Bug 36872

Summary: xen: Multiple issues (3.2)
Product: UCS Reporter: Moritz Muehlenhoff <jmm>
Component: Security updatesAssignee: Moritz Muehlenhoff <jmm>
Status: CLOSED FIXED QA Contact: Philipp Hahn <hahn>
Severity: normal    
Priority: P3 CC: gohmann
Version: UCS 3.2   
Target Milestone: UCS 3.2-4-errata   
Hardware: Other   
OS: Linux   
What kind of report is it?: --- What type of bug is this?: ---
Who will be affected by this bug?: --- How will those affected feel about the bug?: ---
User Pain: Enterprise Customer affected?:
School Customer affected?: ISV affected?:
Waiting Support: Flags outvoted (downgraded) after PO Review:
Ticket number: Bug group (optional):
Max CVSS v3 score:

Description Moritz Muehlenhoff univentionstaff 2014-11-19 13:29:04 CET 
Missing privilege level checks in x86 emulation of far branches (CVE-2014-8595)
Insufficient restrictions on certain MMU update hypercalls (CVE-2014-8594)
Comment 1 Moritz Muehlenhoff univentionstaff 2014-11-24 11:47:14 CET 
Page reference leak in MMU_MACHPHYS_UPDATE handling (CVE-2014-9030)

http://xenbits.xen.org/xsa/advisory-97.html (CVE-2014-5146, CVE-2014-5149) is too intrusive to backport to Xen 4.1, the impact is also minor)
Comment 2 Moritz Muehlenhoff univentionstaff 2014-11-28 07:48:33 CET 
Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor allows denial of service (CVE-2014-8867)

Excessive checking in compatibility mode hypercall argument translation allows denial of service (CVE-2014-8866)
Comment 3 Moritz Muehlenhoff univentionstaff 2015-01-09 14:59:38 CET 
The patches have been backported and merged into dev/branches/ucs-3.2/ucs-3.2-4/virtualization/xen-4.1

Tests were successful: I've installed and booted a UCS 3.2 and a Win7 system (both as amd64). Installing the GPLPV drivers worked fine as well.

YAML file: 2014-12-03-xen-4.1.yaml
Comment 4 Philipp Hahn univentionstaff 2015-01-12 09:04:53 CET 
OK: CVE-2014-8594.patch e4292c5aac41b80f33d4877104348d5ee7c95aa4
OK: CVE-2014-8595.patch 1d68c1a70e00ed95ef0889cfa005379dab27b37d
OK: CVE-2014-9030.patch 6913fa31fa898f45ecc3b00e2397b8ebc75c8df4
OK: CVE-2014-8867.patch c5397354b998d030b021810b8202de93b9526818
OK: CVE-2014-8866.patch 0ad715304b04739fd2fc9517ce8671d3947c7621
Comment 5 Philipp Hahn univentionstaff 2015-01-15 15:29:44 CET 
OK: Win7
OK: Win7+GPLPV
OK: Win2008
OK: Win2008+GPLPV
OK: UCS-3.2
OK: Migrate 16.41.201410101644 -> 16.41.201410101644
OK: Migrate 16.41.201410101644 -> 18.44.201412051509
OK: Migrate 18.44.201412051509 -> 16.41.201410101644
OK: Migrate 18.44.201412051509 -> 18.44.201412051509
OK: aptitude install '?source-package(xen-4.1)?installed'
OK: 2014-12-03-xen-4.1.yaml
OK: errata-announce -V 2014-12-03-xen-4.1.yaml
OK: CVE-2014-????
Comment 6 Moritz Muehlenhoff univentionstaff 2015-01-21 12:23:04 CET 
http://errata.univention.de/ucs/3.2/274.html