Pkg xen devel - Nov 2016 - Bug#845663: xen: CVE-2016-9386: x86 null segments not always treated as unusable

Source: xen
Version: 4.4.1-9
Severity: important
Tags: security upstream patch

Hi,

the following vulnerability was published for xen.

CVE-2016-9386[0]:
x86 null segments not always treated as unusable

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2016-9386
[1] https://xenbits.xen.org/xsa/advisory-191.html

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Your message dated Sun, 27 Nov 2016 12:28:04 +0100
with message-id <20161127112804.GA25203 at shell.thinkmo.de>
and subject line Re: [Pkg-xen-devel] Bug#845663: xen: CVE-2016-9386: x86 null
segments not always treated as unusable
has caused the Debian Bug report #845663,
regarding xen: CVE-2016-9386: x86 null segments not always treated as unusable
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner at bugs.debian.org
immediately.)


-- 
845663: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845663
Debian Bug Tracking System
Contact owner at bugs.debian.org with problems
-------------- next part --------------
An embedded message was scrubbed...
From: Salvatore Bonaccorso <carnil at debian.org>
Subject: xen: CVE-2016-9386: x86 null segments not always treated as unusable
Date: Fri, 25 Nov 2016 19:35:18 +0100
Size: 2151
URL:
<http://lists.alioth.debian.org/pipermail/pkg-xen-devel/attachments/20161127/bed0b2a1/attachment.mht>
-------------- next part --------------
An embedded message was scrubbed...
From: Bastian Blank <waldi at debian.org>
Subject: Re: [Pkg-xen-devel] Bug#845663: xen: CVE-2016-9386: x86 null segments
not always treated as unusable
Date: Sun, 27 Nov 2016 12:28:04 +0100
Size: 2232
URL:
<http://lists.alioth.debian.org/pipermail/pkg-xen-devel/attachments/20161127/bed0b2a1/attachment-0001.mht>

Processing control commands:
> reopen -1
Bug #845663 {Done: Bastian Blank <waldi at debian.org>} [src:xen] xen:
CVE-2016-9386: x86 null segments not always treated as unusable
Bug #845664 {Done: Bastian Blank <waldi at debian.org>} [src:xen] xen:
CVE-2016-9382: x86 task switch to VM86 mode mis-handled
Bug #845665 {Done: Bastian Blank <waldi at debian.org>} [src:xen] xen:
CVE-2016-9385: x86 segment base write emulation lacking canonical address checks
Bug #845667 {Done: Bastian Blank <waldi at debian.org>} [src:xen] xen:
CVE-2016-9384: guest 32-bit ELF symbol table load leaking host data
Bug #845668 {Done: Bastian Blank <waldi at debian.org>} [src:xen] xen:
CVE-2016-9383: x86 64-bit bit test instruction emulation broken
Bug #845669 {Done: Bastian Blank <waldi at debian.org>} [src:xen] xen:
CVE-2016-9377 CVE-2016-9378: x86 software interrupt injection mis-handled
Bug #845670 {Done: Bastian Blank <waldi at debian.org>} [src:xen] xen:
CVE-2016-9379 CVE-2016-9380: delimiter injection vulnerabilities in pygrub
Bug reopened
Ignoring request to alter fixed versions of bug #845663 to the same values
previously set
Ignoring request to alter fixed versions of bug #845664 to the same values
previously set
Ignoring request to alter fixed versions of bug #845665 to the same values
previously set
Ignoring request to alter fixed versions of bug #845667 to the same values
previously set
Ignoring request to alter fixed versions of bug #845668 to the same values
previously set
Ignoring request to alter fixed versions of bug #845669 to the same values
previously set
Ignoring request to alter fixed versions of bug #845670 to the same values
previously set

-- 
845663: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845663
845664: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845664
845665: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845665
845667: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845667
845668: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845668
845669: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845669
845670: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845670
Debian Bug Tracking System
Contact owner at bugs.debian.org with problems

Your message dated Wed, 14 Dec 2016 21:04:14 +0000
with message-id <E1cHGik-000F0j-Fb at fasolo.debian.org>
and subject line Bug#845663: fixed in xen 4.4.1-9+deb8u8
has caused the Debian Bug report #845663,
regarding xen: CVE-2016-9386: x86 null segments not always treated as unusable
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner at bugs.debian.org
immediately.)


-- 
845663: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845663
Debian Bug Tracking System
Contact owner at bugs.debian.org with problems
-------------- next part --------------
An embedded message was scrubbed...
From: Salvatore Bonaccorso <carnil at debian.org>
Subject: xen: CVE-2016-9386: x86 null segments not always treated as unusable
Date: Fri, 25 Nov 2016 19:35:18 +0100
Size: 2151
URL:
<http://lists.alioth.debian.org/pipermail/pkg-xen-devel/attachments/20161214/f0661d37/attachment.mht>
-------------- next part --------------
An embedded message was scrubbed...
From: Salvatore Bonaccorso <carnil at debian.org>
Subject: Bug#845663: fixed in xen 4.4.1-9+deb8u8
Date: Wed, 14 Dec 2016 21:04:14 +0000
Size: 6696
URL:
<http://lists.alioth.debian.org/pipermail/pkg-xen-devel/attachments/20161214/f0661d37/attachment-0001.mht>