Univention Bugzilla – Full Text Bug Listing |
Summary: | xen: Multiple issues (3.2) | ||
---|---|---|---|
Product: | UCS | Reporter: | Moritz Muehlenhoff <jmm> |
Component: | Security updates | Assignee: | Moritz Muehlenhoff <jmm> |
Status: | CLOSED FIXED | QA Contact: | Philipp Hahn <hahn> |
Severity: | normal | ||
Priority: | P3 | CC: | gohmann |
Version: | UCS 3.2 | ||
Target Milestone: | UCS 3.2-4-errata | ||
Hardware: | Other | ||
OS: | Linux | ||
What kind of report is it?: | --- | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | ||
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | ||
Max CVSS v3 score: |
Description
Moritz Muehlenhoff
2014-11-19 13:29:04 CET
Page reference leak in MMU_MACHPHYS_UPDATE handling (CVE-2014-9030) http://xenbits.xen.org/xsa/advisory-97.html (CVE-2014-5146, CVE-2014-5149) is too intrusive to backport to Xen 4.1, the impact is also minor) Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor allows denial of service (CVE-2014-8867) Excessive checking in compatibility mode hypercall argument translation allows denial of service (CVE-2014-8866) The patches have been backported and merged into dev/branches/ucs-3.2/ucs-3.2-4/virtualization/xen-4.1 Tests were successful: I've installed and booted a UCS 3.2 and a Win7 system (both as amd64). Installing the GPLPV drivers worked fine as well. YAML file: 2014-12-03-xen-4.1.yaml OK: CVE-2014-8594.patch e4292c5aac41b80f33d4877104348d5ee7c95aa4 OK: CVE-2014-8595.patch 1d68c1a70e00ed95ef0889cfa005379dab27b37d OK: CVE-2014-9030.patch 6913fa31fa898f45ecc3b00e2397b8ebc75c8df4 OK: CVE-2014-8867.patch c5397354b998d030b021810b8202de93b9526818 OK: CVE-2014-8866.patch 0ad715304b04739fd2fc9517ce8671d3947c7621 OK: Win7 OK: Win7+GPLPV OK: Win2008 OK: Win2008+GPLPV OK: UCS-3.2 OK: Migrate 16.41.201410101644 -> 16.41.201410101644 OK: Migrate 16.41.201410101644 -> 18.44.201412051509 OK: Migrate 18.44.201412051509 -> 16.41.201410101644 OK: Migrate 18.44.201412051509 -> 18.44.201412051509 OK: aptitude install '?source-package(xen-4.1)?installed' OK: 2014-12-03-xen-4.1.yaml OK: errata-announce -V 2014-12-03-xen-4.1.yaml OK: CVE-2014-???? |