http://www.openwall.com/lists/oss-security/2013/06/03/1 XSA-52 (CVE-2013-2076) - Information leak on XSAVE/XRSTOR capable AMD CPUs http://www.openwall.com/lists/oss-security/2013/06/03/2 XSA-53 (CVE-2013-2077) - Hypervisor crash due to missing exception recovery on XRSTOR http://www.openwall.com/lists/oss-security/2013/06/03/3 XSA-54 (CVE-2013-2078) - Hypervisor crash due to missing exception recovery on XSETBV
http://www.openwall.com/lists/oss-security/2013/06/07/5 XSA-55 (no cve) Multiple vulnerabilities in libelf PV kernel handling
CVE-2013-2194 XEN XSA-55 integer overflows CVE-2013-2195 XEN XSA-55 pointer dereferences CVE-2013-2196 XEN XSA-55 other problems
XSA-57 : http://www.openwall.com/lists/oss-security/2013/06/21/3
on it
*xen-4.2.1-r4 (26 Jun 2013) *xen-4.2.2-r1 (26 Jun 2013) 26 Jun 2013; Ian Delaney <idella4@gentoo.org> +files/xen-4.2-2013-2076-XSA-52to54.patch, +xen-4.2.1-r4.ebuild, +xen-4.2.2-r1.ebuild revbump; add security patches XSA-52to54, remove old *xen-tools-4.2.2-r2 (26 Jun 2013) *xen-tools-4.2.1-r4 (26 Jun 2013) 26 Jun 2013; Ian Delaney <idella4@gentoo.org> +files/xen-4.2-CVE-2013-1-XSA-55.patch, [X many] revbumps; add security patches XSA-55,56 to 4.2.1, 4.2.2, remove old ebuilds + disused patches *xen-pvgrub-4.2.1-r3 (26 Jun 2013) *xen-pvgrub-4.2.2-r1 (26 Jun 2013) 26 Jun 2013; Ian Delaney <idella4@gentoo.org> +files/xen-4.2-CVE-2013-1-XSA-55.patch, [X many] revbumps; add sec patches XSA-55, remove disused patches XSA comprises 23 separate patches! All patches take once put in the order they were published, all build under setting of all use flags @ Sec team at your leisure CC arches and select either or both for stable testing
XSA-57 - CVE-2013-2211 http://www.openwall.com/lists/oss-security/2013/06/26/4 XSA-58 - CVE-2013-1432 http://www.openwall.com/lists/oss-security/2013/06/26/5 Ian, you need to redo the work :)
hmm; the never ending story it seems isn't a child fantasy. Oh well. (In reply to Agostino Sarubbo from comment #6) > XSA-57 - CVE-2013-2211 > http://www.openwall.com/lists/oss-security/2013/06/26/4 > XSA-58 - CVE-2013-1432 > http://www.openwall.com/lists/oss-security/2013/06/26/5 > > Ian, you need to redo the work :) hmm; the never ending story it seems isn't a child fantasy. Oh well. Ago you're repeating y'rself, xsa57-4.2.patch is already in. 28 Jun 2013; Ian Delaney <idella4@gentoo.org> +files/xen-4.2-CVE-2013-1432-XSA-58.patch, xen-4.2.1-r4.ebuild, xen-4.2.2-r1.ebuild: Add sec patch XSA-58 wrt Bug #472214, refrained from revbump since last 2 are still poised for testing xen-tools I've revbumped to 4.2.1-r5 && 4.2.2-r3 due to tending to some remnant bugs. xen-pvgrub unchanged.
arch teams time to make stable ; xen-4.2.2-r1.ebuild xen-pvgrub-4.2.2-r1.ebuild xen-tools-4.2.2-r3.ebuild
amd64 stable
x86 stable
GLSA vote: yes
GLSA vote: yes, added to GLSA draft.
CVE-2013-2078 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2078): Xen 4.0.2 through 4.0.4, 4.1.x, and 4.2.x allows local PV guest users to cause a denial of service (hypervisor crash) via certain bit combinations to the XSETBV instruction.
*** Bug 483220 has been marked as a duplicate of this bug. ***
*** Bug 483222 has been marked as a duplicate of this bug. ***
CVE-2013-2077 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2077): Xen 4.0.x, 4.1.x, and 4.2.x does not properly restrict the contents of a XRSTOR, which allows local PV guest users to cause a denial of service (unhandled exception and hypervisor crash) via unspecified vectors. CVE-2013-2076 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2076): Xen 4.0.x, 4.1.x, and 4.2.x, when running on AMD64 processors, only save/restore the FOP, FIP, and FDP x87 registers in FXSAVE/FXRSTOR when an exception is pending, which allows one domain to determine portions of the state of floating point instructions of other domains, which can be leveraged to obtain sensitive information such as cryptographic keys, a similar vulnerability to CVE-2006-1056. NOTE: this is the documented behavior of AMD64 processors, but it is inconsistent with Intel processors in a security-relevant fashion that was not addressed by the kernels.
*** Bug 483218 has been marked as a duplicate of this bug. ***
CVE-2013-2196 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2196): Multiple unspecified vulnerabilities in the Elf parser (libelf) in Xen 4.2.x and earlier allow local guest administrators with certain permissions to have an unspecified impact via a crafted kernel, related to "other problems" that are not CVE-2013-2194 or CVE-2013-2195. CVE-2013-2195 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2195): The Elf parser (libelf) in Xen 4.2.x and earlier allow local guest administrators with certain permissions to have an unspecified impact via a crafted kernel, related to "pointer dereferences" involving unexpected calculations. CVE-2013-2194 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2194): Multiple integer overflows in the Elf parser (libelf) in Xen 4.2.x and earlier allow local guest administrators with certain permissions to have an unspecified impact via a crafted kernel.
*** Bug 483228 has been marked as a duplicate of this bug. ***
CVE-2013-1432 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1432): Xen 4.1.x and 4.2.x, when the XSA-45 patch is in place, does not properly maintain references on pages stored for deferred cleanup, which allows local PV guest kernels to cause a denial of service (premature page free and hypervisor crash) or possible gain privileges via unspecified vectors.
*** Bug 483224 has been marked as a duplicate of this bug. ***
CVE-2013-2211 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2211): The libxenlight (libxl) toolstack library in Xen 4.0.x, 4.1.x, and 4.2.x uses weak permissions for xenstore keys for paravirtualised and emulated serial console devices, which allows local guest administrators to modify the xenstore value via unspecified vectors.
This issue was resolved and addressed in GLSA 201309-24 at http://security.gentoo.org/glsa/glsa-201309-24.xml by GLSA coordinator Chris Reffett (creffett).