Bug 36872 - xen: Multiple issues (3.2)
xen: Multiple issues (3.2)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 3.2
Other Linux
: P3 normal (vote)
: UCS 3.2-4-errata
Assigned To: Moritz Muehlenhoff
Philipp Hahn
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2014-11-19 13:29 CET by Moritz Muehlenhoff
Modified: 2015-01-21 12:23 CET (History)
1 user (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Moritz Muehlenhoff univentionstaff 2014-11-19 13:29:04 CET
Missing privilege level checks in x86 emulation of far branches (CVE-2014-8595)
Insufficient restrictions on certain MMU update hypercalls (CVE-2014-8594)
Comment 1 Moritz Muehlenhoff univentionstaff 2014-11-24 11:47:14 CET
Page reference leak in MMU_MACHPHYS_UPDATE handling (CVE-2014-9030)

http://xenbits.xen.org/xsa/advisory-97.html (CVE-2014-5146, CVE-2014-5149) is too intrusive to backport to Xen 4.1, the impact is also minor)
Comment 2 Moritz Muehlenhoff univentionstaff 2014-11-28 07:48:33 CET
Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor allows denial of service (CVE-2014-8867)

Excessive checking in compatibility mode hypercall argument translation allows denial of service (CVE-2014-8866)
Comment 3 Moritz Muehlenhoff univentionstaff 2015-01-09 14:59:38 CET
The patches have been backported and merged into dev/branches/ucs-3.2/ucs-3.2-4/virtualization/xen-4.1

Tests were successful: I've installed and booted a UCS 3.2 and a Win7 system (both as amd64). Installing the GPLPV drivers worked fine as well.

YAML file: 2014-12-03-xen-4.1.yaml
Comment 4 Philipp Hahn univentionstaff 2015-01-12 09:04:53 CET
OK: CVE-2014-8594.patch e4292c5aac41b80f33d4877104348d5ee7c95aa4
OK: CVE-2014-8595.patch 1d68c1a70e00ed95ef0889cfa005379dab27b37d
OK: CVE-2014-9030.patch 6913fa31fa898f45ecc3b00e2397b8ebc75c8df4
OK: CVE-2014-8867.patch c5397354b998d030b021810b8202de93b9526818
OK: CVE-2014-8866.patch 0ad715304b04739fd2fc9517ce8671d3947c7621
Comment 5 Philipp Hahn univentionstaff 2015-01-15 15:29:44 CET
OK: Win7
OK: Win7+GPLPV
OK: Win2008
OK: Win2008+GPLPV
OK: UCS-3.2
OK: Migrate 16.41.201410101644 -> 16.41.201410101644
OK: Migrate 16.41.201410101644 -> 18.44.201412051509
OK: Migrate 18.44.201412051509 -> 16.41.201410101644
OK: Migrate 18.44.201412051509 -> 18.44.201412051509
OK: aptitude install '?source-package(xen-4.1)?installed'
OK: 2014-12-03-xen-4.1.yaml
OK: errata-announce -V 2014-12-03-xen-4.1.yaml
OK: CVE-2014-????
Comment 6 Moritz Muehlenhoff univentionstaff 2015-01-21 12:23:04 CET
http://errata.univention.de/ucs/3.2/274.html