Summary: | <app-emulation/xen-{4.5.2-r4, 4.6.0-r8} <app-emulation/xen-tools-{4.5.2-r4, 4.6.0-r7}: VMX intercept issue with INVLPG on non-canonical address (XSA-168) (CVE-2016-1571) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Kristian Fiskerstrand (RETIRED) <k_f> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | idella4 |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: | https://bugs.gentoo.org/show_bug.cgi?id=571552 | ||
Whiteboard: | B3 [glsa cve] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 574012 | ||
Bug Blocks: |
Description
Kristian Fiskerstrand (RETIRED)
2016-01-11 15:14:32 UTC
Well this is unexpected. * Failed Patch: xsa167.patch ! * ( /mnt/gen2/TmpDir/portage/app-emulation/xen-tools-4.6.0-r7/work/xen-sec/xsa167.patch ) with the usual can't find file to patch at input line 15 Perhaps you used the wrong -p or --strip option? in xen-tools-4.6.0-r7/temp/xsa167.patch.out Just to make things more confusing. * Applying xsa168.patch ... [ ok ] * Applying xsa169.patch ... * Failed Patch: xsa169.patch ! * ( /mnt/gen2/TmpDir/portage/app-emulation/xen-tools-4.6.0-r7/work/xen-sec/xsa169.patch ) Removing xsa167.patch from the list allows xsa168.patch to apply, effectively, which then, it appears, contaminates xsa169.patch which was applying fine priot to addition of xsa167.patch & xsa168.patch (In reply to Ian Delaney from comment #1) > Well this is unexpected. > > * Failed Patch: xsa167.patch ! > * ( > /mnt/gen2/TmpDir/portage/app-emulation/xen-tools-4.6.0-r7/work/xen-sec/ > xsa167.patch ) > As discussed on IRC this is due to bug 571552 comment 1 Finally; /app-emulation/xen $ ebuild xen-4.5.2-r4.ebuild clean prepare ....................................... * Applying xsa165-4.5.patch [ ok ] * Applying xsa166-4.5.patch [ ok ] * Applying xsa167-4.6.patch [ ok ] * Applying xsa168.patch [ ok ] app-emulation/xen $ ebuild xen-4.6.0-r8.ebuild clean prepare ....................................... * Applying xsa165-4.6.patch [ ok ] * Applying xsa166.patch [ ok ] * Applying xsa167-4.6.patch [ ok ] * Applying xsa168.patch [ ok ] * Applying xsa169.patch [ ok ] ditto xen-tools. build and install The first email indicated the patch required was xsa167.patch. Cost me hours. The one that actually works was always there but never used it until exhausting all sane methods of getting the wrong one to work. Please anyone don't ever do that again. Public release commit 355e4fcbd3f83ef4b3d435e843503033d1a8c3b8 Author: Ian Delaney <idella4@gentoo.org> Date: Thu Jan 21 22:07:07 2016 +0800 app-emulation/xen: revbumps to vns. 4.5.2-r4 4.6.0-r8 wrt gentoo security bug. patches added; xsa 167-4.6, xsa168 Purging of old versions to await stabilisation of revbumped vns. Gentoo bug: #571556, #571552 commit dd9ecb826db3250e60c35d188804cb16cf0a6dde Author: Ian Delaney <idella4@gentoo.org> Date: Thu Jan 21 22:03:25 2016 +0800 app-emulation/xen-tools: revbumps to vns. 4.5.2-r4 4.6.0-r7 wrt gentoo security bug. patches added; xsa 167-4.6, xsa168 Purging of old versions to await stabilisation of revbumped vns. Gentoo bug: #571556, #571552 Please clearly state WHICH packages need to be stabilized and which versions. All addressed and managed already in 571552 Added to existing GLSA. Arches and Maintainer(s), Thank you for your work. This issue was resolved and addressed in GLSA 201604-03 at https://security.gentoo.org/glsa/201604-03 by GLSA coordinator Yury German (BlueKnight). |