Patches for XSA-148/153?

Asked by Remy van Elst on 2015-11-03

Hi,

I'd like to patch my Ubuntu 14.04 systems agains the XEN vulnerabilities last week. xen4centos has patches out already, any ETA when the fixes will be in 14.04?

Question information

Language:
English Edit question
Status:
Answered
For:
Ubuntu xen Edit question
Assignee:
No assignee Edit question
Last query:
2015-11-03
Last reply:
2015-11-03
Remy van Elst (raymii) said : #1

Specifically:

http://xenbits.xen.org/xsa/advisory-148.html
http://xenbits.xen.org/xsa/advisory-149.html
http://xenbits.xen.org/xsa/advisory-150.html
http://xenbits.xen.org/xsa/advisory-151.html
http://xenbits.xen.org/xsa/advisory-152.html
http://xenbits.xen.org/xsa/advisory-153.html

The changelog here: http://packages.ubuntu.com/trusty/xen-hypervisor-4.4-amd64

Lists this as the latest update:

xen (4.4.2-0ubuntu0.14.04.2) trusty-security; urgency=low

  * Applying Xen Security Advisories:
    - CVE-2015-4103 / XSA-128
      * properly gate host writes of modified PCI CFG contents
    - CVE-2015-4104 / XSA-129
      * xen: don't allow guest to control MSI mask register
    - CVE-2015-4105 / XSA-130
      * xen/MSI-X: disable logging by default
    - CVE-2015-4106 / XSA-131
      * xen/MSI: don't open-code pass-through of enable bit modifications
      * xen/pt: consolidate PM capability emu_mask
      * xen/pt: correctly handle PM status bit
      * xen/pt: split out calculation of throughable mask in PCI config space
        handling
      * xen/pt: mark all PCIe capability bits read-only
      * xen/pt: mark reserved bits in PCI config space fields
      * xen/pt: add a few PCI config space field descriptions
      * xen/pt: unknown PCI config space fields should be read-only
    - CVE-2015-4163 / XSA-134
      * gnttab: add missing version check to GNTTABOP_swap_grant_ref handling
    - CVE-2015-3209 / XSA-135
      * pcnet: fix Negative array index read
      * pcnet: force the buffer access to be in bounds during tx
    - CVE-2015-4164 / XSA-136
      * x86/traps: loop in the correct direction in compat_iret()
    - CVE-2015-3259 / XSA-137
      * xl: Sane handling of extra config file arguments
    - CVE-2015-5154 / XSA-138
      * ide: Check array bounds before writing to io_buffer
      * ide: Clear DRQ after handling all expected accesses
    - CVE-2015-5165 / XSA-140
      * rtl8139: avoid nested ifs in IP header parsing
      * rtl8139: drop tautologous if (ip) {...} statement
      * rtl8139: skip offload on short Ethernet/IP header
      * rtl8139: check IP Header Length field
      * rtl8139: check IP Total Length field
      * rtl8139: skip offload on short TCP header
      * rtl8139: check TCP Data Offset field
    - CVE-2015-6654 / XSA-141
      * xen/arm: mm: Do not dump the p2m when mapping a foreign gfn

 -- Stefan Bader <email address hidden> Mon, 31 Aug 2015 11:11:36 +0200

Manfred Hampl (m-hampl) said : #2

The problems seem to be known, see http://people.canonical.com/~ubuntu-security/cve/pkg/xen.html

(I do not have any knowledge about the planning of the updates.)

