Bug 472214 (CVE-2013-2076)

Comment 1 Agostino Sarubbo 2013-06-08 09:31:50 UTC

http://www.openwall.com/lists/oss-security/2013/06/07/5
XSA-55 (no cve) Multiple vulnerabilities in libelf PV kernel handling

Comment 2 Agostino Sarubbo 2013-06-20 10:50:42 UTC

CVE-2013-2194 XEN XSA-55 integer overflows
CVE-2013-2195 XEN XSA-55 pointer dereferences
CVE-2013-2196 XEN XSA-55 other problems

Comment 3 Agostino Sarubbo 2013-06-21 15:20:16 UTC

XSA-57 : http://www.openwall.com/lists/oss-security/2013/06/21/3

Comment 4 Ian Delaney (RETIRED) 2013-06-25 12:30:26 UTC

on it

Comment 5 Ian Delaney (RETIRED) 2013-06-27 06:19:34 UTC

*xen-4.2.1-r4 (26 Jun 2013)
*xen-4.2.2-r1 (26 Jun 2013)

  26 Jun 2013; Ian Delaney <idella4@gentoo.org>
  +files/xen-4.2-2013-2076-XSA-52to54.patch, +xen-4.2.1-r4.ebuild,
  +xen-4.2.2-r1.ebuild

  revbump; add security patches XSA-52to54, remove old

*xen-tools-4.2.2-r2 (26 Jun 2013)
*xen-tools-4.2.1-r4 (26 Jun 2013)

  26 Jun 2013; Ian Delaney <idella4@gentoo.org>
  +files/xen-4.2-CVE-2013-1-XSA-55.patch,
[X many]

  revbumps; add security patches XSA-55,56 to 4.2.1, 4.2.2, remove old ebuilds +
  disused patches

*xen-pvgrub-4.2.1-r3 (26 Jun 2013)
*xen-pvgrub-4.2.2-r1 (26 Jun 2013)

  26 Jun 2013; Ian Delaney <idella4@gentoo.org>
  +files/xen-4.2-CVE-2013-1-XSA-55.patch,
[X many]
  revbumps; add sec patches XSA-55, remove disused patches

XSA comprises 23 separate patches!
All patches take once put in the order they were published, all build under setting of all use flags @ Sec team at your leisure CC arches and select either or both for stable testing

Comment 6 Agostino Sarubbo 2013-06-27 16:04:09 UTC

XSA-57 - CVE-2013-2211 http://www.openwall.com/lists/oss-security/2013/06/26/4
XSA-58 - CVE-2013-1432 http://www.openwall.com/lists/oss-security/2013/06/26/5

Ian, you need to redo the work :)

Comment 7 Ian Delaney (RETIRED) 2013-06-28 15:10:46 UTC

hmm; the never ending story it seems isn't a child fantasy.  Oh well.
(In reply to Agostino Sarubbo from comment #6)
> XSA-57 - CVE-2013-2211
> http://www.openwall.com/lists/oss-security/2013/06/26/4
> XSA-58 - CVE-2013-1432
> http://www.openwall.com/lists/oss-security/2013/06/26/5
> 
> Ian, you need to redo the work :)

hmm; the never ending story it seems isn't a child fantasy.  Oh well.
Ago you're repeating y'rself, xsa57-4.2.patch is already in.

  28 Jun 2013; Ian Delaney <idella4@gentoo.org>
  +files/xen-4.2-CVE-2013-1432-XSA-58.patch, xen-4.2.1-r4.ebuild,
  xen-4.2.2-r1.ebuild:
  Add sec patch XSA-58 wrt Bug #472214, refrained from revbump since last 2 are
  still poised for testing

xen-tools I've revbumped to 4.2.1-r5 && 4.2.2-r3 due to tending to some remnant bugs. xen-pvgrub unchanged.

Comment 8 Ian Delaney (RETIRED) 2013-07-01 05:47:59 UTC

arch teams time to make stable ;
xen-4.2.2-r1.ebuild
xen-pvgrub-4.2.2-r1.ebuild
xen-tools-4.2.2-r3.ebuild

Comment 9 Agostino Sarubbo 2013-07-02 16:15:17 UTC

amd64 stable

Comment 10 Agostino Sarubbo 2013-07-02 16:15:46 UTC

x86 stable

Comment 11 Sergey Popov 2013-08-24 05:38:43 UTC

GLSA vote: yes

Comment 12 Chris Reffett (RETIRED) 2013-08-28 23:47:30 UTC

GLSA vote: yes, added to GLSA draft.

