Bug 34115

Summary: xen: Multiple issues (3.2)
Product: UCS Reporter: Moritz Muehlenhoff <jmm>
Component: Security updatesAssignee: Janek Walkenhorst <walkenhorst>
Status: CLOSED FIXED QA Contact: Philipp Hahn <hahn>
Severity: normal    
Priority: P3 CC: gohmann, walkenhorst
Version: UCS 3.0   
Target Milestone: UCS 3.2-3-errata   
Hardware: Other   
OS: Linux   
What kind of report is it?: --- What type of bug is this?: ---
Who will be affected by this bug?: --- How will those affected feel about the bug?: ---
User Pain: Enterprise Customer affected?:
School Customer affected?: ISV affected?:
Waiting Support: Flags outvoted (downgraded) after PO Review:
Ticket number: Bug group (optional):
Max CVSS v3 score:

Description Moritz Muehlenhoff univentionstaff 2014-02-13 11:26:51 CET 
use-after-free in xc_cpupool_getinfo() (CVE-2014-1950)
Comment 1 Moritz Muehlenhoff univentionstaff 2014-03-26 13:12:02 CET 
Denial of service in HVMOP_set_mem_access() (CVE-2014-2599)
Comment 2 Moritz Muehlenhoff univentionstaff 2014-05-02 08:44:53 CEST 
Denial of service in HVMOP_set_mem_type() (CVE-2014-3124)
Comment 3 Moritz Muehlenhoff univentionstaff 2014-06-12 14:55:33 CEST 
Information leak through outs instruction emulation (CVE-2014-4368)
Comment 4 Moritz Muehlenhoff univentionstaff 2014-06-27 12:15:06 CEST 
Hypervisor heap contents leaked to guests (CVE-2014-4021)
Comment 5 Moritz Muehlenhoff univentionstaff 2014-09-24 14:35:23 CEST 
Denial of service in HVMOP_track_dirty_vram() (CVE-2014-7154)
Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation (CVE-2014-7155)
Missing privilege level checks in x86 emulation of software interrupts (CVE-2014-7156)
Comment 6 Moritz Muehlenhoff univentionstaff 2014-10-10 12:54:42 CEST 
Improper MSR range used for x2APIC emulation (CVE-2014-7188)
Comment 7 Janek Walkenhorst univentionstaff 2014-10-10 19:22:00 CEST 
Advisory: 2014-10-10-xen-4.1.yaml
Tests (amd64): OK
Comment 8 Philipp Hahn univentionstaff 2014-10-13 12:51:53 CEST 
OK: /usr/share/doc/xen-4.1/changelog.Debian.gz
OK: win7: install, reboot, suspend+resume
OK: ucs3.2: install, reboot, suspend+resume
OK: apt-get install msr-tools

FAIL: 2014-10-10-xen-4.1.yaml
> version: [1, 2, 3]
please include 0

> ... bash parser ...
copy-paste-error

OK: announce_errata -V 2014-10-10-xen-4.1.yaml
Comment 9 Janek Walkenhorst univentionstaff 2014-10-13 13:36:00 CEST 
(In reply to Philipp Hahn from comment #8)
> FAIL: 2014-10-10-xen-4.1.yaml
> > version: [1, 2, 3]
> please include 0
> 
> > ... bash parser ...
> copy-paste-error
Fixed
Comment 10 Philipp Hahn univentionstaff 2014-10-13 14:26:49 CEST 
OK: xm dmesg | grep -i version # 4.4.5-8.3.201104271833 → 
OK: hvm pv
OK: apt-get install msr-tools;modprobe msr;for ((msr=0x800;msr<0x800+0x3ff;msr++));do rdmsr $msr;done
OK: r54326

(In reply to Janek Walkenhorst from comment #9)
> Fixed
OK: r54356

(In reply to Moritz Muehlenhoff from comment #3)
> Information leak through outs instruction emulation (CVE-2014-4368)
FYI: That correct CVE is ...2013... instead of 2014.
Comment 11 Janek Walkenhorst univentionstaff 2014-10-13 17:33:18 CEST 
http://errata.univention.de/ucs/3.2/218.html