| Summary: | <app-emulation/xen-{4.2.3,4.3.1-r5}: Off-by-one error in FLASK_AVC_CACHESTAT (XSA-85) (CVE-2014-1895) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Chris Reffett (RETIRED) <creffett> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | minor | CC: | idella4 |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://seclists.org/oss-sec/2014/q1/263 | ||
| Whiteboard: | B2 [glsa] | ||
| Package list: | Runtime testing required: | --- | |
this bug could have / should have been combined with 500536. They both patch the common file flask_op.c. *xen-4.3.1-r5 (07 Feb 2014) *xen-4.2.2-r4 (07 Feb 2014) 07 Feb 2014; Ian Delaney <idella4@gentoo.org> +files/xen-4.3-CVE-2014-263-XSA-84-85.patch, +xen-4.2.2-r4.ebuild, +xen-4.3.1-r5.ebuild, -xen-4.2.2-r3.ebuild, -xen-4.3.1-r4.ebuild: revbumps; Sec patches XSA 84, 85 added wrt Sec. Bugs #500536, 500528, rm old Arches team please stable following ebuilds x86, amd64: app-emulation/xen-4.2.2-r4 amd64 only app-emulation/xen-4.3.1-r5 (In reply to Yixun Lan from comment #2) > Arches team please stable following ebuilds > > x86, amd64: > app-emulation/xen-4.2.2-r4 > > amd64 only > app-emulation/xen-4.3.1-r5 please do not stable xen-4.2.2-r4 we found a few security patches are not included, besides there is new 4.2.3 release we'd like to roll out and plus the missing sec patches. for app-emulation/xen-4.3.1-r5 still good to go, please stable it, thanks also see bug #500530 Ok so that we do not call for stabilization on both bugs I am just going to set the dependency on bug 500530 since it has a higher whiteboard priority. bump to xen-4.2.3, see bug #500530 for more info. and if everything goes well this version will be stable candidate for 4.2.x branch. thanks. request to stable app-emulation/xen-4.3.1-r5, for amd64 only, since I've seen xen-tools-4.3.1-r5 already goes stable, and we should really stable them together. and please do *not* close the bug at the moment, since we still need to handle for version 4.2.x serial (probably 4.2.3, but we will see). amd64 stable. Maintainer(s), please cleanup. Security, please vote. Setting whiteboard to "stable?" Still need to stable version app-emulation/xen-4.2.x Please advise when ready to stabilize 4.2.X and what version to stable. please stable
app-emulation/xen-4.2.3
also stable app-emulation/xen-tools-4.2.3-r1 (see bug #500530)
To complete the set, please add on the oft' forgotten xen-pvgrub-4.2.3. This will clear the patch to purge 4.2.2. Thanks. amd64 stable x86 stable. Maintainer(s), please cleanup. Security, please vote. CVE-2014-1895 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1895): Off-by-one error in the flask_security_avc_cachestats function in xsm/flask/flask_op.c in Xen 4.2.x and 4.3.x, when the maximum number of physical CPUs are in use, allows local users to cause a denial of service (host crash) or obtain sensitive information from hypervisor memory by leveraging a FLASK_AVC_CACHESTAT hypercall, which triggers a buffer over-read. Multiple vulnerabilities as part of Xen, Xen-tools reclassifying as B2 (based on vulnerabilities described in Bug 500530). Adding to existing GLSA This issue was resolved and addressed in GLSA 201407-03 at http://security.gentoo.org/glsa/glsa-201407-03.xml by GLSA coordinator Mikle Kolyada (Zlogene). |
From ${URL}: ISSUE DESCRIPTION ================= The FLASK_AVC_CACHESTAT hypercall, which provides access to per-cpu statistics on the Flask security policy, incorrectly validates the CPU for which statistics are being requested. IMPACT ====== An attacker can cause the hypervisor to read past the end of an array. This may result in either a host crash, leading to a denial of service, or access to a small and static region of hypervisor memory, leading to an information leak. Patch available at http://xenbits.xenproject.org/xsa/advisory-85.html