Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 641566 (CVE-2017-17563, CVE-2017-17564, CVE-2017-17565, CVE-2017-17566)

Summary: <app-emulation/xen-4.9.1-r1: Multiple vulnerabilities
Product: Gentoo Security Reporter: GLSAMaker/CVETool Bot <glsamaker>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: major CC: hydrapolic, xen
Priority: Normal Flags: stable-bot: sanity-check+
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://xenbits.xen.org/xsa/
Whiteboard: B1 [glsa+ cve]
Package list:
app-emulation/xen-4.9.1-r1 app-emulation/xen-pvgrub-4.9.1 app-emulation/xen-tools-4.9.1-r1
 Runtime testing required: ---

Description GLSAMaker/CVETool Bot gentoo-dev 2017-12-18 13:49:06 UTC 
CVE-2017-17566 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-17566):
  An issue was discovered in Xen through 4.9.x allowing PV guest OS users to
  cause a denial of service (host OS crash) or gain host OS privileges in
  shadow mode by mapping a certain auxiliary page.

CVE-2017-17565 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-17565):
  An issue was discovered in Xen through 4.9.x allowing PV guest OS users to
  cause a denial of service (host OS crash) if shadow mode and log-dirty mode
  are in place, because of an incorrect assertion related to M2P.

CVE-2017-17564 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-17564):
  An issue was discovered in Xen through 4.9.x allowing guest OS users to
  cause a denial of service (host OS crash) or gain host OS privileges by
  leveraging incorrect error handling for reference counting in shadow mode.

CVE-2017-17563 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-17563):
  An issue was discovered in Xen through 4.9.x allowing guest OS users to
  cause a denial of service (host OS crash) or gain host OS privileges by
  leveraging an incorrect mask for reference-count overflow checking in shadow
  mode.
Comment 1 Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2017-12-18 13:50:45 UTC 
@Maintainers please confirm if we are affected by those CVEs.

Thank you
Comment 2 Yixun Lan archtester gentoo-dev 2017-12-31 14:18:40 UTC 
this is fixed at app-emulation/xen-4.9.1-r1

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2bfd1dc774e87e20ccd6f77a4847ec7126501e43
Comment 3 Thomas Deutschmann (RETIRED) gentoo-dev 2018-01-11 18:41:00 UTC 
Upstream's x86 doesn't mean Gentoo's x86.
Comment 4 Thomas Deutschmann (RETIRED) gentoo-dev 2018-01-11 19:10:52 UTC 
@ Maintainer(s): Looks like we need to move to 4.9.x (XSA-248... also affectx 4.8.x). Can you confirm that we will move to 4.9.x? Is =app-emulation/xen-4.9.1-r1 ready for stabilization and will we cleanup <app-emulation/xen-4.9.1-r1 after that?
Comment 5 Tomáš Mózes 2018-01-12 04:29:24 UTC 
(In reply to Thomas Deutschmann from comment #4)
> @ Maintainer(s): Looks like we need to move to 4.9.x (XSA-248... also
> affectx 4.8.x). Can you confirm that we will move to 4.9.x? Is
> =app-emulation/xen-4.9.1-r1 ready for stabilization and will we cleanup
> <app-emulation/xen-4.9.1-r1 after that?

Yes, Yixun plans to do so, but I think he wanted to get Xen 4.10 into portage first for testing. Given that we have multiple unsolved CVEs, I suppose we can call stabilization and add 4.10 later on.

Xen 4.9.1-r1 looks fine, fixes some issues with ovmf and seems to work nice for us in production.
Comment 6 Yixun Lan archtester gentoo-dev 2018-01-13 14:29:12 UTC 
Yes, let's move forward to 4.9 (since we haven't done the security bump for these versions <4.9)


Arches, please test and mark stable:
=app-emulation/xen-4.9.1-r1
Target keyword only: "amd64" 
        
=app-emulation/xen-pvgrub-4.9.1
=app-emulation/xen-tools-4.9.1-r1
Target keywords: "amd64 x86"
Comment 7 Agostino Sarubbo gentoo-dev 2018-01-14 15:31:14 UTC 
amd64 stable
Comment 8 Larry the Git Cow gentoo-dev 2018-01-14 16:23:15 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fa801eb3217e4bd5d2bd1799e29c6e61a9d8e802

commit fa801eb3217e4bd5d2bd1799e29c6e61a9d8e802
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2018-01-14 16:22:27 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2018-01-14 16:23:04 +0000

    app-emulation/xen-tools: x86 stable
    
    Bug: https://bugs.gentoo.org/641566
    Package-Manager: Portage-2.3.19, Repoman-2.3.6

 app-emulation/xen-tools/xen-tools-4.9.1-r1.ebuild | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)}
Comment 9 Thomas Deutschmann (RETIRED) gentoo-dev 2018-01-14 16:27:33 UTC 
Added to an existing GLSA.

