tony Vroon <chainsaw@gentoo.org> +xen-3.4.2-r4.ebuild, + +files/xen-3.4.2-CVE-2011-1583.patch, + +files/xen-3.4.2-fix-__addr_ok-limit.patch: + Patches by Ian "idella4" Delaney to address security bugs #385319 and + #386371. Stabilisation efforts in bug #385319. Stabilization completed in bug 385319. GLSA vote: yes. Thanks, folks. GLSA Vote: yes; bug added to existing GLSA request. This issue was resolved and addressed in GLSA 201309-24 at http://security.gentoo.org/glsa/glsa-201309-24.xml by GLSA coordinator Chris Reffett (creffett). |