Patches for XSA-148/153?

Asked by Remy van Elst

Hi,

I'd like to patch my Ubuntu 14.04 systems agains the XEN vulnerabilities last week. xen4centos has patches out already, any ETA when the fixes will be in 14.04?

Question information

Language:
English Edit question
Status:
Answered
For:
Ubuntu xen Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
Remy van Elst (raymii) said :
#1

Specifically:

http://xenbits.xen.org/xsa/advisory-148.html
http://xenbits.xen.org/xsa/advisory-149.html
http://xenbits.xen.org/xsa/advisory-150.html
http://xenbits.xen.org/xsa/advisory-151.html
http://xenbits.xen.org/xsa/advisory-152.html
http://xenbits.xen.org/xsa/advisory-153.html

The changelog here: http://packages.ubuntu.com/trusty/xen-hypervisor-4.4-amd64

Lists this as the latest update:

xen (4.4.2-0ubuntu0.14.04.2) trusty-security; urgency=low

  * Applying Xen Security Advisories:
    - CVE-2015-4103 / XSA-128
      * properly gate host writes of modified PCI CFG contents
    - CVE-2015-4104 / XSA-129
      * xen: don't allow guest to control MSI mask register
    - CVE-2015-4105 / XSA-130
      * xen/MSI-X: disable logging by default
    - CVE-2015-4106 / XSA-131
      * xen/MSI: don't open-code pass-through of enable bit modifications
      * xen/pt: consolidate PM capability emu_mask
      * xen/pt: correctly handle PM status bit
      * xen/pt: split out calculation of throughable mask in PCI config space
        handling
      * xen/pt: mark all PCIe capability bits read-only
      * xen/pt: mark reserved bits in PCI config space fields
      * xen/pt: add a few PCI config space field descriptions
      * xen/pt: unknown PCI config space fields should be read-only
    - CVE-2015-4163 / XSA-134
      * gnttab: add missing version check to GNTTABOP_swap_grant_ref handling
    - CVE-2015-3209 / XSA-135
      * pcnet: fix Negative array index read
      * pcnet: force the buffer access to be in bounds during tx
    - CVE-2015-4164 / XSA-136
      * x86/traps: loop in the correct direction in compat_iret()
    - CVE-2015-3259 / XSA-137
      * xl: Sane handling of extra config file arguments
    - CVE-2015-5154 / XSA-138
      * ide: Check array bounds before writing to io_buffer
      * ide: Clear DRQ after handling all expected accesses
    - CVE-2015-5165 / XSA-140
      * rtl8139: avoid nested ifs in IP header parsing
      * rtl8139: drop tautologous if (ip) {...} statement
      * rtl8139: skip offload on short Ethernet/IP header
      * rtl8139: check IP Header Length field
      * rtl8139: check IP Total Length field
      * rtl8139: skip offload on short TCP header
      * rtl8139: check TCP Data Offset field
    - CVE-2015-6654 / XSA-141
      * xen/arm: mm: Do not dump the p2m when mapping a foreign gfn

 -- Stefan Bader <email address hidden> Mon, 31 Aug 2015 11:11:36 +0200

Revision history for this message
Manfred Hampl (m-hampl) said :
#2

The problems seem to be known, see http://people.canonical.com/~ubuntu-security/cve/pkg/xen.html

(I do not have any knowledge about the planning of the updates.)

