Summary: | <app-emulation/xen-tools-{4.2.5-r8,4.5.1-r1},<app-emulation/xen-4.5.1: xl command line config handling stack overflow (XSA-137) (CVE-2015-3259) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Kristian Fiskerstrand (RETIRED) <k_f> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | dlan, xen |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B3 [glsa cve] | ||
Package list: | Runtime testing required: | --- |
Description
Kristian Fiskerstrand (RETIRED)
2015-06-30 19:28:09 UTC
Patches forwarded to dlan by OpenPGP encrypted email Issue is now public pushed to tree, fixed in app-emulation/xen-tools-4.2.5-r8 app-emulation/xen-tools-4.5.1-r1 Arches, please test and mark stable: =app-emulation/xen-tools-4.2.5-r8 Target keywords Both : "amd64 x86" =app-emulation/xen-4.5.1 =app-emulation/xen-tools-4.5.1-r1 =app-emulation/xen-pvgrub-4.5.1 Target keywords Only: "amd64" x86 stable amd64 stable. Maintainer(s), please cleanup. Security, please vote. Added to existing request CVE-2015-3259 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3259): The xl command line utility mishandles long configuration values when passed as command line arguments, with a buffer overrun. (In reply to Agostino Sarubbo from comment #5) > amd64 stable. > > Maintainer(s), please cleanup. > Security, please vote. 12 Jul 2015; Yixun Lan <dlan@gentoo.org> -xen-tools-4.2.5-r7.ebuild, -xen-tools-4.5.0-r6.ebuild, -xen-tools-4.5.1.ebuild: drop old vulnerables, bug 553664 Maintainer(s), Thank you for you for cleanup. This issue was resolved and addressed in GLSA 201604-03 at https://security.gentoo.org/glsa/201604-03 by GLSA coordinator Yury German (BlueKnight). |