Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 783456 (CVE-2021-28687, XSA-368)

Summary: <app-emulation/xen-4.13.3: HVM soft-reset crashes toolstack
Product: Gentoo Security Reporter: Tomáš Mózes <hydrapolic>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: hydrapolic, proxy-maint, xen
Priority: Normal Keywords: PullRequest
Version: unspecifiedFlags: nattka: sanity-check-
Hardware: All   
OS: Linux   
See Also: https://github.com/gentoo/gentoo/pull/20621
Whiteboard: B3 [glsa+ cve]
Package list:
app-emulation/xen-4.13.3 amd64 app-emulation/xen-tools-4.13.3 app-emulation/xen-pvgrub-4.13.3
Runtime testing required: ---

Description Tomáš Mózes 2021-04-17 17:27:21 UTC
https://xenbits.xen.org/xsa/advisory-368.html
Comment 1 John Helmert III gentoo-dev Security 2021-04-17 17:58:27 UTC
Thanks for the report!
Comment 2 Sam James archtester gentoo-dev Security 2021-04-18 01:42:12 UTC
x86 done
Comment 3 Sam James archtester gentoo-dev Security 2021-04-18 01:45:04 UTC
amd64 done

all arches done
Comment 4 John Helmert III gentoo-dev Security 2021-04-18 14:37:13 UTC
Please cleanup.
Comment 5 Larry the Git Cow gentoo-dev 2021-05-11 15:47:42 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=15902a8ffe87bea20f63e93158b2245811d9cb49

commit 15902a8ffe87bea20f63e93158b2245811d9cb49
Author:     Tomáš Mózes <hydrapolic@gmail.com>
AuthorDate: 2021-04-30 21:18:42 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2021-05-11 15:47:33 +0000

    app-emulation/xen: drop old
    
    Bug: https://bugs.gentoo.org/783456
    Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com>
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 app-emulation/xen/Manifest             |   7 --
 app-emulation/xen/xen-4.13.2-r5.ebuild | 165 ---------------------------------
 app-emulation/xen/xen-4.13.2-r6.ebuild | 165 ---------------------------------
 app-emulation/xen/xen-4.13.2-r7.ebuild | 165 ---------------------------------
 app-emulation/xen/xen-4.14.1-r2.ebuild | 165 ---------------------------------
 app-emulation/xen/xen-4.14.1-r3.ebuild | 165 ---------------------------------
 6 files changed, 832 deletions(-)
Comment 6 NATTkA bot gentoo-dev 2021-05-11 20:16:28 UTC
Unable to check for sanity:

> no match for package: app-emulation/xen-tools-4.13.3
Comment 7 John Helmert III gentoo-dev Security 2021-07-06 02:51:37 UTC
GLSA request filed.
Comment 8 GLSAMaker/CVETool Bot gentoo-dev 2021-07-12 02:50:57 UTC
This issue was resolved and addressed in
 GLSA 202107-30 at https://security.gentoo.org/glsa/202107-30
by GLSA coordinator Sam James (sam_c).