Remy van Elst (raymii) said : #3

Debian has a backport patch for xen 4.1: https://tracker.debian.org/news/723802

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 31 Oct 2015 06:53:56 +0100
Source: xen
Binary: libxen-4.4 libxenstore3.0 libxen-dev xenstore-utils xen-utils-common xen-utils-4.4 xen-hypervisor-4.4-amd64 xen-system-amd64 xen-hypervisor-4.4-arm64 xen-system-arm64 xen-hypervisor-4.4-armhf xen-system-armhf
Architecture: all source
Version: 4.4.1-9+deb8u2
Distribution: jessie-security
Urgency: high
Maintainer: Debian Xen Team <email address hidden>
Changed-By: Salvatore Bonaccorso <email address hidden>
Description:
 libxen-4.4 - Public libs for Xen
 libxen-dev - Public headers and libs for Xen
 libxenstore3.0 - Xenstore communications library for Xen
 xen-hypervisor-4.4-amd64 - Xen Hypervisor on AMD64
 xen-hypervisor-4.4-arm64 - Xen Hypervisor on ARM64
 xen-hypervisor-4.4-armhf - Xen Hypervisor on ARMHF
 xen-system-amd64 - Xen System on AMD64 (meta-package)
 xen-system-arm64 - Xen System on ARM64 (meta-package)
 xen-system-armhf - Xen System on ARMHF (meta-package)
 xen-utils-4.4 - XEN administrative tools
 xen-utils-common - Xen administrative tools - common files
 xenstore-utils - Xenstore command line utilities for Xen
Changes:
 xen (4.4.1-9+deb8u2) jessie-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Add CVE-2015-7835-xsa148.patch patch.
     CVE-2015-7835: x86: Uncontrolled creation of large page mappings by PV
     guests.
Checksums-Sha1:
 78f2f367993ddbb467d9e9795bdba54c680e0ee8 2974 xen_4.4.1-9+deb8u2.dsc
 f75f2ef28c4871840cc084ac445652e855b5ef37 75236 xen_4.4.1-9+deb8u2.debian.tar.xz
 0735e57a2d39fa0312d0a348134fb4d860b9cf6e 121586 xen-utils-common_4.4.1-9+deb8u2_all.deb
Checksums-Sha256:
 a230edf2713e7ffe7d2fd8965b8db05623c5976bc88165bb672566b2fa0aff83 2974 xen_4.4.1-9+deb8u2.dsc
 2970391846c51106a57422af4f3f70b8e7fee076198c5be77bc65e97d230772b 75236 xen_4.4.1-9+deb8u2.debian.tar.xz
 e0fbf4c219e0905c0af90fd768e961b0af1220481f95a8a8a1b8eca5b66a6912 121586 xen-utils-common_4.4.1-9+deb8u2_all.deb
Files:
 e7fce4ee65314abf4f086f7174c2f815 2974 kernel optional xen_4.4.1-9+deb8u2.dsc
 7a102d3e210c9c818902ca8b752a249c 75236 kernel optional xen_4.4.1-9+deb8u2.debian.tar.xz
 08430890f156ee665034d8ac9c139604 121586 kernel optional xen-utils-common_4.4.1-9+deb8u2_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJWN4yMAAoJEAVMuPMTQ89EKgYP/iRdeJNhQLM3XgAvFCcrEmzW
nMymw6YzTmE0JTA7QmCyQBjmZ7aI43beZtX9TYjpWJzB+WYjZP6yfqPs3Z+hLJX1
0BYIYOkWSCspX5pz8h2iUJs++tuVgCVhlAQNSVdy8eZqQPEEWDE+Z8Ph43JyK6gD
n5qJphorhx+RkJOQWrhOHG+3+AKUoc2HTJMr8snnEl+eAEp2c/jGg6Ksu/v58Wio
g2fL9zKqmnLXvFapQT5YF8X36pC9rM3CMXdgTK/2U9ORnjf1Nv/QvydP4aj4aUqR
WnmuXc+XuV8g3fMJWop0XybgrllJAOsJ9SHLR7u4RbdKd/rw3uH2lGDRJpQN2ubS
ldiXtuoAD0gpQXBKThWtHMTqOhUSyK+pnoVHqYhy6chTeBzDnmwPECdiTV5pBWqR
fKa+XxnHu9ltOGL+kzui/0cxQdRuAfI0hkw+4237t5P9UTGD1WxNKsxvwx7R18zJ
tqRQDKk8y1YuwnVRFdpVT5ziMg7RFwAWgeItFMBUR6F+u4J3ZzKfJo+2nTuo30/J
8abwtb5vuh7sOcaRQJxsMzUMO10l1ym4UA//ZQs0Lq026zn+H/en4jC1SnB9TIKm
ZyOFuEvmdqiv4wdUTZj39Uk5G4tIjTCbhP0e1zvMFgPcQTgXDoZAIllw8R32Upnu
6Ez2I0VuR4SXug13r+5A
=K24p
-----END PGP SIGNATURE-----

Can you help with this problem?

Provide an answer of your own, or ask Remy van Elst for more information if necessary.

To post a message you must log in.