From http://www.openwall.com/lists/oss-security/2015/03/05/4: Xen Security Advisory CVE-2015-2044 / XSA-121 version 3 Information leak via internal x86 system device emulation UPDATES IN VERSION 3 ==================== Public release. ISSUE DESCRIPTION ================= Emulation routines in the hypervisor dealing with certain system devices check whether the access size by the guest is a supported one. When the access size is unsupported these routines failed to set the data to be returned to the guest for read accesses, so that hypervisor stack contents are copied into the destination of the operation, thus becoming visible to the guest. IMPACT ====== A malicious HVM guest might be able to read sensitive data relating to other guests. VULNERABLE SYSTEMS ================== Xen 3.2.x and later are vulnerable. Xen 3.1.x and earlier have not been inspected. Only HVM guests can take advantage of this vulnerability. Only x86 systems are vulnerable. ARM systems are not vulnerable. MITIGATION ========== Running only PV guests will avoid this issue. CREDITS ======= This issue was discovered by Jan Beulich of SUSE. RESOLUTION ========== Applying the attached patch resolves this issue. xsa121.patch xen-unstable, Xen 4.5.x, Xen 4.4.x, Xen 4.3.x, Xen 4.2.x From http://www.openwall.com/lists/oss-security/2015/03/05/5: Xen Security Advisory CVE-2015-2045 / XSA-122 version 3 Information leak through version information hypercall UPDATES IN VERSION 3 ==================== Public release. ISSUE DESCRIPTION ================= The code handling certain sub-operations of the HYPERVISOR_xen_version hypercall fails to fully initialize all fields of structures subsequently copied back to guest memory. Due to this hypervisor stack contents are copied into the destination of the operation, thus becoming visible to the guest. IMPACT ====== A malicious guest might be able to read sensitive data relating to other guests. VULNERABLE SYSTEMS ================== Xen 3.2.x and later are vulnerable. Xen 3.1.x and earlier have not been inspected. MITIGATION ========== There is no mitigation available for this issue. CREDITS ======= This issue was discovered by Aaron Adams of NCC Group. RESOLUTION ========== Applying the attached patch resolves this issue. xsa122.patch xen-unstable, Xen 4.5.x, Xen 4.4.x, Xen 4.3.x, Xen 4.2.x @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
+*xen-4.5.0-r2 (10 Mar 2015) +*xen-4.4.1-r7 (10 Mar 2015) +*xen-4.3.3-r6 (10 Mar 2015) +*xen-4.2.5-r5 (10 Mar 2015) + + 10 Mar 2015; Yixun Lan <dlan@gentoo.org> +xen-4.2.5-r5.ebuild, + +xen-4.3.3-r6.ebuild, +xen-4.4.1-r7.ebuild, -xen-4.5.0-r1.ebuild, + +xen-4.5.0-r2.ebuild: + security bump, bug 542266, XSA-121,122
Unfortunately we have also: http://www.openwall.com/lists/oss-security/2015/03/10/4 | XSA-120 http://www.openwall.com/lists/oss-security/2015/03/10/5 | XSA-123 http://www.openwall.com/lists/oss-security/2015/03/10/3 | XSA-124
+*xen-4.5.0-r3 (12 Mar 2015) +*xen-4.4.1-r8 (12 Mar 2015) +*xen-4.3.3-r7 (12 Mar 2015) +*xen-4.2.5-r6 (12 Mar 2015) + + 12 Mar 2015; Yixun Lan <dlan@gentoo.org> -xen-4.2.5-r4.ebuild, + -xen-4.2.5-r5.ebuild, +xen-4.2.5-r6.ebuild, -xen-4.3.3-r5.ebuild, + -xen-4.3.3-r6.ebuild, +xen-4.3.3-r7.ebuild, -xen-4.4.1-r6.ebuild, + -xen-4.4.1-r7.ebuild, +xen-4.4.1-r8.ebuild, -xen-4.5.0-r2.ebuild, + +xen-4.5.0-r3.ebuild: + security bump, fix bug 542263, XSA-123 Arches, please test and mark stable: =app-emulation/xen-4.2.5-r6 =app-emulation/xen-tools-4.2.5-r2 Target keywords Both : "amd64 x86" =app-emulation/xen-4.4.1-r8 =app-emulation/xen-tools-4.4.1-r6 =app-emulation/xen-pvgrub-4.4.1 Target keywords Only: "amd64" For now, I'll just leave out arm(64) for stabilization XSA-120 -> need to patch kernel, not xen source code, and I checked gentoo-sources-3.19.1, haven't include this patch. XSA-124 -> no patches, no reasonable resolution in software btw, can we file a separate bug for XSA-120, and then CC kernel team?
x86 stable
amd64 stable. Maintainer(s), please cleanup. Security, please vote.
Would it be possible to also stabilize the 4.3 branch?
(In reply to Tomas Mozes from comment #6) > Would it be possible to also stabilize the 4.3 branch? any reason here? actually I'm talking to @idella4 that we'd plan to stabilize 4.4.x series, and prune out 4.3.x
(In reply to Yixun Lan from comment #7) > (In reply to Tomas Mozes from comment #6) > > Would it be possible to also stabilize the 4.3 branch? > > any reason here? > actually I'm talking to @idella4 that we'd plan to stabilize 4.4.x series, > and prune out 4.3.x We are stabilizing 4.2 and 4.4 and leaving 4.3 behind, however according to: http://www.xenproject.org/downloads/xen-archives.html Supported Xen Project 4.3 series Supported Xen Project 4.4 series Supported Xen Project 4.5 series Unsupported Xen Project 4.2 series Wouldn't it make sense to drop 4.2 and stabilize 4.3 and 4.4?
(In reply to Tomas Mozes from comment #8) > (In reply to Yixun Lan from comment #7) > > (In reply to Tomas Mozes from comment #6) > > > Would it be possible to also stabilize the 4.3 branch? > > > Unsupported Xen Project 4.2 series > > Wouldn't it make sense to drop 4.2 and stabilize 4.3 and 4.4? Please keep this discussion another place than a security bug. (but as I understand it 4.2 is the latest branch supporting x86 as hypervisor)
Added to existing GLSA request
CVE-2015-2045 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2045): The HYPERVISOR_xen_version hypercall in Xen 3.2.x through 4.5.x does not properly initialize data structures, which allows local guest users to obtain sensitive information via unspecified vectors. CVE-2015-2044 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2044): The emulation routines for unspecified X86 devices in Xen 3.2.x through 4.5.x does not properly initialize data, which allow local HVM guest users to obtain sensitive information via vectors involving an unsupported access size.
Maintainer(s), Thank you for you for cleanup.
This issue was resolved and addressed in GLSA 201504-04 at https://security.gentoo.org/glsa/201504-04 by GLSA coordinator Yury German (BlueKnight).
