Summary: | <app-emulation/xen-{4.2.4-r1,4.3.2-r1,4.4.0-r1}: HVMOP_set_mem_access is not preemptibleXSA-89) (CVE-2014-2599) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | xen |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.openwall.com/lists/oss-security/2014/03/25/1 | ||
Whiteboard: | B3 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2014-03-25 13:41:22 UTC
+*xen-4.4.0-r1 (09 Apr 2014) +*xen-4.3.2-r1 (09 Apr 2014) +*xen-4.2.4-r1 (09 Apr 2014) + + 09 Apr 2014; Yixun Lan <dlan@gentoo.org> +xen-4.2.4-r1.ebuild, + +xen-4.3.2-r1.ebuild, +xen-4.4.0-r1.ebuild: + bump stable patches, fix bug #505714, XSA-89 Maintainers, please advise when eBuild has had enough testing and is ready for stabilization. For Versions: +*xen-4.3.2-r1 (09 Apr 2014) +*xen-4.2.4-r1 (09 Apr 2014) CVE-2014-2599 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2599): The HVMOP_set_mem_access HVM control operations in Xen 4.1.x for 32-bit and 4.1.x through 4.4.x for 64-bit allow local guest administrators to cause a denial of service (CPU consumption) by leveraging access to certain service domains for HVM guests and a large input. Is this fixed as part of Bug 500530? this is already fixed, please see comment #1 of this bug. so, all ebuilds in tree already include this fix, thanks Arches and Mainter(s), Thank you for your work. Added to an existing GLSA request. This issue was resolved and addressed in GLSA 201407-03 at http://security.gentoo.org/glsa/glsa-201407-03.xml by GLSA coordinator Mikle Kolyada (Zlogene). |