Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 472214 (CVE-2013-2076) - <app-emulation/xen-4.2.2-r1 : multiple vulnerabilities (CVE-2013-{1432,2076,2077,2078,2194,2195,2196})
Summary: <app-emulation/xen-4.2.2-r1 : multiple vulnerabilities (CVE-2013-{1432,2076,2...
Status: RESOLVED FIXED
Alias: CVE-2013-2076
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor
Assignee: Gentoo Security
URL:
Whiteboard: B3 [glsa]
Keywords:
: CVE-2013-2194 483220 483222 483224 483228 (view as bug list)
Depends on:
Blocks:
 
Reported: 2013-06-03 19:56 UTC by Agostino Sarubbo
Modified: 2013-09-30 00:29 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2013-06-03 19:56:51 UTC
http://www.openwall.com/lists/oss-security/2013/06/03/1
XSA-52 (CVE-2013-2076) - Information leak on XSAVE/XRSTOR capable AMD CPUs

http://www.openwall.com/lists/oss-security/2013/06/03/2
XSA-53 (CVE-2013-2077) - Hypervisor crash due to missing exception recovery on XRSTOR

http://www.openwall.com/lists/oss-security/2013/06/03/3
XSA-54 (CVE-2013-2078) - Hypervisor crash due to missing exception recovery on XSETBV
Comment 1 Agostino Sarubbo gentoo-dev 2013-06-08 09:31:50 UTC
http://www.openwall.com/lists/oss-security/2013/06/07/5
XSA-55 (no cve) Multiple vulnerabilities in libelf PV kernel handling
Comment 2 Agostino Sarubbo gentoo-dev 2013-06-20 10:50:42 UTC
CVE-2013-2194 XEN XSA-55 integer overflows
CVE-2013-2195 XEN XSA-55 pointer dereferences
CVE-2013-2196 XEN XSA-55 other problems
Comment 3 Agostino Sarubbo gentoo-dev 2013-06-21 15:20:16 UTC
XSA-57 : http://www.openwall.com/lists/oss-security/2013/06/21/3
Comment 4 Ian Delaney (RETIRED) gentoo-dev 2013-06-25 12:30:26 UTC
on it
Comment 5 Ian Delaney (RETIRED) gentoo-dev 2013-06-27 06:19:34 UTC
*xen-4.2.1-r4 (26 Jun 2013)
*xen-4.2.2-r1 (26 Jun 2013)

  26 Jun 2013; Ian Delaney <idella4@gentoo.org>
  +files/xen-4.2-2013-2076-XSA-52to54.patch, +xen-4.2.1-r4.ebuild,
  +xen-4.2.2-r1.ebuild

  revbump; add security patches XSA-52to54, remove old

*xen-tools-4.2.2-r2 (26 Jun 2013)
*xen-tools-4.2.1-r4 (26 Jun 2013)

  26 Jun 2013; Ian Delaney <idella4@gentoo.org>
  +files/xen-4.2-CVE-2013-1-XSA-55.patch,
[X many]

  revbumps; add security patches XSA-55,56 to 4.2.1, 4.2.2, remove old ebuilds +
  disused patches

*xen-pvgrub-4.2.1-r3 (26 Jun 2013)
*xen-pvgrub-4.2.2-r1 (26 Jun 2013)

  26 Jun 2013; Ian Delaney <idella4@gentoo.org>
  +files/xen-4.2-CVE-2013-1-XSA-55.patch,
[X many]
  revbumps; add sec patches XSA-55, remove disused patches

XSA comprises 23 separate patches!
All patches take once put in the order they were published, all build under setting of all use flags @ Sec team at your leisure CC arches and select either or both for stable testing
Comment 6 Agostino Sarubbo gentoo-dev 2013-06-27 16:04:09 UTC
XSA-57 - CVE-2013-2211 http://www.openwall.com/lists/oss-security/2013/06/26/4
XSA-58 - CVE-2013-1432 http://www.openwall.com/lists/oss-security/2013/06/26/5

Ian, you need to redo the work :)
Comment 7 Ian Delaney (RETIRED) gentoo-dev 2013-06-28 15:10:46 UTC
hmm; the never ending story it seems isn't a child fantasy.  Oh well.
(In reply to Agostino Sarubbo from comment #6)
> XSA-57 - CVE-2013-2211
> http://www.openwall.com/lists/oss-security/2013/06/26/4
> XSA-58 - CVE-2013-1432
> http://www.openwall.com/lists/oss-security/2013/06/26/5
> 
> Ian, you need to redo the work :)

hmm; the never ending story it seems isn't a child fantasy.  Oh well.
Ago you're repeating y'rself, xsa57-4.2.patch is already in.

