Summary: | <app-emulation/xen-{4.5.2-r1,4.6.0-r2}: x86: CPU lockup during fault delivery (XSA-156) (CVE-2015-{5307,8104}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Kristian Fiskerstrand (RETIRED) <k_f> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | dlan, idella4 |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B3 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Kristian Fiskerstrand (RETIRED)
![]() The issue is now public commit 3c606b8d93fcaff04c463764bb5bab96780654ea Author: Ian Delaney <idella4@gentoo.org> Date: Tue Nov 10 18:05:41 2015 +0800 app-emulation/xen: revbumps; add xsa-156 patches in 4.5 4.5.2-r1, 4.6.0-r2 Required by gentoo security bug. These are embargoed patches now free for public release. Gentoo bug: #564932 The addition might need re-doing since it doesn't fit dlan's form but it's trivia. Each new addition requires making of a new .conf file which am not familiar with. These work Arches, please stabilize =app-emulation/xen-4.5.2-r1 Stable targets: amd64 x86 actually x86 was dropped in xen some time ago: KEYWORDS="amd64 ~arm ~arm64 -x86" leaving amd64. However I see no reason why arm and arm64 should not be made stable but that should be kept for the next stabilising of 4.6.n (In reply to Ian Delaney from comment #4) > actually x86 was dropped in xen some time ago: > > KEYWORDS="amd64 ~arm ~arm64 -x86" > > leaving amd64. However I see no reason why arm and arm64 should not be made > stable but that should be kept for the next stabilising of 4.6.n x86 is still stable for 4.2 series, has a due diligence been performed to establish that it is not affected by the security vulnerability, and if so a patch backported? @maintainer, since the xsa says:
> All versions of Xen are affected.
Please clarify if you want to drop 4.2.x or we need to wait the fixed version.
amd64 stable (In reply to Agostino Sarubbo from comment #6) > Please clarify if you want to drop 4.2.x or we need to wait the fixed > version. we'll drop 4.2.x, do not waste the effort to stable it (In reply to Yixun Lan from comment #8) > (In reply to Agostino Sarubbo from comment #6) > > Please clarify if you want to drop 4.2.x or we need to wait the fixed > > version. > > we'll drop 4.2.x, do not waste the effort to stable it It should likely be p.masked in that case (In reply to Yixun Lan from comment #8) > we'll drop 4.2.x, do not waste the effort to stable it ok, then x86 has nothing to do here. Please cleanup. commit 8f7e07bb5fc8f742d97e22fa659f044ebd5cc570 Author: Ian Delaney <idella4@gentoo.org> Date: Sun Nov 29 15:53:09 2015 +0800 app-emulation/xen: clean old vns.: 4.5.x, 4.6.0-r1 Arches and Maintainer(s), Thank you for your work. Added to an existing GLSA Request. This issue was resolved and addressed in GLSA 201604-03 at https://security.gentoo.org/glsa/201604-03 by GLSA coordinator Yury German (BlueKnight). |