CVE-2011-1583 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1583): Multiple integer overflows in tools/libxc/xc_dom_bzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 allow local users to cause a denial of service and possibly execute arbitrary code via a crafted paravirtualised guest kernel image that triggers (1) a buffer overflow during a decompression loop or (2) an out-of-bounds read in the loader involving unspecified length fields. Despite the CVE text, a patch for 3.4 can be found in the references. Please check if our latest stable 3.4 version is still affected by this and provide an updated ebuild. Also, for the future 4.1 stable, please check if that is affected too.
CVE-2011-3262 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3262): tools/libxc/xc_dom_bzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 allows local users to cause a denial of service (management software infinite loop and management domain resource consumption) via unspecified vectors related to "Lack of error checking in the decompression loop."
Created attachment 289345 [details, diff] re-written patch for xen-3, xen-3.4.2-sec-2011-1583.patch
Created attachment 289347 [details, diff] revised ebuild patch to bump to xen-3.4.2-r4 patch adds the two sec patches + a copy of the fix for /.config dir
Oh, forgot to mention, the patch is not required for xen-4. The content is already in the source. All done
+*xen-3.4.2-r4 (11 Oct 2011) + + 11 Oct 2011; Tony Vroon <chainsaw@gentoo.org> +xen-3.4.2-r4.ebuild, + +files/xen-3.4.2-CVE-2011-1583.patch, + +files/xen-3.4.2-fix-__addr_ok-limit.patch: + Patches by Ian "idella4" Delaney to address security bugs #385319 and + #386371. Stabilisation efforts in bug #385319.
Stabilization completed in bug 385319. GLSA vote: yes.
Thanks, folks. GLSA Vote: yes; bug added to existing GLSA request.
This issue was resolved and addressed in GLSA 201309-24 at http://security.gentoo.org/glsa/glsa-201309-24.xml by GLSA coordinator Chris Reffett (creffett).
