Summary: | <app-emulation/xen-{4.14.3-r1,4.15.1-r1}: DoS or privilege escalation if guest has RMRR PCI devices | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | hydrapolic, proxy-maint, xen |
Priority: | Normal | Keywords: | PullRequest |
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://www.openwall.com/lists/oss-security/2021/10/07/2 | ||
See Also: |
https://github.com/gentoo/gentoo/pull/22562 https://github.com/gentoo/gentoo/pull/22816 |
||
Whiteboard: | B1 [glsa+] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 819072 | ||
Bug Blocks: |
Description
John Helmert III
2021-10-07 19:28:47 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=78d3124bdd04e9ccc71dd98aebf63d940e9032ca commit 78d3124bdd04e9ccc71dd98aebf63d940e9032ca Author: Tomáš Mózes <hydrapolic@gmail.com> AuthorDate: 2021-10-12 06:39:39 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2021-10-20 09:59:23 +0000 app-emulation/xen: add upstream security patches Bug: https://bugs.gentoo.org/816882 Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com> Signed-off-by: Sam James <sam@gentoo.org> app-emulation/xen/Manifest | 2 + app-emulation/xen/xen-4.14.3-r1.ebuild | 167 +++++++++++++++++++++++++++++++++ app-emulation/xen/xen-4.15.1-r1.ebuild | 167 +++++++++++++++++++++++++++++++++ 3 files changed, 336 insertions(+) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=abb409bcf43be1f9ce250459f6dbf126b1dcf50d commit abb409bcf43be1f9ce250459f6dbf126b1dcf50d Author: Tomáš Mózes <hydrapolic@gmail.com> AuthorDate: 2021-11-04 14:28:57 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2021-11-12 13:03:54 +0000 app-emulation/xen: drop vulnerable Bug: https://bugs.gentoo.org/816882 Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com> Closes: https://github.com/gentoo/gentoo/pull/22816 Signed-off-by: Joonas Niilola <juippis@gentoo.org> app-emulation/xen/xen-4.14.3.ebuild | 167 ------------------------------------ 1 file changed, 167 deletions(-) This is done, tree clean. GLSA request filed GLSA done, all done. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=22bc39ed12fa34e39fcf5a2559a7f2135d98e1b1 commit 22bc39ed12fa34e39fcf5a2559a7f2135d98e1b1 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-08-14 14:28:39 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-08-14 14:33:57 +0000 [ GLSA 202208-23 ] Xen: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/810341 Bug: https://bugs.gentoo.org/812485 Bug: https://bugs.gentoo.org/816882 Bug: https://bugs.gentoo.org/825354 Bug: https://bugs.gentoo.org/832039 Bug: https://bugs.gentoo.org/835401 Bug: https://bugs.gentoo.org/850802 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Sam James <sam@gentoo.org> glsa-202208-23.xml | 88 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 88 insertions(+) |