Difference between revisions of "Security Announcements (Historical)"

From Xen
(Add XSA-11)
(Add XSA-12 through 18.)
Line 143: Line 143:
 
: xen-4.1-testing.hg: [http://xenbits.xen.org/hg/xen-4.1-testing.hg/rev/859205b36fe9 23332:859205b36fe9]
 
: xen-4.1-testing.hg: [http://xenbits.xen.org/hg/xen-4.1-testing.hg/rev/859205b36fe9 23332:859205b36fe9]
 
: xen-4.0-testing.hg: [http://xenbits.xen.org/hg/xen-4.0-testing.hg/rev/a51c86b407d7 21608:a51c86b407d7]
 
: xen-4.0-testing.hg: [http://xenbits.xen.org/hg/xen-4.0-testing.hg/rev/a51c86b407d7 21608:a51c86b407d7]
  +
  +
= XSA-12 hypercall set_debugreg vulnerability =
  +
; Date
  +
: 5 September 2012 (public disclosure)
  +
; References
  +
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3494 CVE-2012-3494]
  +
; Advisory
  +
: http://lists.xen.org/archives/html/xen-announce/2012-09/msg00000.html
  +
; Fixes
  +
: xen-unstable.hg: [http://xenbits.xen.org/hg/xen-unstable.hg/rev/4f1c69648201 25814:4f1c69648201]
  +
: xen-4.1-testing.hg: [http://xenbits.xen.org/hg/xen-4.1-testing.hg/rev/bcc340292731 23349:bcc340292731]
  +
: xen-4.0-testing.hg: [http://xenbits.xen.org/hg/xen-4.0-testing.hg/rev/92334c7f577e 21613:92334c7f577e]
  +
  +
= XSA-13 hypercall physdev_get_free_pirq vulnerability =
  +
; Date
  +
: 5 September 2012 (public disclosure)
  +
; References
  +
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3495 CVE-2012-3495]
  +
; Advisory
  +
: http://lists.xen.org/archives/html/xen-announce/2012-09/msg00001.html
  +
; Fixes
  +
: xen-unstable.hg: Not vulnerable
  +
: xen-4.1-testing.hg: [http://xenbits.xen.org/hg/xen-4.1-testing.hg/rev/6779ddca8593 23350:6779ddca8593]
  +
  +
= XSA-14 XENMEM_populate_physmap DoS vulnerability =
  +
; Date
  +
: 5 September 2012 (public disclosure)
  +
; References
  +
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3496 CVE-2012-3496]
  +
; Advisory
  +
: http://lists.xen.org/archives/html/xen-announce/2012-09/msg00002.html
  +
; Fixes
  +
: xen-unstable.hg: [http://xenbits.xen.org/hg/xen-unstable.hg/rev/bcf58ef63b7c 25815:bcf58ef63b7c]
  +
: xen-4.1-testing.hg: [http://xenbits.xen.org/hg/xen-4.1-testing.hg/rev/8ebda5388e4e 23351:8ebda5388e4e]
  +
: xen-4.0-testing.hg: [http://xenbits.xen.org/hg/xen-4.0-testing.hg/rev/96b08706a0ed 21614:96b08706a0ed]
  +
  +
= XSA-15 multiple TMEM hypercall vulnerabilities =
  +
; Date
  +
: 5 September 2012 (public disclosure)
  +
; References
  +
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3497 CVE-2012-3497]
  +
; Advisory
  +
: http://lists.xen.org/archives/html/xen-announce/2012-09/msg00006.html
  +
; Fixes
  +
