From ${URL}: ISSUE DESCRIPTION ================= libvchan (a library for inter-domain communication) does not correctly handle unusual or malicious contents in the xenstore ring. A malicious guest can exploit this to cause a libvchan-using facility to read or write past the end of the ring. IMPACT ====== libvchan-using facilities are vulnerable to denial of service and perhaps privilege escalation. There are no such services provided in the upstream Xen Project codebase. Patch available at http://xenbits.xenproject.org/xsa/advisory-86.html
B1 because of possible priv escalation
does major -> fast track going stable? how about; + >=dev-python/stsci-distutils-0.3[${PYTHON_USEDEP}] + >=dev-python/d2to1-0.2.5[${PYTHON_USEDEP}]" from setup_requires=['d2to1>=0.2.5', 'stsci.distutils>=0.3'], from portage/dev-python/pyfits-3.2/work/pyfits-3.2/setup.py
damn bugzy still needs an 'undo that accidental entry func.'!!, wrong bug/tab; sorry for noise of Comment 2. the stable xen-tools of xen-4.2.2 seems to have developed a bug with a pair of use flags. This puts adding this sec. patch to it on hold, however it passes fine in xen-tools-4.3.1. does major -> fast track going stable? therefore pertains only to the xen-tools-4.3.1-r4 *xen-tools-4.3.1-r4 (08 Feb 2014) 08 Feb 2014; Ian Delaney <idella4@gentoo.org> +files/xen-4-CVE-XSA-86.patch, +xen-tools-4.3.1-r4.ebuild: revbump; only to 4.3.1 (for now), add sec. patch XSA-86 patch wrt bug #500530
*xen-tools-4.3.1-r5 (13 Feb 2014) *xen-tools-4.2.2-r7 (13 Feb 2014) 3> 13 Feb 2014; Yixun Lan <dlan@gentoo.org> -xen-tools-4.2.2-r6.ebuild, +xen-tools-4.2.2-r7.ebuild, -xen-tools-4.3.1-r4.ebuild, +xen-tools-4.3.1-r5.ebuild, +files/xen-tools-4-CVE-2014-1950-XSA-88.patch, +files/xen-tools-4.2.2-rt-link.patch, files/xenconsoled.initd: fix sec bug #500530, #501080, missing -lrt bug #463840, glib deps bug #500604
Arches team please stable following ebuilds x86, amd64: app-emulation/xen-tools-4.2.2-r7 amd64 only app-emulation/xen-tools-4.3.1-r5 see also bug #500528
(In reply to Yixun Lan from comment #5) > Arches team please stable following ebuilds > > x86, amd64: > app-emulation/xen-tools-4.2.2-r7 > > amd64 only > app-emulation/xen-tools-4.3.1-r5 > > see also bug #500528 please do not stable xen-tools-4.2.2-r7 we found a few security patches are not included, besides there is new 4.2.3 release we'd like to roll out, plus the missing sec patches. for app-emulation/xen-tools-4.3.1-r5 still good to go, please stable it, thanks
Arches, please test and mark stable: =app-emulation/xen-tools-4.3.1-r5 Target Keywords: "amd64 When the ebuild is finished for xen-tools-4.2.X please let us know what version to stable for that one.
