Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 386371 (CVE-2011-1583)

Summary: <app-emulation/xen-3.4.2-r4: Execution of arbitrary code (CVE-2011-{1583,3262})
Product: Gentoo Security Reporter: GLSAMaker/CVETool Bot <glsamaker>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: idella4, xen
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B3 [glsa]
Package list:
Runtime testing required: ---
Bug Depends on: 385319    
Bug Blocks:    
Attachments:
Description Flags
re-written patch for xen-3, xen-3.4.2-sec-2011-1583.patch
none
revised ebuild patch to bump to xen-3.4.2-r4 none

Description GLSAMaker/CVETool Bot gentoo-dev 2011-10-08 15:45:15 UTC
CVE-2011-1583 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1583):
  Multiple integer overflows in tools/libxc/xc_dom_bzimageloader.c in Xen 3.2,
  3.3, 4.0, and 4.1 allow local users to cause a denial of service and
  possibly execute arbitrary code via a crafted paravirtualised guest kernel
  image that triggers (1) a buffer overflow during a decompression loop or (2)
  an out-of-bounds read in the loader involving unspecified length fields.


Despite the CVE text, a patch for 3.4 can be found in the references.

Please check if our latest stable 3.4 version is still affected by this and provide an updated ebuild. Also, for the future 4.1 stable, please check if that is affected too.
Comment 1 GLSAMaker/CVETool Bot gentoo-dev 2011-10-08 15:49:38 UTC
CVE-2011-3262 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3262):
  tools/libxc/xc_dom_bzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 allows
  local users to cause a denial of service (management software infinite loop
  and management domain resource consumption) via unspecified vectors related
  to "Lack of error checking in the decompression loop."
Comment 2 Ian Delaney (RETIRED) gentoo-dev 2011-10-09 12:23:11 UTC
Created attachment 289345 [details, diff]
re-written patch for xen-3, xen-3.4.2-sec-2011-1583.patch
Comment 3 Ian Delaney (RETIRED) gentoo-dev 2011-10-09 12:36:05 UTC
Created attachment 289347 [details, diff]
revised ebuild patch to bump to xen-3.4.2-r4

patch adds the two sec patches + a copy of the fix for /.config dir
Comment 4 Ian Delaney (RETIRED) gentoo-dev 2011-10-09 12:38:11 UTC
Oh, forgot to mention, the patch is not required for xen-4.
The content is already in the source.
All done
Comment 5 Tony Vroon (RETIRED) gentoo-dev 2011-10-11 20:25:24 UTC
+*xen-3.4.2-r4 (11 Oct 2011)
+
+  11 Oct 2011; Tony Vroon <chainsaw@gentoo.org> +xen-3.4.2-r4.ebuild,
+  +files/xen-3.4.2-CVE-2011-1583.patch,
+  +files/xen-3.4.2-fix-__addr_ok-limit.patch:
+  Patches by Ian "idella4" Delaney to address security bugs #385319 and
+  #386371.

Stabilisation efforts in bug #385319.
Comment 6 Sean Amoss (RETIRED) gentoo-dev Security 2012-11-10 20:04:59 UTC
Stabilization completed in bug 385319. 

GLSA vote: yes.
Comment 7 Tim Sammut (RETIRED) gentoo-dev 2012-12-11 17:29:23 UTC
Thanks, folks. GLSA Vote: yes; bug added to existing GLSA request.
Comment 8 GLSAMaker/CVETool Bot gentoo-dev 2013-09-30 00:28:55 UTC
This issue was resolved and addressed in
 GLSA 201309-24 at http://security.gentoo.org/glsa/glsa-201309-24.xml
by GLSA coordinator Chris Reffett (creffett).