: None at this time. See advisory for details.
  +
  +
= XSA-16 PHYSDEVOP_map_pirq index vulnerability =
  +
; Date
  +
: 5 September 2012 (public disclosure)
  +
; References
  +
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3498 CVE-2012-3498]
  +
; Advisory
  +
: http://lists.xen.org/archives/html/xen-announce/2012-09/msg00005.html
  +
; Fixes
  +
: xen-unstable.hg: [http://xenbits.xen.org/hg/xen-unstable.hg/rev/2750340a347d 25816:2750340a347d]
  +
: xen-4.1-testing.hg: [http://xenbits.xen.org/hg/xen-4.1-testing.hg/rev/936f63ee4dad 23352:936f63ee4dad]
  +
  +
= XSA-17 Qemu VT100 emulation vulnerability =
  +
; Date
  +
: 5 September 2012 (public disclosure)
  +
; References
  +
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3515 CVE-2012-3515]
  +
; Advisory
  +
: http://lists.xen.org/archives/html/xen-announce/2012-09/msg00003.html
  +
; Fixes
  +
: qemu-upstream-unstable.git: [http://xenbits.xen.org/gitweb/?p=qemu-upstream-unstable.git;a=commit;h=87650d262dea07c955a683dcac75db86477c7ee3 87650d262dea07c955a683dcac75db86477c7ee3] (qemu-xen tree)
  +
: qemu-xen-unstable.git: [http://xenbits.xen.org/gitweb/?p=qemu-xen-unstable.git;a=commit;h=a56ae4b5069c7b23ee657b15f08443a9b14a8e7b a56ae4b5069c7b23ee657b15f08443a9b14a8e7b] (qemu-xen-traditional tree)
  +
: qemu-xen-4.1-testing.git: [http://xenbits.xen.org/gitweb/?p=qemu-xen-4.1-testing.git;a=commit;h=3220480734832a148d26f7a81f90af61c2ecfdd9 3220480734832a148d26f7a81f90af61c2ecfdd9] (qemu-xen-traditional tree)
  +
: qemu-xen-4.0-testing.git: [http://xenbits.xen.org/gitweb/?p=staging/qemu-xen-4.0-testing.git;a=commit;h=091149d364e893e643a5da3175c3f84d2163cb3e 091149d364e893e643a5da3175c3f84d2163cb3e] (qemu-xen-traditional tree)
  +
In each case the QEMU_TAG in the corresponding xen.hg repository has been updated so that a completely fresh build will pick up the fix to qemu-xen-traditional:
  +
: xen-unstable.hg: [http://xenbits.xen.org/hg/xen-unstable.hg/rev/50adc933faaf 25818:50adc933faaf]
  +
: xen-4.1-testing.hg: [http://xenbits.xen.org/hg/xen-4.1-testing.hg/rev/3e4782f17f5c 23353:3e4782f17f5c]
  +
: xen-4.0-testing.hg: [http://xenbits.xen.org/hg/xen-4.0-testing.hg/rev/79444af3258c 21615:79444af3258c]
  +
  +
= XSA-18 grant table entry swaps have inadequate bounds checking =
  +
; Date
  +
: 5 September 2012 (public disclosure)
  +
; References
  +
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3516 CVE-2012-3516]
  +
; Advisory
  +
: http://lists.xen.org/archives/html/xen-announce/2012-09/msg00004.html
  +
; Fixes
  +
: xen-unstable.hg: [http://xenbits.xen.org/hg/xen-unstable.hg/rev/93e5a791d076 25817:93e5a791d076]
   
