diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2014-10-02 14:37:50 +0000 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2014-10-14 07:58:25 +0000 |
commit | 1c0379e85192c0cbfe5d8b88f449726f4f327496 (patch) | |
tree | 7a65bc8b7a047560ffa4d92e361d4fbb8d56c5c7 /main | |
parent | 392088ed6d49bea38f85f3a7d5b7eae0fa269582 (diff) | |
download | aports-1c0379e85192c0cbfe5d8b88f449726f4f327496.tar.bz2 aports-1c0379e85192c0cbfe5d8b88f449726f4f327496.tar.xz |
main/xen: upgrade to 4.3.3 and fix CVE-2014-7188
The following critical vulnerabilities have been fixed:
- CVE-2014-2599 / XSA-89 HVMOP_set_mem_access is not preemptible
- CVE-2014-3124 / XSA-92 HVMOP_set_mem_type allows invalid P2M entries
to be created
- CVE-2014-3967,CVE-2014-3968 / XSA-96 Vulnerabilities in HVM MSI injection
- CVE-2014-4021 / XSA-100 Hypervisor heap contents leaked to guests
Also add patch for xsa108:
- CVE-2014-7188: Improper MSR range used for x2APIC emulation.
fixes #3415
Diffstat (limited to 'main')
-rw-r--r-- | main/xen/APKBUILD | 12 | ||||
-rw-r--r-- | main/xen/xsa108.patch | 36 |
2 files changed, 44 insertions, 4 deletions
diff --git a/main/xen/APKBUILD b/main/xen/APKBUILD index 73cab5b960..4012d7d0bd 100644 --- a/main/xen/APKBUILD +++ b/main/xen/APKBUILD @@ -2,7 +2,7 @@ # Contributor: Roger Pau Monne <roger.pau@entel.upc.edu> # Maintainer: William Pitcock <nenolod@dereferenced.org> pkgname=xen -pkgver=4.3.2 +pkgver=4.3.3 pkgrel=0 pkgdesc="Xen hypervisor" url="http://www.xen.org/" @@ -25,6 +25,7 @@ source="http://bits.xensource.com/oss-xen/release/$pkgver/$pkgname-$pkgver.tar.g xsa41c.patch xsa97-hap-4_3.patch + xsa108.patch fix-pod2man-choking.patch @@ -185,7 +186,7 @@ xend() { -exec mv '{}' "$subpkgdir"/"$sitepackages"/xen \; } -md5sums="83e0e13678383e4fbcaa69ce6064b187 xen-4.3.2.tar.gz +md5sums="1b4438a50d8875700ac2c7e1ffbcd91b xen-4.3.3.tar.gz 2dc5ddf47c53ea168729975046c3c1f9 librt.patch 1ccde6b36a6f9542a16d998204dc9a22 qemu-xen_paths.patch 6dcff640268d514fa9164b4c812cc52d docs-Fix-generating-qemu-doc.html-with-texinfo-5.patch @@ -193,6 +194,7 @@ md5sums="83e0e13678383e4fbcaa69ce6064b187 xen-4.3.2.tar.gz ed7d0399c6ca6aeee479da5d8f807fe0 xsa41b.patch 2f3dd7bdc59d104370066d6582725575 xsa41c.patch 8b0feffc89e3f34d835d60ad62688b30 xsa97-hap-4_3.patch +1f66f6c52941309c825f60e1bf144987 xsa108.patch 4c5455d1adc09752a835e241097fbc39 fix-pod2man-choking.patch a4097e06a7e000ed00f4607db014d277 qemu-xen-websocket.patch 35bdea1d4e3ae2565edc7e40906efdd5 qemu-xen-tls-websockets.patch @@ -212,7 +214,7 @@ fa8c72b42e0479d521a353386d8543ef xendomains.initd 9df68ac65dc3f372f5d61183abdc83ff xen-consoles.logrotate 6a2f777c16678d84039acf670d86fff6 xenqemu.confd f9afbf39e2b5a7d9dde60ebbd249ea7d xenqemu.initd" -sha256sums="17611d95f955302560ff72d97c08933b4e62bc2e8ffb71400fc54e388746ff69 xen-4.3.2.tar.gz +sha256sums="59eb0e1c4a1f66965fe56dcf27cdb5872bf7e0585b7f2e60bd7967ec7f744ebf xen-4.3.3.tar.gz 12bf32f9937b09283f2df4955b50d6739768f66137a7d991f661f45cf77cb53b librt.patch 9440ca31a6911201f02694e93faafb5ca9b17de18b7f15b53ceac39a03411b4a qemu-xen_paths.patch a0c225d716d343fe041b63e3940900c5b3573ed3bcfc5b7c2d52ea2861c3fc28 docs-Fix-generating-qemu-doc.html-with-texinfo-5.patch @@ -220,6 +222,7 @@ a0c225d716d343fe041b63e3940900c5b3573ed3bcfc5b7c2d52ea2861c3fc28 docs-Fix-gener 896a07f57310c9bea9bc2a305166cf796282c381cb7839be49105b1726a860b5 xsa41b.patch 683dd96a0a8899f794070c8c09643dfeeb39f92da531955cba961b45f6075914 xsa41c.patch cfab6521221a5058a0dfbb6d59c3c4cd0e7f4239bb6cbee2723de22c33caafda xsa97-hap-4_3.patch +cf7ecf4b4680c09e8b1f03980d8350a0e1e7eb03060031788f972e0d4d47203e xsa108.patch fcb5b9ff0bc4b4d39fed9b88891491b91628aa449914cfea321abe5da24c1da2 fix-pod2man-choking.patch e9f6c482fc449e0b540657a8988ad31f2e680b8933e50e6486687a52f6a9ed04 qemu-xen-websocket.patch 435dd428d83acdfde58888532a1cece1e9075b2a2460fe3f6cd33c7d400f2715 