Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 386371 (CVE-2011-1583) - <app-emulation/xen-3.4.2-r4: Execution of arbitrary code (CVE-2011-{1583,3262})
Summary: <app-emulation/xen-3.4.2-r4: Execution of arbitrary code (CVE-2011-{1583,3262})
Status: RESOLVED FIXED
Alias: CVE-2011-1583
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [glsa]
Keywords:
Depends on: CVE-2011-2901
Blocks:
  Show dependency tree
 
Reported: 2011-10-08 15:45 UTC by GLSAMaker/CVETool Bot
Modified: 2013-09-30 00:28 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
re-written patch for xen-3, xen-3.4.2-sec-2011-1583.patch (xen-3.4.2-sec-2011-1583.patch,2.93 KB, patch)
2011-10-09 12:23 UTC, Ian Delaney (RETIRED)
no flags Details | Diff
revised ebuild patch to bump to xen-3.4.2-r4 (xen-3.4.2-r4ebuild.patch,5.42 KB, patch)
2011-10-09 12:36 UTC, Ian Delaney (RETIRED)
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2011-10-08 15:45:15 UTC
CVE-2011-1583 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1583):
  Multiple integer overflows in tools/libxc/xc_dom_bzimageloader.c in Xen 3.2,
  3.3, 4.0, and 4.1 allow local users to cause a denial of service and
  possibly execute arbitrary code via a crafted paravirtualised guest kernel
  image that triggers (1) a buffer overflow during a decompression loop or (2)
  an out-of-bounds read in the loader involving unspecified length fields.


Despite the CVE text, a patch for 3.4 can be found in the references.

Please check if our latest stable 3.4 version is still affected by this and provide an updated ebuild. Also, for the future 4.1 stable, please check if that is affected too.
Comment 1 GLSAMaker/CVETool Bot gentoo-dev 2011-10-08 15:49:38 UTC
CVE-2011-3262 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3262):
  tools/libxc/xc_dom_bzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 allows
  local users to cause a denial of service (management software infinite loop
  and management domain resource consumption) via unspecified vectors related
  to "Lack of error checking in the decompression loop."
Comment 2 Ian Delaney (RETIRED) gentoo-dev 2011-10-09 12:23:11 UTC
Created attachment 289345 [details, diff]
re-written patch for xen-3, xen-3.4.2-sec-2011-1583.patch
Comment 3 Ian Delaney (RETIRED) gentoo-dev 2011-10-09 12:36:05 UTC
Created attachment 289347 [details, diff]
revised ebuild patch to bump to xen-3.4.2-r4

patch adds the two sec patches + a copy of the fix for /.config dir
Comment 4 Ian Delaney (RETIRED) gentoo-dev 2011-10-09 12:38:11 UTC
Oh, forgot to mention, the patch is not required for xen-4.
The content is already in the source.
All done
Comment 5 Tony Vroon gentoo-dev 2011-10-11 20:25:24 UTC
+*xen-3.4.2-r4 (11 Oct 2011)
+
+  11 Oct 2011; Tony Vroon <chainsaw@gentoo.org> +xen-3.4.2-r4.ebuild,
+  +files/xen-3.4.2-CVE-2011-1583.patch,
+  +files/xen-3.4.2-fix-__addr_ok-limit.patch:
+  Patches by Ian "idella4" Delaney to address security bugs #385319 and
+  #386371.

Stabilisation efforts in bug #385319.
Comment 6 Sean Amoss (RETIRED) gentoo-dev Security 2012-11-10 20:04:59 UTC
Stabilization completed in bug 385319. 

GLSA vote: yes.
Comment 7 Tim Sammut (RETIRED) gentoo-dev 2012-12-11 17:29:23 UTC
Thanks, folks. GLSA Vote: yes; bug added to existing GLSA request.
Comment 8 GLSAMaker/CVETool Bot gentoo-dev 2013-09-30 00:28:55 UTC
This issue was resolved and addressed in
 GLSA 201309-24 at http://security.gentoo.org/glsa/glsa-201309-24.xml
by GLSA coordinator Chris Reffett (creffett).