Bug 39684 - xen: Multiple issues (3.2)
xen: Multiple issues (3.2)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 3.2
Other Linux
: P1 normal (vote)
: UCS 3.2-7-errata
Assigned To: Janek Walkenhorst
Philipp Hahn
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2015-10-30 13:54 CET by Janek Walkenhorst
Modified: 2015-11-03 18:16 CET (History)
1 user (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional): Security
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Janek Walkenhorst univentionstaff 2015-10-30 13:54:24 CET
x86: Uncontrolled creation of large page mappings by PV guests (CVE-2015-7835)
  http://xenbits.xen.org/xsa/advisory-148.html

leak of main per-domain vcpu pointer array (CVE-2015-7969)
  http://xenbits.xen.org/xsa/advisory-149.html

x86: Long latency populate-on-demand operation is not preemptible (CVE-2015-7970)
  http://xenbits.xen.org/xsa/advisory-150.html

x86: leak of per-domain profiling-related vcpu pointer array (CVE-2015-7969)
  http://xenbits.xen.org/xsa/advisory-151.html

x86: some pmu and profiling hypercalls log without rate limiting (CVE-2015-7971)
  http://xenbits.xen.org/xsa/advisory-152.html

x86: populate-on-demand balloon size inaccuracy can crash guests (CVE-2015-7972)
  http://xenbits.xen.org/xsa/advisory-153.html
Comment 1 Janek Walkenhorst univentionstaff 2015-10-30 16:15:15 CET
(In reply to Janek Walkenhorst from comment #0)
> x86: Uncontrolled creation of large page mappings by PV guests
> (CVE-2015-7835)
>   http://xenbits.xen.org/xsa/advisory-148.html
> 
> leak of main per-domain vcpu pointer array (CVE-2015-7969)
>   http://xenbits.xen.org/xsa/advisory-149.html
> 
> x86: leak of per-domain profiling-related vcpu pointer array (CVE-2015-7969)
>   http://xenbits.xen.org/xsa/advisory-151.html
> 
> x86: some pmu and profiling hypercalls log without rate limiting
> (CVE-2015-7971)
>   http://xenbits.xen.org/xsa/advisory-152.html
Upstream patches backported.
@QA: Please review patches

Package: xen-4.1
Version: 4.1.3-21.53.201510301602
Branch: ucs_3.2-0
Scope: errata3.2-7

> x86: Long latency populate-on-demand operation is not preemptible
> (CVE-2015-7970)
>   http://xenbits.xen.org/xsa/advisory-150.html 
> 
> x86: populate-on-demand balloon size inaccuracy can crash guests
> (CVE-2015-7972)
>   http://xenbits.xen.org/xsa/advisory-153.htmlBug #39689
Comment 2 Janek Walkenhorst univentionstaff 2015-10-30 16:32:02 CET
Advisory: 2015-10-30-xen-4.1.yaml
Comment 3 Philipp Hahn univentionstaff 2015-11-03 10:04:52 CET
FIXED: r15406 -> r65103 Imported Patches into ucs-3.2-7/

OK: amd64
OK: UCS-3.2
OK: Win7-64
OK: W2k8R2
OK: Migration
OK: Update
OK: Reboot
OK: GPLPV Windows
OK: PV Linux
OK: e1000
OK: rtl8192

OK: r65018
OK: 2015-10-30-xen-4.1.yaml
OK: errata3.2-[67]
OK: errata-announce -V 2015-10-30-xen-4.1.yaml
Comment 4 Janek Walkenhorst univentionstaff 2015-11-03 18:16:10 CET
<http://errata.software-univention.de/ucs/3.2/376.html>