bump to app-emulation/xen-tools-4.2.3, and this revision should fix following security bugs. but let's still wait a few time before going for stable (say 1 week), so if everything goes well, this version will be stable candidate, thanks 0001-x86-xsave-initialize-extended-register-state-when-gu.patch # bug #486354, CVE-2013-1442 / XSA-62 0002-x86-properly-handle-hvm_copy_from_guest_-phys-virt-e.patch # bug #486354, CVE-2013-4355 / XSA-63 0003-x86-properly-set-up-fbld-emulation-operand-address.patch # bug #486354, CVE-2013-4361 / XSA-66 0004-x86-check-segment-descriptor-read-result-in-64-bit-O.patch # bug #486354, CVE-2013-4368 / XSA-67 0005-libxl-fix-vif-rate-parsing.patch # bug #486354, CVE-2013-4369 / XSA-68 0006-tools-ocaml-fix-erroneous-free-of-cpumap-in-stub_xc_.patch # bug #486354, CVE-2013-4370 / XSA-69 0007-libxl-fix-out-of-memory-error-handling-in-libxl_list.patch # bug #486354, CVE-2013-4371 / XSA-70 0008-tools-xenstored-if-the-reply-is-too-big-then-send-E2.patch # bug #486354, CVE-2013-4416 / XSA-72 0009-gnttab-correct-locking-order-reversal.patch # bug #486354, CVE-2013-4494 / XSA-73 0010-nested-VMX-VMLANUCH-VMRESUME-emulation-must-check-pe.patch # bug #486354, CVE-2013-4551 / XSA-75 0011-VT-d-fix-TLB-flushing-in-dma_pte_clear_one.patch # bug #486354, X------------ / XSA-78 0012-x86-restrict-XEN_DOMCTL_getmemlist.patch # bug #497084, CVE-2013-4553 / XSA-74 0013-x86-HVM-only-allow-ring-0-guest-code-to-make-hyperca.patch # bug #497086, CVE-2013-4554 / XSA-76 0014-x86-AMD-work-around-erratum-793.patch # bug #486354, CVE-2013-6885 / XSA-82 0015-x86-eliminate-has_arch_mmios.patch # bug #xxxxxx, 0016-VMX-disable-EPT-when-cpu_has_vmx_pat.patch # bug #xxxxxx, CVE-2013-2212 / XSA-60 0017-VMX-remove-the-problematic-set_uc_mode-logic.patch # bug #xxxxxx, CVE-2013-2212 / XSA-60 0018-VMX-fix-cr0.cd-handling.patch # bug #xxxxxx, CVE-2013-2212 / XSA-60 0019-IOMMU-clear-don-t-flush-override-on-error-paths.patch # bug #497082, CVE-2013-6400 / XSA-80 0020-x86-PV-don-t-commit-debug-register-values-early-in-a.patch # bug #xxxxxx, 0021-x86-irq-avoid-use-after-free-on-error-path-in-pirq_g.patch # bug #499054, X------------ / XSA-83 0022-x86-PHYSDEVOP_-prepare-release-_msix-are-privileged.patch # bug #499124, X------------ / XSA-87 0023-flask-fix-reading-strings-from-guest-memory.patch # bug #500536, X------------ / XSA-84 0024-xsm-flask-correct-off-by-one-in-flask_security_avc_c.patch # bug #500528, X------------ / XSA-85 0025-libvchan-Fix-handling-of-invalid-ring-buffer-indices.patch # bug #500530, X------------ / XSA-86 0026-libxc-Fix-out-of-memory-error-handling-in-xc_cpupool.patch # bug #501080, X------------ / XSA-88 # extra patches which not in upstream 0500-xen-qemu-4-CVE-2012-6075-XSA-41.patch 0510-xen-qemu-4-CVE-2013-1922-XSA-48.patch 0520-xen-qemu-CVE-2013-4375-XSA-71.patch # bug #486354, CVE-2013-4375 / XSA-71
amd64 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one.
(In reply to Agostino Sarubbo from comment #9) > amd64 stable. > > Maintainer(s), please cleanup. > Security, please add it to the existing request, or file a new one. security, we've only sovled the bugs for 4.3.x serial, but haven't done for 4.2.x. so, either we should wait or explicitly to tell user bugs are solved only for 4.3.1-r5, but not for 4.2.x.
Setting whiteboard to "stable?" Still need to stable version app-emulation/xen-tools-4.2.3 Currently a week long hold for testing. Will call for stabilization in a few days as per maintainers request.
please stable app-emulation/xen-tools-4.2.3-r1 also don't forget to stable app-emulation/xen-4.2.3 (see bug #500528)
amd64 stable
x86 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one.
CVE-2014-1896 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1896): The (1) do_send and (2) do_recv functions in io.c in libvchan in Xen 4.2.x, 4.3.x, and 4.4-RC series allows local guests to cause a denial of service or possibly gain privileges via crafted xenstore ring indexes, which triggers a "read or write past the end of the ring."
Arches and Maintainer(s), Thank you for your work. New GLSA Request filed.
This issue was resolved and addressed in GLSA 201407-03 at http://security.gentoo.org/glsa/glsa-201407-03.xml by GLSA coordinator Mikle Kolyada (Zlogene).
