Summary: | <app-emulation/xen-4.8.2-r3: Multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Aleksandr Wagner (Kivak) <alwag> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | boothf, hydrapolic, xen |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | x86 | ||
OS: | Linux | ||
Whiteboard: | B1 [glsa+ cve] | ||
Package list: |
app-emulation/xen-4.8.2-r3
|
Runtime testing required: | --- |
Description
Aleksandr Wagner (Kivak)
2017-10-18 17:46:08 UTC
Should be fixed by: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9f5090c0542f03940ace5c25954ddbed4aa6256f https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fb2eba50033bc28a68c10f18c5393fc2a841c335 *** Bug 637602 has been marked as a duplicate of this bug. *** (In reply to Tomáš Mózes from comment #1) > Should be fixed by: > https://gitweb.gentoo.org/repo/gentoo.git/commit/ > ?id=9f5090c0542f03940ace5c25954ddbed4aa6256f > https://gitweb.gentoo.org/repo/gentoo.git/commit/ > ?id=fb2eba50033bc28a68c10f18c5393fc2a841c335 Seems like only parts of it were fixed by that commit. We need to pull the changes from stable-4.8 and create a new patch tarball. I haven't checked if all XSA's are already fixed in previous versions in Gentoo but at least they are part of =app-emulation/xen-4.8.2-r3:
> vm-gentoo-x64 /var/tmp/portage/app-emulation/xen-4.8.2-r3/work/patches-upstream # grep -Fr 'XSA-240' .
> ./0023-x86-limit-linear-page-table-use-to-a-single-level.patch:This is XSA-240.
> ./0048-x86-don-t-wrongly-trigger-linear-page-table-assertio.patch:This is part of XSA-240.
> vm-gentoo-x64 /var/tmp/portage/app-emulation/xen-4.8.2-r3/work/patches-upstream # grep -Fr 'XSA-244' .
> ./0027-x86-cpu-Fix-IST-handling-during-PCPU-bringup.patch:This is XSA-244.
> vm-gentoo-x64 /var/tmp/portage/app-emulation/xen-4.8.2-r3/work/patches-upstream # grep -Fr 'XSA-242' .
> ./0025-x86-don-t-allow-page_unlock-to-drop-the-last-type-re.patch:This is XSA-242.
> vm-gentoo-x64 /var/tmp/portage/app-emulation/xen-4.8.2-r3/work/patches-upstream # grep -Fr 'XSA-243' .
> ./0026-x86-shadow-Don-t-create-self-linear-shadow-mappings-.patch:This is XSA-243.
> ./0049-x86-shadow-correct-SH_LINEAR-mapping-detection-in-sh.patch:The fix for XSA-243 / CVE-2017-15592 (c/s bf2b4eadcf379) introduced a change
> ./0049-x86-shadow-correct-SH_LINEAR-mapping-detection-in-sh.patch:This is part of XSA-243.
> vm-gentoo-x64 /var/tmp/portage/app-emulation/xen-4.8.2-r3/work/patches-upstream # grep -Fr 'XSA-238' .
> ./0021-x86-ioreq-server-correctly-handle-bogus-XEN_DMOP_-un.patch:This is XSA-238.
> vm-gentoo-x64 /var/tmp/portage/app-emulation/xen-4.8.2-r3/work/patches-upstream # grep -Fr 'XSA-237' .
> ./0017-x86-enforce-proper-privilege-when-un-mapping-pIRQ-s.patch:This is part of XSA-237.
> ./0016-x86-don-t-allow-MSI-pIRQ-mapping-on-unowned-device.patch:This is part of XSA-237.
> ./0019-x86-IRQ-conditionally-preserve-irq-pirq-mapping-on-m.patch:This is part of XSA-237.
> ./0018-x86-MSI-disallow-redundant-enabling.patch:This is part of XSA-237.
> ./0020-x86-FLASK-fix-unmap-domain-IRQ-XSM-hook.patch:This is part of XSA-237.
> vm-gentoo-x64 /var/tmp/portage/app-emulation/xen-4.8.2-r3/work/patches-upstream # grep -Fr 'XSA-239' .
> ./0022-x86-HVM-prefill-partially-used-variable-on-emulation.patch:This is XSA-239.
> vm-gentoo-x64 /var/tmp/portage/app-emulation/xen-4.8.2-r3/work/patches-upstream # grep -Fr 'XSA-241' .
> ./0024-x86-don-t-store-possibly-stale-TLB-flush-time-stamp.patch:This is XSA-241.
>
Added to an existing GLSA. This issue was resolved and addressed in GLSA 201801-14 at https://security.gentoo.org/glsa/201801-14 by GLSA coordinator Thomas Deutschmann (whissi). |