Summary: | app-emulation/xen-4.2.1: domain builder Out-of-memory due to malicious kernel/ramdisk (CVE-2012-{2625,4544}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | idella4, xen |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.openwall.com/lists/oss-security/2012/10/26/3 | ||
Whiteboard: | B3 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2012-11-01 16:08:45 UTC
CVE-2012-4544 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4544): The PV domain builder in Xen 4.2 and earlier does not validate the size of the kernel or ramdisk (1) before or (2) after decompression, which allows local guest administrators to cause a denial of service (domain 0 memory consumption) via a crafted (a) kernel or (b) ramdisk. CVE-2012-2625 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2625): The PyGrub boot loader in Xen unstable before changeset 25589:60f09d1ab1fe, 4.2.x, and 4.1.x allows local para-virtualized guest users to cause a denial of service (memory consumption) via a large (1) bzip2 or (2) lzma compressed kernel image. right; CVE-2012-2625 XSA-25 content is in place in the xensource code in >=4.2.0. CVE-2012-4544 XSA-25 patch takes once applied to the xensource code in >=4.2.0. CVE-2012-2625 XSA-25 will become obsolete on the stabilising of xen-4.2.0. CVE-2012-4544 XSA-25 is currently valid and pertinent to xen-tools and xen-pvgrub. @xen team: 4.2.2 is stable, can you verify whether the issues are fixed in this version? Please confirm comment 4, as we are getting ready to release a GLSA and we would like to include this bug in to it if it is fixed. (In reply to Yury German from comment #5) > Please confirm comment 4, as we are getting ready to release a GLSA and we > would like to include this bug in to it if it is fixed. Yes, I've verified. This is already fixed in >=xen-4.2.1, check other xen ebuilds (4.3.x, 4.4.x) in portage which are *not* affected by this. Thanks. Thank you ... adding to existing GLSA. This issue was resolved and addressed in GLSA 201407-03 at http://security.gentoo.org/glsa/glsa-201407-03.xml by GLSA coordinator Mikle Kolyada (Zlogene). |