  28 Jun 2013; Ian Delaney <idella4@gentoo.org>
  +files/xen-4.2-CVE-2013-1432-XSA-58.patch, xen-4.2.1-r4.ebuild,
  xen-4.2.2-r1.ebuild:
  Add sec patch XSA-58 wrt Bug #472214, refrained from revbump since last 2 are
  still poised for testing

xen-tools I've revbumped to 4.2.1-r5 && 4.2.2-r3 due to tending to some remnant bugs. xen-pvgrub unchanged.
Comment 8 Ian Delaney (RETIRED) gentoo-dev 2013-07-01 05:47:59 UTC
arch teams time to make stable ;
xen-4.2.2-r1.ebuild
xen-pvgrub-4.2.2-r1.ebuild
xen-tools-4.2.2-r3.ebuild
Comment 9 Agostino Sarubbo gentoo-dev 2013-07-02 16:15:17 UTC
amd64 stable
Comment 10 Agostino Sarubbo gentoo-dev 2013-07-02 16:15:46 UTC
x86 stable
Comment 11 Sergey Popov (RETIRED) gentoo-dev 2013-08-24 05:38:43 UTC
GLSA vote: yes
Comment 12 Chris Reffett (RETIRED) gentoo-dev Security 2013-08-28 23:47:30 UTC
GLSA vote: yes, added to GLSA draft.
Comment 13 GLSAMaker/CVETool Bot gentoo-dev 2013-08-28 23:50:20 UTC
CVE-2013-2078 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2078):
  Xen 4.0.2 through 4.0.4, 4.1.x, and 4.2.x allows local PV guest users to
  cause a denial of service (hypervisor crash) via certain bit combinations to
  the XSETBV instruction.
Comment 14 GLSAMaker/CVETool Bot gentoo-dev 2013-08-28 23:50:20 UTC
CVE-2013-2078 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2078):
  Xen 4.0.2 through 4.0.4, 4.1.x, and 4.2.x allows local PV guest users to
  cause a denial of service (hypervisor crash) via certain bit combinations to
  the XSETBV instruction.
Comment 15 Chris Reffett (RETIRED) gentoo-dev Security 2013-09-01 00:48:35 UTC
*** Bug 483220 has been marked as a duplicate of this bug. ***
Comment 16 Chris Reffett (RETIRED) gentoo-dev Security 2013-09-01 00:48:45 UTC
*** Bug 483222 has been marked as a duplicate of this bug. ***
Comment 17 GLSAMaker/CVETool Bot gentoo-dev 2013-09-01 00:49:36 UTC
CVE-2013-2077 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2077):
  Xen 4.0.x, 4.1.x, and 4.2.x does not properly restrict the contents of a
  XRSTOR, which allows local PV guest users to cause a denial of service
  (unhandled exception and hypervisor crash) via unspecified vectors.

CVE-2013-2076 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2076):
  Xen 4.0.x, 4.1.x, and 4.2.x, when running on AMD64 processors, only
  save/restore the FOP, FIP, and FDP x87 registers in FXSAVE/FXRSTOR when an
  exception is pending, which allows one domain to determine portions of the
  state of floating point instructions of other domains, which can be
  leveraged to obtain sensitive information such as cryptographic keys, a
  similar vulnerability to CVE-2006-1056.  NOTE: this is the documented
  behavior of AMD64 processors, but it is inconsistent with Intel processors
  in a security-relevant fashion that was not addressed by the kernels.
Comment 18 Chris Reffett (RETIRED) gentoo-dev Security 2013-09-01 12:54:31 UTC
*** Bug 483218 has been marked as a duplicate of this bug. ***
Comment 19 GLSAMaker/CVETool Bot gentoo-dev 2013-09-01 12:55:18 UTC
CVE-2013-2196 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2196):
  Multiple unspecified vulnerabilities in the Elf parser (libelf) in Xen 4.2.x
  and earlier allow local guest administrators with certain permissions to
  have an unspecified impact via a crafted kernel, related to "other problems"
  that are not CVE-2013-2194 or CVE-2013-2195.

CVE-2013-2195 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2195):
  The Elf parser (libelf) in Xen 4.2.x and earlier allow local guest
  administrators with certain permissions to have an unspecified impact via a
  crafted kernel, related to "pointer dereferences" involving unexpected
  calculations.

CVE-2013-2194 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2194):
  Multiple integer overflows in the Elf parser (libelf) in Xen 4.2.x and
  earlier allow local guest administrators with certain permissions to have an
  unspecified impact via a crafted kernel.
Comment 20 Chris Reffett (RETIRED) gentoo-dev Security 2013-09-01 12:56:32 UTC
*** Bug 483228 has been marked as a duplicate of this bug. ***
Comment 21 GLSAMaker/CVETool Bot gentoo-dev 2013-09-01 12:56:44 UTC
CVE-2013-1432 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1432):
  Xen 4.1.x and 4.2.x, when the XSA-45 patch is in place, does not properly
  maintain references on pages stored for deferred cleanup, which allows local
  PV guest kernels to cause a denial of service (premature page free and
  hypervisor crash) or possible gain privileges via unspecified vectors.
Comment 22 Sergey Popov (RETIRED) gentoo-dev 2013-09-02 08:36:36 UTC
*** Bug 483224 has been marked as a duplicate of this bug. ***
Comment 23 GLSAMaker/CVETool Bot gentoo-dev 2013-09-02 08:37:49 UTC
CVE-2013-2211 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2211):
  The libxenlight (libxl) toolstack library in Xen 4.0.x, 4.1.x, and 4.2.x
  uses weak permissions for xenstore keys for paravirtualised and emulated
  serial console devices, which allows local guest administrators to modify
  the xenstore value via unspecified vectors.
Comment 24 GLSAMaker/CVETool Bot gentoo-dev 2013-09-30 00:29:10 UTC
This issue was resolved and addressed in
 GLSA 201309-24 at http://security.gentoo.org/glsa/glsa-201309-24.xml
by GLSA coordinator Chris Reffett (creffett).