Josip Rodin
2015-Mar-10 19:17 UTC
[Pkg-xen-devel] Bug#780227: XSA-123 / CVE-2015-2151 Hypervisor memory corruption due to x86 emulator flaw
Package: xen-hypervisor-4.1-amd64 Version: 4.1.4-3+deb7u4 Severity: critical Hi, Not sure how come I'm the first one to file this kind of a bug report :) but here goes JFTR... http://xenbits.xen.org/xsa/advisory-123.html was embargoed, but advance warning was given to several big Xen VM farms, which led to e.g. https://aws.amazon.com/premiumsupport/maintenance-2015-03/ http://status.linode.com/incidents/2dyvn29ds5mz I'm guessing the security team is on top of this...? https://security-tracker.debian.org/tracker/CVE-2015-2151 TIA. -- 2. That which causes joy or happiness.
Salvatore Bonaccorso
2015-Mar-11 06:57 UTC
[Pkg-xen-devel] Bug#780227: XSA-123 / CVE-2015-2151 Hypervisor memory corruption due to x86 emulator flaw
Hi, On Tue, Mar 10, 2015 at 08:17:46PM +0100, Josip Rodin wrote:> I'm guessing the security team is on top of this...? > https://security-tracker.debian.org/tracker/CVE-2015-2151Yes, Moritz Muehlenhoff released https://www.debian.org/security/2015/dsa-3181 including the fix for CVE-2015-2151. So marked this as fixed in 4.1.4-3+deb7u5. Regards, Salvatore
Debian Bug Tracking System
2015-Mar-11 21:21 UTC
[Pkg-xen-devel] Bug#780227: marked as done (XSA-123 / CVE-2015-2151 Hypervisor memory corruption due to x86 emulator flaw)
Your message dated Wed, 11 Mar 2015 21:20:42 +0000 with message-id <E1YVo3W-0004sP-JU at franck.debian.org> and subject line Bug#780227: fixed in xen 4.4.1-8 has caused the Debian Bug report #780227, regarding XSA-123 / CVE-2015-2151 Hypervisor memory corruption due to x86 emulator flaw to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner at bugs.debian.org immediately.) -- 780227: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780227 Debian Bug Tracking System Contact owner at bugs.debian.org with problems -------------- next part -------------- An embedded message was scrubbed... From: Josip Rodin <joy at debbugs.entuzijast.net> Subject: XSA-123 / CVE-2015-2151 Hypervisor memory corruption due to x86 emulator flaw Date: Tue, 10 Mar 2015 20:17:46 +0100 Size: 2342 URL: <http://lists.alioth.debian.org/pipermail/pkg-xen-devel/attachments/20150311/c6616f45/attachment.mht> -------------- next part -------------- An embedded message was scrubbed... From: Bastian Blank <waldi at debian.org> Subject: Bug#780227: fixed in xen 4.4.1-8 Date: Wed, 11 Mar 2015 21:20:42 +0000 Size: 7558 URL: <http://lists.alioth.debian.org/pipermail/pkg-xen-devel/attachments/20150311/c6616f45/attachment-0001.mht>
Reasonably Related Threads
- upstream merge status for 2.6.38?
- Bug#628912: xenconsoled and xenstored stopping unhandled by init script
- (XEN) Platform timer appears to have unexpectedly wrapped 10 or more times.
- [Bug 2110] New: ssh-copy-id fails on nonexisting private key
- Bug#517863: Make logging of guest console output in dom0 via xenconsoled configurable