@ Maintainer(s): Please cleanup and drop <app-emulation/xen-4.9.1-r1 and <app-emulation/xen-tools-4.9.1-r1!
Comment 10 GLSAMaker/CVETool Bot gentoo-dev 2018-01-14 23:51:19 UTC 
This issue was resolved and addressed in
 GLSA 201801-14 at https://security.gentoo.org/glsa/201801-14
by GLSA coordinator Thomas Deutschmann (whissi).
Comment 11 Thomas Deutschmann (RETIRED) gentoo-dev 2018-01-14 23:53:26 UTC 
Re-opening for cleanup.
Comment 12 Tomáš Mózes 2018-01-15 03:24:45 UTC 
(In reply to Yixun Lan from comment #6)
> Yes, let's move forward to 4.9 (since we haven't done the security bump for
> these versions <4.9)
> 
> 
> Arches, please test and mark stable:
> =app-emulation/xen-4.9.1-r1
> Target keyword only: "amd64" 
>         
> =app-emulation/xen-pvgrub-4.9.1
> =app-emulation/xen-tools-4.9.1-r1
> Target keywords: "amd64 x86"

Seems like we missed xen-pvgrub in the package list so it's not stabilized yet.
Comment 13 Larry the Git Cow gentoo-dev 2018-04-09 00:03:00 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bbd16795cbb370d7e003baa88ba6020a9898c176

commit bbd16795cbb370d7e003baa88ba6020a9898c176
Author:     Aaron Bauman <bman@gentoo.org>
AuthorDate: 2018-04-09 00:02:35 +0000
Commit:     Aaron Bauman <bman@gentoo.org>
CommitDate: 2018-04-09 00:02:51 +0000

    app-emulation/xen-tools: drop vulnerable
    
    Bug: https://bugs.gentoo.org/641566
    Package-Manager: Portage-2.3.28, Repoman-2.3.9

 app-emulation/xen-tools/Manifest                  |   6 -
 app-emulation/xen-tools/xen-tools-4.8.2-r3.ebuild | 459 ---------------------
 app-emulation/xen-tools/xen-tools-4.9.0.ebuild    | 462 ----------------------
 app-emulation/xen-tools/xen-tools-4.9.1.ebuild    | 454 ---------------------
 4 files changed, 1381 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=835e2f7cc9c59688ae198f0a72787aaecc061766

commit 835e2f7cc9c59688ae198f0a72787aaecc061766
Author:     Aaron Bauman <bman@gentoo.org>
AuthorDate: 2018-04-09 00:01:13 +0000
Commit:     Aaron Bauman <bman@gentoo.org>
CommitDate: 2018-04-09 00:02:50 +0000

    app-emulation/xen-pvgrub: drop vulnerable
    
    Bug: https://bugs.gentoo.org/641566
    Package-Manager: Portage-2.3.28, Repoman-2.3.9

 app-emulation/xen-pvgrub/Manifest                  |   2 -
 .../xen-pvgrub/xen-pvgrub-4.8.2-r1.ebuild          | 161 ---------------------
 app-emulation/xen-pvgrub/xen-pvgrub-4.9.0.ebuild   | 161 ---------------------
 3 files changed, 324 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=66e8f9ccac5941492b947ceb5dc67a88121b4633

commit 66e8f9ccac5941492b947ceb5dc67a88121b4633
Author:     Aaron Bauman <bman@gentoo.org>
AuthorDate: 2018-04-09 00:00:26 +0000
Commit:     Aaron Bauman <bman@gentoo.org>
CommitDate: 2018-04-09 00:02:49 +0000

    app-emulation/xen: drop vulnerable
    
    Bug: https://bugs.gentoo.org/641566
    Package-Manager: Portage-2.3.28, Repoman-2.3.9

 app-emulation/xen/Manifest            |   6 --
 app-emulation/xen/xen-4.8.2-r2.ebuild | 184 ----------------------------------
 app-emulation/xen/xen-4.8.2-r3.ebuild | 175 --------------------------------
 app-emulation/xen/xen-4.9.0.ebuild    | 183 ---------------------------------
 app-emulation/xen/xen-4.9.1.ebuild    | 171 -------------------------------
 5 files changed, 719 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=62d619a49aa43d36639b3457a95f5a4c56c3fb71

commit 62d619a49aa43d36639b3457a95f5a4c56c3fb71
Author:     Aaron Bauman <bman@gentoo.org>
AuthorDate: 2018-04-08 23:58:51 +0000
Commit:     Aaron Bauman <bman@gentoo.org>
CommitDate: 2018-04-09 00:02:47 +0000

    app-emulation/xen-pvgrub: amd64 stable
    
    Bug: https://bugs.gentoo.org/641566
    Package-Manager: Portage-2.3.28, Repoman-2.3.9

 app-emulation/xen-pvgrub/xen-pvgrub-4.9.1.ebuild | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)}