 
<!-- Template:
 
<!-- Template:

Revision as of 12:58, 5 September 2012

The following security advisories have been made in accordance with the xen.org security problem response process.

Please contact security@xen.org if you wish to disclose a security vulnerability.

XSA-1 Host crash due to failure to correctly validate PV kernel execution state.

Date
14 March 2011
References
CVE-2011-1166
Advisory
Cannot specify user mode execution without specifying user-mode pagetables. Failure to validate this allows a malicious or buggy 64 bit PV guest to crash the host.
nb: predates vulnerability handling process and therefore no formal announcement
Fixes
xen-unstable.hg: 23034:c79aae866ad8
xen-4.1-testing.hg: 22993:842aed720b84
xen-4.0-testing.hg: 21461:ee088a0b5cb8

XSA-2 PV kernel validation vulnerabilities

Date
9 May 2011
References
CVE-2011-1583
Advisory
http://lists.xen.org/archives/html/xen-devel/2011-05/msg00483.html
Fixes
xen-unstable.hg: 23322:d9982136d8fa
xen-4.1-testing.hg: 23042:e2e575f8b5d9
xen-4.0-testing.hg: 21482:c2adc059e931

XSA-3 VT-d (PCI passthrough) MSI

Date
12 May 2011
References
CVE-2011-1898
Advisory
http://lists.xen.org/archives/html/xen-devel/2011-05/msg00687.html
Fixes
xen-unstable.hg: 23337:cc91832a02c7
xen-4.1-testing.hg: 23046:ed630a821de1
xen-4.0-testing.hg: 21485:b85a9e58ec3a

XSA-4 Xen 3.3 vaddr validation

Date
2 September 2011
References
CVE-2011-2901
Advisory
http://lists.xen.org/archives/html/xen-devel/2011-09/msg00119.html
Fixes
xen-unstable.hg: 23800:72edc40e2942
nb: although the off-by-one error was fixed in the above changeset only Xen version 3.3 and earlier were vulnerable due to this error.

XSA-5 IOMMU Fault Live lock

Date
12 August 2011
References
CVE-2011-3131
Advisory
http://lists.xen.org/archives/html/xen-devel/2011-08/msg00450.html
Fixes
xen-unstable.hg: 23762:537ed3b74b3f
xen-4.1-testing.hg: 23112:84e3706df07a
xen-4.0-testing.hg: 21535:789ff1a462b8

XSA-6 HVM e1000, buffer overflow

Date
2 February 2012
References
CVE-2012-0029
Advisory
http://lists.xen.org/archives/html/xen-devel/2012-02/msg00212.html
Fixes
qemu-xen-unstable.git: ebe37b2a3f844bad02dcc30d081f39eda06118f8
qemu-xen-4.1-testing.git: 3cf61880403b4e484539596a95937cc066243388
qemu-xen-4.0-testing.git: 36984c285a765541b04f378bfa84d2c850c167d3

In each case the QEMU_TAG in the corresponding xen.hg repository has been updated so that a completely fresh build will pick up the fix:

xen-unstable.hg: 24673:fcc071c31e3a
xen-4.1-testing.hg: 23224:cccd6c68e1b9
xen-4.0-testing.hg: 21563:3feb83eed6bd

XSA-7 64-bit PV guest privilege escalation vulnerability

Date
12 June 2012 (public disclosure)
References
CVE-2012-0217
Advisory
http://lists.xen.org/archives/html/xen-announce/2012-06/msg00001.html
Fixes
xen-unstable.hg: 25480:76eaf5966c05
xen-4.1-testing.hg: 23299:f08e61b9b33f
xen-4.0-testing.hg: 21590:dd367837e089

XSA-8 guest denial of service on syscall/sysenter exception generation

Date
12 June 2012 (public disclosure)
References
CVE-2012-0218
Advisory
http://lists.xen.org/archives/html/xen-announce/2012-06/msg00003.html
Fixes
xen-unstable.hg: 25200:80f4113be500 & 25204:569d6f05e1ef
xen-4.1-testing.hg: 23300:0fec1afa4638
xen-4.0-testing.hg: 21591:adb943a387c8

XSA-9 PV guest host Denial of Service (AMD erratum #121)

Date
12 June 2012 (public disclosure)
References
CVE-2012-2934
Advisory
http://lists.xen.org/archives/html/xen-announce/2012-06/msg00002.html
Fixes
xen-unstable.hg: 25481:bc2f3a848f9a
xen-4.1-testing.hg: 23301:a9c0a89c08f2
xen-4.0-testing.hg: 21592:e35c8bb53255

XSA-10 HVM guest user mode MMIO emulation DoS vulnerability

Date
26 July 2012 (public disclosure)
References
CVE-2012-3432
Advisory
http://lists.xen.org/archives/html/xen-devel/2012-07/msg01649.html
Fixes
xen-unstable.hg: 25682:ffcb24876b4f
xen-4.1-testing.hg: 23325:a43f5b4b0331
xen-4.0-testing.hg: 21604:82fcf3a5dc3a

