First Last Prev Next    This bug is not in your last search results.
Bug 33316 - xen: Multiple issues (3.2)
xen: Multiple issues (3.2)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 3.2
Other Linux
: P4 normal (vote)
: UCS 3.2-0-errata
Assigned To: Moritz Muehlenhoff
Janek Walkenhorst
:
Depends on: 33924
Blocks:
  Show dependency treegraph
 
Reported: 2013-11-12 13:28 CET by Moritz Muehlenhoff
Modified: 2014-01-29 11:18 CET (History)
1 user (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Moritz Muehlenhoff univentionstaff 2013-11-12 13:28:35 CET 
+++ This bug was initially created as a clone of Bug #32766 +++

Information leak with some CPU types if XSAVE is used (CVE-2013-1442)

Information leak in I/O code for HVM guests (CVE-2013-4355, CVE-2013-4361)

Resource leak in qdisk (CVE-2013-4375)

Denial of service through enforced deadlocks (CVE-2013-4494)
Comment 1 Moritz Muehlenhoff univentionstaff 2013-11-27 08:04:12 CET 
Denial of service through incorrect locking (CVE-2013-4553)
Incorrect validation of hypercall privileges (CVE-2013-4554)
Comment 2 Moritz Muehlenhoff univentionstaff 2014-01-14 10:42:48 CET 
(In reply to Moritz Muehlenhoff from comment #0)
> Resource leak in qdisk (CVE-2013-4375)

Xen 4.1 is not affected
Comment 3 Moritz Muehlenhoff univentionstaff 2014-01-14 10:46:54 CET 
(In reply to Moritz Muehlenhoff from comment #1)
> Incorrect validation of hypercall privileges (CVE-2013-4554)

This is not exploitable on Linux
Comment 4 Moritz Muehlenhoff univentionstaff 2014-01-14 10:56:40 CET 
We can ship these fixes together with Bug 20481
Comment 5 Moritz Muehlenhoff univentionstaff 2014-01-15 13:53:26 CET 
The patches are merged, but Xen cannot be rebuilt yet w/o the fixed linux-libc-dev
Comment 6 Moritz Muehlenhoff univentionstaff 2014-01-23 14:23:34 CET 
The patches were integrated. I've successfully tested the installation of UCS 3.2 and Windows 7 and basic functionality of the installed systems.

YAML: 2014-01-14-xen-4.1.yaml
Comment 7 Janek Walkenhorst univentionstaff 2014-01-27 17:48:02 CET 
(In reply to Moritz Muehlenhoff from comment #6)
> The patches were integrated. I've successfully tested the installation of
> UCS 3.2 and Windows 7 and basic functionality of the installed systems.
> 
> YAML: 2014-01-14-xen-4.1.yaml
Advisory: OK
Test (amd64):
 Windows 7: OK
 UCS 3.2: OK
Comment 8 Moritz Muehlenhoff univentionstaff 2014-01-29 11:18:10 CET 
http://errata.univention.de/ucs/3.2/33.html
First Last Prev Next    This bug is not in your last search results.