Bug 34115 – xen: Multiple issues (3.2)

Bug 34115 - xen: Multiple issues (3.2)


Summary:	xen: Multiple issues (3.2)

Status:	CLOSED FIXED

Product:	UCS
Classification:	Unclassified
Component:	Security updates
Version:	UCS 3.0
Hardware:	Other Linux

Importance:	P3 normal (vote)
Target Milestone:	UCS 3.2-3-errata
Assigned To:	Janek Walkenhorst
QA Contact:	Philipp Hahn

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2014-02-13 11:26 CET by Moritz Muehlenhoff
Modified:	2014-10-13 17:33 CEST (History)
CC List:	2 users (show)

See Also:
What kind of report is it?:	---
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Moritz Muehlenhoff

2014-02-13 11:26:51 CET

use-after-free in xc_cpupool_getinfo() (CVE-2014-1950)

Comment 1 Moritz Muehlenhoff

2014-03-26 13:12:02 CET

Denial of service in HVMOP_set_mem_access() (CVE-2014-2599)

Comment 2 Moritz Muehlenhoff

2014-05-02 08:44:53 CEST

Denial of service in HVMOP_set_mem_type() (CVE-2014-3124)

Comment 3 Moritz Muehlenhoff

2014-06-12 14:55:33 CEST

Information leak through outs instruction emulation (CVE-2014-4368)

Comment 4 Moritz Muehlenhoff

2014-06-27 12:15:06 CEST

Hypervisor heap contents leaked to guests (CVE-2014-4021)

Comment 5 Moritz Muehlenhoff

2014-09-24 14:35:23 CEST

Denial of service in HVMOP_track_dirty_vram() (CVE-2014-7154)
Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation (CVE-2014-7155)
Missing privilege level checks in x86 emulation of software interrupts (CVE-2014-7156)

Comment 6 Moritz Muehlenhoff

2014-10-10 12:54:42 CEST

Improper MSR range used for x2APIC emulation (CVE-2014-7188)

Comment 7 Janek Walkenhorst

2014-10-10 19:22:00 CEST

Advisory: 2014-10-10-xen-4.1.yaml
Tests (amd64): OK

Comment 8 Philipp Hahn

2014-10-13 12:51:53 CEST

OK: /usr/share/doc/xen-4.1/changelog.Debian.gz
OK: win7: install, reboot, suspend+resume
OK: ucs3.2: install, reboot, suspend+resume
OK: apt-get install msr-tools

FAIL: 2014-10-10-xen-4.1.yaml
> version: [1, 2, 3]
please include 0

> ... bash parser ...
copy-paste-error

OK: announce_errata -V 2014-10-10-xen-4.1.yaml

Comment 9 Janek Walkenhorst

2014-10-13 13:36:00 CEST

(In reply to Philipp Hahn from comment #8)
> FAIL: 2014-10-10-xen-4.1.yaml
> > version: [1, 2, 3]
> please include 0
> 
> > ... bash parser ...
> copy-paste-error
Fixed

Comment 10 Philipp Hahn

2014-10-13 14:26:49 CEST

OK: xm dmesg | grep -i version # 4.4.5-8.3.201104271833 → 
OK: hvm pv
OK: apt-get install msr-tools;modprobe msr;for ((msr=0x800;msr<0x800+0x3ff;msr++));do rdmsr $msr;done
OK: r54326

(In reply to Janek Walkenhorst from comment #9)
> Fixed
OK: r54356

(In reply to Moritz Muehlenhoff from comment #3)
> Information leak through outs instruction emulation (CVE-2014-4368)
FYI: That correct CVE is ...2013... instead of 2014.

Comment 11 Janek Walkenhorst

2014-10-13 17:33:18 CEST

http://errata.univention.de/ucs/3.2/218.html