qemu-xen-tls-websockets.patch @@ -239,7 +242,7 @@ a50a4485e84bcc098ad021556cd2aa7947c228f0a546ab942e880787ced57be3 xend.initd 0da87a4b9094f934e3de937e8ef8d3afc752e76793aa3d730182d0241e118b19 xen-consoles.logrotate 4cfcddcade5d055422ab4543e8caa6e5c5eee7625c41880a9000b7a87c7c424e xenqemu.confd bf17808a79c57a9efc38b9f14cc87f556b2bb7ecfdec5763d9cf686255a47fce xenqemu.initd" -sha512sums="ec94d849b56ec590b89022075ce43768d8ef44b7be9580ce032509b44c085f0f66495845607a18cd3dea6b89c69bc2a18012705556f59288cd8653c3e5eca302 xen-4.3.2.tar.gz +sha512sums="cd9b7199d2859a856c719b75ee50a059c480f7493bbc493bcc3701d20321bd6d83c6fe1dd58e7b37695639bccf15e6420fb52f7e699586e7750ea665e99f82fc xen-4.3.3.tar.gz 74e3cfc51e367fc445cb3d8149f0c8830e94719a266daf04d2cd0889864591860c4c8842de2bc78070e4c5be7d14dfbb8b236c511d5faeddc2ad97177c1d3764 librt.patch 425149aea57a6deae9f488cea867f125983998dc6e8c63893fb3b9caf0ea34214251dd98ad74db823f5168631c44c49b988b6fe9c11b76bd493ddf51bc0baaa2 qemu-xen_paths.patch 477d3d08bd4fcdfbc54abea1a18acb6a41d298c366cd01c954f474515cb862d0dd59217c0dfca5460a725a8bc036de42132f522c3eefdffcc4fd511f016b783f docs-Fix-generating-qemu-doc.html-with-texinfo-5.patch @@ -247,6 +250,7 @@ sha512sums="ec94d849b56ec590b89022075ce43768d8ef44b7be9580ce032509b44c085f0f6649 bda9105793f2327e1317991762120d0668af0e964076b18c9fdbfd509984b2e88d85df95702c46b2e00d5350e8113f6aa7b34b19064d19abbeb4d43f0c431d38 xsa41b.patch 36b60478660ff7748328f5ab9adff13286eee1a1bad06e42fdf7e6aafe105103988525725aacd660cf5b2a184a9e2d6b3818655203c1fa07e07dcebdf23f35d9 xsa41c.patch acfd1058632d42bef061a9586565d184c0010d74870a25bc9b0a0bf40dda8abfd882056b8340dec45355efd9326d05f92a933f5d5c1c58e97597a8e88c61c639 xsa97-hap-4_3.patch +f511a13ee4223ea2fa9d109fea1802b462f178d3be7de630aeba6eb40ef5d17c7db9d3b99ea414c5794d92d181a60c0bd2061f51987c6deb3a9071f5626fd049 xsa108.patch 2e95ad43bb66f928fe1e8caf474a3211571f75f79ea32aaa3eddb3aed9963444bd131006b67e682395af0d79118b2634bf808404693b813a94662d2a9d665ac2 fix-pod2man-choking.patch 45f1da45f3ff937d0a626e37c130d76f5b97f49a57ddeb11ef2a8e850c04c32c819a3dfcef501eb3784db5fe7b39c88230063e56aa6e5197fd9c7b7d424fff77 qemu-xen-websocket.patch 11eaccc346440ff285552f204d491e3b31bda1665c3219ecae3061b5d55db9dec885af0c031fa19c67e87bbe238002b1911bbd5bfea2f2ba0d61e6b3d0c952c9 qemu-xen-tls-websockets.patch diff --git a/main/xen/xsa108.patch b/main/xen/xsa108.patch new file mode 100644 index 0000000000..e162185789 --- /dev/null +++ b/main/xen/xsa108.patch @@ -0,0 +1,36 @@ +x86/HVM: properly bound x2APIC MSR range + +While the write path change appears to be purely cosmetic (but still +gets done here for consistency), the read side mistake permitted +accesses beyond the virtual APIC page. + +Note that while this isn't fully in line with the specification +(digesting MSRs 0x800-0xBFF for the x2APIC), this is the minimal +possible fix addressing the security issue and getting x2APIC related +code into a consistent shape (elsewhere a 256 rather than 1024 wide +window is being used too). This will be dealt with subsequently. + +This is XSA-108. + +Signed-off-by: Jan Beulich <jbeulich@suse.com> + +--- a/xen/arch/x86/hvm/hvm.c ++++ b/xen/arch/x86/hvm/hvm.c +@@ -4380,7 +4380,7 @@ int hvm_msr_read_intercept(unsigned int + *msr_content = vcpu_vlapic(v)->hw.apic_base_msr; + break; + +- case MSR_IA32_APICBASE_MSR ... MSR_IA32_APICBASE_MSR + 0x3ff: ++ case MSR_IA32_APICBASE_MSR ... MSR_IA32_APICBASE_MSR + 0xff: + if ( hvm_x2apic_msr_read(v, msr, msr_content) ) + goto gp_fault; + break; +@@ -4506,7 +4506,7 @@ int hvm_msr_write_intercept(unsigned int + vlapic_tdt_msr_set(vcpu_vlapic(v), msr_content); + break; + +- case MSR_IA32_APICBASE_MSR ... MSR_IA32_APICBASE_MSR + 0x3ff: ++ case MSR_IA32_APICBASE_MSR ... MSR_IA32_APICBASE_MSR + 0xff: + if ( hvm_x2apic_msr_write(v, msr, msr_content) ) + goto gp_fault; + break; |