Revision history for this message
Remy van Elst (raymii) said :
#3

Debian has a backport patch for xen 4.1: https://tracker.debian.org/news/723802

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 31 Oct 2015 06:53:56 +0100
Source: xen
Binary: libxen-4.4 libxenstore3.0 libxen-dev xenstore-utils xen-utils-common xen-utils-4.4 xen-hypervisor-4.4-amd64 xen-system-amd64 xen-hypervisor-4.4-arm64 xen-system-arm64 xen-hypervisor-4.4-armhf xen-system-armhf
Architecture: all source
Version: 4.4.1-9+deb8u2
Distribution: jessie-security
Urgency: high
Maintainer: Debian Xen Team <email address hidden>
Changed-By: Salvatore Bonaccorso <email address hidden>
Description:
 libxen-4.4 - Public libs for Xen
 libxen-dev - Public headers and libs for Xen
 libxenstore3.0 - Xenstore communications library for Xen
 xen-hypervisor-4.4-amd64 - Xen Hypervisor on AMD64
 xen-hypervisor-4.4-arm64 - Xen Hypervisor on ARM64
 xen-hypervisor-4.4-armhf - Xen Hypervisor on ARMHF
 xen-system-amd64 - Xen System on AMD64 (meta-package)
 xen-system-arm64 - Xen System on ARM64 (meta-package)
 xen-system-armhf - Xen System on ARMHF (meta-package)
 xen-utils-4.4 - XEN administrative tools
 xen-utils-common - Xen administrative tools - common files
 xenstore-utils - Xenstore command line utilities for Xen
Changes:
 xen (4.4.1-9+deb8u2) jessie-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Add CVE-2015-7835-xsa148.patch patch.
     CVE-2015-7835: x86: Uncontrolled creation of large page mappings by PV
     guests.
Checksums-Sha1:
 78f2f367993ddbb467d9e9795bdba54c680e0ee8 2974 xen_4.4.1-9+deb8u2.dsc
 f75f2ef28c4871840cc084ac445652e855b5ef37 75236 xen_4.4.1-9+deb8u2.debian.tar.xz
 0735e57a2d39fa0312d0a348134fb4d860b9cf6e 121586 xen-utils-common_4.4.1-9+deb8u2_all.deb
Checksums-Sha256:
 a230edf2713e7ffe7d2fd8965b8db05623c5976bc88165bb672566b2fa0aff83 2974 xen_4.4.1-9+deb8u2.dsc
 2970391846c51106a57422af4f3f70b8e7fee076198c5be77bc65e97d230772b 75236 xen_4.4.1-9+deb8u2.debian.tar.xz
 e0fbf4c219e0905c0af90fd768e961b0af1220481f95a8a8a1b8eca5b66a6912 121586 xen-utils-common_4.4.1-9+deb8u2_all.deb
Files:
 e7fce4ee65314abf4f086f7174c2f815 2974 kernel optional xen_4.4.1-9+deb8u2.dsc
 7a102d3e210c9c818902ca8b752a249c 75236 kernel optional xen_4.4.1-9+deb8u2.debian.tar.xz
 08430890f156ee665034d8ac9c139604 121586 kernel optional xen-utils-common_4.4.1-9+deb8u2_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJWN4yMAAoJEAVMuPMTQ89EKgYP/iRdeJNhQLM3XgAvFCcrEmzW
nMymw6YzTmE0JTA7QmCyQBjmZ7aI43beZtX9TYjpWJzB+WYjZP6yfqPs3Z+hLJX1
0BYIYOkWSCspX5pz8h2iUJs++tuVgCVhlAQNSVdy8eZqQPEEWDE+Z8Ph43JyK6gD
n5qJphorhx+RkJOQWrhOHG+3+AKUoc2HTJMr8snnEl+eAEp2c/jGg6Ksu/v58Wio
g2fL9zKqmnLXvFapQT5YF8X36pC9rM3CMXdgTK/2U9ORnjf1Nv/QvydP4aj4aUqR
WnmuXc+XuV8g3fMJWop0XybgrllJAOsJ9SHLR7u4RbdKd/rw3uH2lGDRJpQN2ubS
ldiXtuoAD0gpQXBKThWtHMTqOhUSyK+pnoVHqYhy6chTeBzDnmwPECdiTV5pBWqR
fKa+XxnHu9ltOGL+kzui/0cxQdRuAfI0hkw+4237t5P9UTGD1WxNKsxvwx7R18zJ
tqRQDKk8y1YuwnVRFdpVT5ziMg7RFwAWgeItFMBUR6F+u4J3ZzKfJo+2nTuo30/J
8abwtb5vuh7sOcaRQJxsMzUMO10l1ym4UA//ZQs0Lq026zn+H/en4jC1SnB9TIKm
ZyOFuEvmdqiv4wdUTZj39Uk5G4tIjTCbhP0e1zvMFgPcQTgXDoZAIllw8R32Upnu
6Ez2I0VuR4SXug13r+5A
=K24p
-----END PGP SIGNATURE-----

Can you help with this problem?

Provide an answer of your own, or ask Remy van Elst for more information if necessary.

To post a message you must log in.