Comment 13 GLSAMaker/CVETool Bot 2013-08-28 23:50:20 UTC

CVE-2013-2078 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2078):
  Xen 4.0.2 through 4.0.4, 4.1.x, and 4.2.x allows local PV guest users to
  cause a denial of service (hypervisor crash) via certain bit combinations to
  the XSETBV instruction.

Comment 14 GLSAMaker/CVETool Bot 2013-08-28 23:50:20 UTC

CVE-2013-2078 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2078):
  Xen 4.0.2 through 4.0.4, 4.1.x, and 4.2.x allows local PV guest users to
  cause a denial of service (hypervisor crash) via certain bit combinations to
  the XSETBV instruction.

Comment 15 Chris Reffett (RETIRED) 2013-09-01 00:48:35 UTC

*** Bug 483220 has been marked as a duplicate of this bug. ***

Comment 16 Chris Reffett (RETIRED) 2013-09-01 00:48:45 UTC

*** Bug 483222 has been marked as a duplicate of this bug. ***

Comment 17 GLSAMaker/CVETool Bot 2013-09-01 00:49:36 UTC

CVE-2013-2077 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2077):
  Xen 4.0.x, 4.1.x, and 4.2.x does not properly restrict the contents of a
  XRSTOR, which allows local PV guest users to cause a denial of service
  (unhandled exception and hypervisor crash) via unspecified vectors.

CVE-2013-2076 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2076):
  Xen 4.0.x, 4.1.x, and 4.2.x, when running on AMD64 processors, only
  save/restore the FOP, FIP, and FDP x87 registers in FXSAVE/FXRSTOR when an
  exception is pending, which allows one domain to determine portions of the
  state of floating point instructions of other domains, which can be
  leveraged to obtain sensitive information such as cryptographic keys, a
  similar vulnerability to CVE-2006-1056.  NOTE: this is the documented
  behavior of AMD64 processors, but it is inconsistent with Intel processors
  in a security-relevant fashion that was not addressed by the kernels.

Comment 18 Chris Reffett (RETIRED) 2013-09-01 12:54:31 UTC

*** Bug 483218 has been marked as a duplicate of this bug. ***

Comment 19 GLSAMaker/CVETool Bot 2013-09-01 12:55:18 UTC

CVE-2013-2196 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2196):
  Multiple unspecified vulnerabilities in the Elf parser (libelf) in Xen 4.2.x
  and earlier allow local guest administrators with certain permissions to
  have an unspecified impact via a crafted kernel, related to "other problems"
  that are not CVE-2013-2194 or CVE-2013-2195.

CVE-2013-2195 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2195):
  The Elf parser (libelf) in Xen 4.2.x and earlier allow local guest
  administrators with certain permissions to have an unspecified impact via a
  crafted kernel, related to "pointer dereferences" involving unexpected
  calculations.

CVE-2013-2194 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2194):
  Multiple integer overflows in the Elf parser (libelf) in Xen 4.2.x and
  earlier allow local guest administrators with certain permissions to have an
  unspecified impact via a crafted kernel.

Comment 20 Chris Reffett (RETIRED) 2013-09-01 12:56:32 UTC

*** Bug 483228 has been marked as a duplicate of this bug. ***

Comment 21 GLSAMaker/CVETool Bot 2013-09-01 12:56:44 UTC

CVE-2013-1432 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1432):
  Xen 4.1.x and 4.2.x, when the XSA-45 patch is in place, does not properly
  maintain references on pages stored for deferred cleanup, which allows local
  PV guest kernels to cause a denial of service (premature page free and
  hypervisor crash) or possible gain privileges via unspecified vectors.

Comment 22 Sergey Popov 2013-09-02 08:36:36 UTC

*** Bug 483224 has been marked as a duplicate of this bug. ***

Comment 23 GLSAMaker/CVETool Bot 2013-09-02 08:37:49 UTC

CVE-2013-2211 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2211):
  The libxenlight (libxl) toolstack library in Xen 4.0.x, 4.1.x, and 4.2.x
  uses weak permissions for xenstore keys for paravirtualised and emulated
  serial console devices, which allows local guest administrators to modify
  the xenstore value via unspecified vectors.

Comment 24 GLSAMaker/CVETool Bot 2013-09-30 00:29:10 UTC

This issue was resolved and addressed in
 GLSA 201309-24 at http://security.gentoo.org/glsa/glsa-201309-24.xml
by GLSA coordinator Chris Reffett (creffett).