Summary: | <app-emulation/xen{,-pvgrub,-tools}-4.7.3: grant table operations mishandle reference counts | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Christopher Díaz Riveros (RETIRED) <chrisadr> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | xen |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://xenbits.xen.org/xsa/advisory-224.html | ||
Whiteboard: | B1 [glsa cve] | ||
Package list: |
app-emulation/xen-4.7.3 amd64
app-emulation/xen-pvgrub-4.7.3 amd64 x86
app-emulation/xen-tools-4.7.3 amd64 x86
|
Runtime testing required: | --- |
Bug Depends on: | |||
Bug Blocks: | 624112, 624114, 624116, 624118, 624120, 624122, 624124 |
Description
Christopher Díaz Riveros (RETIRED)
2017-07-07 15:02:12 UTC
commit 7a8fc554850ee501e1ad705b4154874adf102947 Author: Yixun Lan <dlan@gentoo.org> Date: Wed Jul 12 15:15:52 2017 +0800 app-emulation/xen: security bump fix XSA-217,218,219,220,221,222,223,224,225 Gentoo-Bug: 624112,624114,624116,624118,624120,624122,624124,624126,624130 Package-Manager: Portage-2.3.6, Repoman-2.3.2 :100644 100644 6534404116c... 49df2654a33... M app-emulation/xen/Manifest :000000 100644 00000000000... f66bd1b70f8... A app-emulation/xen/xen-4.7.3.ebuild :000000 100644 00000000000... bf73951bc39... A app-emulation/xen/xen-4.8.1-r2.ebuild Arches, please test and mark stable: =app-emulation/xen-4.7.3 Target keyword only: "amd64" =app-emulation/xen-pvgrub-4.7.3 =app-emulation/xen-tools-4.7.3 Target keywords: "amd64 x86" Stable on amd64. x86 stable GLSA Vote: Yes Added to an existing GLSA Request. Maintainer(s), please drop the vulnerable version(s). Maintainers please drop vulnerable packages (4.7.2-r1), please be aware that in the past for some reason x86 was stabilized but it should of never been. | | u | | a a p s a n r | n | | l m h i p p r m m i i s | e u s | r | p d a p a p c a x m i 6 o s 3 | a s l | e | h 6 r p 6 p 6 r 8 6 p 8 s c 9 s | p e o | p | a 4 m a 4 c 4 c 6 4 s k 2 v 0 h | i d t | o ---------+---------------------------------+-------+------- 4.7.2-r1 | o + ~ o o o o o + o o o o o o o | 5 o 0 | gentoo 4.7.3 | o + ~ o o o o o ~ o o o o o o o | 5 o | gentoo Maintainers please remove Vulnerable Versions: app-emulation/xen-4.7.2-r1 app-emulation/xen-pvgrub-4.7.2 app-emulation/xen-tools-4.7.2 Note: Xen-4.7.2.-r1 should never had x86 stabilized, so please drop stable keywords on that. This issue was resolved and addressed in GLSA 201710-17 at https://security.gentoo.org/glsa/201710-17 by GLSA coordinator Aaron Bauman (b-man). re-opened for cleanup. please clean. Tree is clean. |