Bug 36872 – xen: Multiple issues (3.2)

Bug 36872 - xen: Multiple issues (3.2)


Summary:	xen: Multiple issues (3.2)

Status:	CLOSED FIXED

Product:	UCS
Classification:	Unclassified
Component:	Security updates
Version:	UCS 3.2
Hardware:	Other Linux

Importance:	P3 normal (vote)
Target Milestone:	UCS 3.2-4-errata
Assigned To:	Moritz Muehlenhoff
QA Contact:	Philipp Hahn

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2014-11-19 13:29 CET by Moritz Muehlenhoff
Modified:	2015-01-21 12:23 CET (History)
CC List:	1 user (show)

See Also:
What kind of report is it?:	---
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Moritz Muehlenhoff

2014-11-19 13:29:04 CET

Missing privilege level checks in x86 emulation of far branches (CVE-2014-8595)
Insufficient restrictions on certain MMU update hypercalls (CVE-2014-8594)

Comment 1 Moritz Muehlenhoff

2014-11-24 11:47:14 CET

Page reference leak in MMU_MACHPHYS_UPDATE handling (CVE-2014-9030)

http://xenbits.xen.org/xsa/advisory-97.html (CVE-2014-5146, CVE-2014-5149) is too intrusive to backport to Xen 4.1, the impact is also minor)

Comment 2 Moritz Muehlenhoff

2014-11-28 07:48:33 CET

Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor allows denial of service (CVE-2014-8867)

Excessive checking in compatibility mode hypercall argument translation allows denial of service (CVE-2014-8866)

Comment 3 Moritz Muehlenhoff

2015-01-09 14:59:38 CET

The patches have been backported and merged into dev/branches/ucs-3.2/ucs-3.2-4/virtualization/xen-4.1

Tests were successful: I've installed and booted a UCS 3.2 and a Win7 system (both as amd64). Installing the GPLPV drivers worked fine as well.

YAML file: 2014-12-03-xen-4.1.yaml

Comment 4 Philipp Hahn

2015-01-12 09:04:53 CET

OK: CVE-2014-8594.patch e4292c5aac41b80f33d4877104348d5ee7c95aa4
OK: CVE-2014-8595.patch 1d68c1a70e00ed95ef0889cfa005379dab27b37d
OK: CVE-2014-9030.patch 6913fa31fa898f45ecc3b00e2397b8ebc75c8df4
OK: CVE-2014-8867.patch c5397354b998d030b021810b8202de93b9526818
OK: CVE-2014-8866.patch 0ad715304b04739fd2fc9517ce8671d3947c7621

Comment 5 Philipp Hahn

2015-01-15 15:29:44 CET

OK: Win7
OK: Win7+GPLPV
OK: Win2008
OK: Win2008+GPLPV
OK: UCS-3.2
OK: Migrate 16.41.201410101644 -> 16.41.201410101644
OK: Migrate 16.41.201410101644 -> 18.44.201412051509
OK: Migrate 18.44.201412051509 -> 16.41.201410101644
OK: Migrate 18.44.201412051509 -> 18.44.201412051509
OK: aptitude install '?source-package(xen-4.1)?installed'
OK: 2014-12-03-xen-4.1.yaml
OK: errata-announce -V 2014-12-03-xen-4.1.yaml
OK: CVE-2014-????

Comment 6 Moritz Muehlenhoff

2015-01-21 12:23:04 CET

http://errata.univention.de/ucs/3.2/274.html