Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 568212 (CVE-2015-8551, CVE-2015-8552, XSA-155, XSA-157) - Kernel: Multiple Xen-related vulnerabilities (XSA-{155,157})
Summary: Kernel: Multiple Xen-related vulnerabilities (XSA-{155,157})
Status: RESOLVED OBSOLETE
Alias: CVE-2015-8551, CVE-2015-8552, XSA-155, XSA-157
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Kernel Security
URL:
Whiteboard: B3 [upstream]
Keywords:
Depends on: CVE-2014-6416
Blocks: CVE-2015-8550
  Show dependency tree
 
Reported: 2015-12-14 09:48 UTC by Ian Delaney (RETIRED)
Modified: 2020-05-04 11:19 UTC (History)
5 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Ian Delaney (RETIRED) gentoo-dev 2015-12-14 09:48:00 UTC
These are restricted embargoed patch sets currently. On examining the patchsets, they are made for application to the linux kernel, 4.4 and prior. There is a recent update to the 155 state in which supply backport patches against  Linux v4.3 and prior.  

Please consult with the security team members
Comment 1 Kristian Fiskerstrand (RETIRED) gentoo-dev 2015-12-14 13:08:09 UTC
Restricting to security group
Comment 2 Kristian Fiskerstrand (RETIRED) gentoo-dev 2015-12-14 13:10:49 UTC
A reminder of the embargo policy: 
DEPLOYMENT DURING EMBARGO
=========================

Deployment of the patches and/or mitigations described above (or
others which are substantially similar) is permitted during the
embargo, even on public-facing systems with untrusted guest users and
administrators.

But: Distribution of updated software is prohibited (except to other
members of the predisclosure list).

Predisclosure list members who wish to deploy significantly different
patches and/or mitigations, please contact the Xen Project Security
Team.


(Note: this during-embargo deployment notice is retained in
post-embargo publicly released Xen Project advisories, even though it
is then no longer applicable.  This is to enable the community to have
oversight of the Xen Project Security Team's decisionmaking.)

For more information about permissible uses of embargoed information,
consult the Xen Project community's agreed Security Policy:
  http://www.xenproject.org/security-policy.html
Comment 3 Thomas Deutschmann (RETIRED) gentoo-dev 2016-11-30 00:30:49 UTC
The XSA-155 patch set is missing from LTS 3.10, 3.18 and 4.1er branch. Will ping upstream.

The XSA-157 patch set is missing from LTS 3.10, 3.18 is incomplete, 4.1 is incomplete. Will ping upstream.


Bug 522930 handles stabilization of sys-kernels/gentoo-sources-3.4.x.
Comment 4 Tomáš Mózes 2018-12-10 09:40:58 UTC
Security, can you please close this obsolete one? Thanks
Comment 5 NATTkA bot gentoo-dev 2020-04-10 08:32:34 UTC
Unable to check for sanity:

> no match for package: =sys-kernel/gentoo-sources-3.4.113
Comment 6 NATTkA bot gentoo-dev 2020-04-10 21:25:30 UTC
Resetting sanity check; package list is empty.
Comment 7 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-05-04 11:19:19 UTC
(In reply to Tomáš Mózes from comment #4)
> Security, can you please close this obsolete one? Thanks

Yep.