XSA-11 HVM guest destroy p2m teardown host DoS vulnerability

Date
8 August 2012 (public disclosure)
References
CVE-2012-3433
Advisory
http://lists.xen.org/archives/html/xen-devel/2012-08/msg00855.html
Fixes
xen-unstable.hg: Not vulnerable
xen-4.1-testing.hg: 23332:859205b36fe9
xen-4.0-testing.hg: 21608:a51c86b407d7

XSA-12 hypercall set_debugreg vulnerability

Date
5 September 2012 (public disclosure)
References
CVE-2012-3494
Advisory
http://lists.xen.org/archives/html/xen-announce/2012-09/msg00000.html
Fixes
xen-unstable.hg: 25814:4f1c69648201
xen-4.1-testing.hg: 23349:bcc340292731
xen-4.0-testing.hg: 21613:92334c7f577e

XSA-13 hypercall physdev_get_free_pirq vulnerability

Date
5 September 2012 (public disclosure)
References
CVE-2012-3495
Advisory
http://lists.xen.org/archives/html/xen-announce/2012-09/msg00001.html
Fixes
xen-unstable.hg: Not vulnerable
xen-4.1-testing.hg: 23350:6779ddca8593

XSA-14 XENMEM_populate_physmap DoS vulnerability

Date
5 September 2012 (public disclosure)
References
CVE-2012-3496
Advisory
http://lists.xen.org/archives/html/xen-announce/2012-09/msg00002.html
Fixes
xen-unstable.hg: 25815:bcf58ef63b7c
xen-4.1-testing.hg: 23351:8ebda5388e4e
xen-4.0-testing.hg: 21614:96b08706a0ed

XSA-15 multiple TMEM hypercall vulnerabilities

Date
5 September 2012 (public disclosure)
References
CVE-2012-3497
Advisory
http://lists.xen.org/archives/html/xen-announce/2012-09/msg00006.html
Fixes
None at this time. See advisory for details.

XSA-16 PHYSDEVOP_map_pirq index vulnerability

Date
5 September 2012 (public disclosure)
References
CVE-2012-3498
Advisory
http://lists.xen.org/archives/html/xen-announce/2012-09/msg00005.html
Fixes
xen-unstable.hg: 25816:2750340a347d
xen-4.1-testing.hg: 23352:936f63ee4dad

XSA-17 Qemu VT100 emulation vulnerability

Date
5 September 2012 (public disclosure)
References
CVE-2012-3515
Advisory
http://lists.xen.org/archives/html/xen-announce/2012-09/msg00003.html
Fixes
qemu-upstream-unstable.git: 87650d262dea07c955a683dcac75db86477c7ee3 (qemu-xen tree)
qemu-xen-unstable.git: a56ae4b5069c7b23ee657b15f08443a9b14a8e7b (qemu-xen-traditional tree)
qemu-xen-4.1-testing.git: 3220480734832a148d26f7a81f90af61c2ecfdd9 (qemu-xen-traditional tree)
qemu-xen-4.0-testing.git: 091149d364e893e643a5da3175c3f84d2163cb3e (qemu-xen-traditional tree)

In each case the QEMU_TAG in the corresponding xen.hg repository has been updated so that a completely fresh build will pick up the fix to qemu-xen-traditional:

xen-unstable.hg: 25818:50adc933faaf
xen-4.1-testing.hg: 23353:3e4782f17f5c
xen-4.0-testing.hg: 21615:79444af3258c

XSA-18 grant table entry swaps have inadequate bounds checking

Date
5 September 2012 (public disclosure)
References
CVE-2012-3516
Advisory
http://lists.xen.org/archives/html/xen-announce/2012-09/msg00004.html
Fixes
xen-unstable.hg: 25817:93e5a791d076