Salvatore Bonaccorso
2017-Apr-04 19:49 UTC
[Pkg-xen-devel] Bug#859560: xen: CVE-2017-7228: x86: broken check in memory_exchange() permits PV guest breakout (XSA-212)
Source: xen Version: 4.8.1~pre.2017.01.23-1 Severity: grave Tags: security upstream Justification: user security hole Hi, the following vulnerability was published for xen. CVE-2017-7228[0]: | An issue (known as XSA-212) was discovered in Xen, with fixes available | for 4.8.x, 4.7.x, 4.6.x, 4.5.x, and 4.4.x. The earlier XSA-29 fix | introduced an insufficient check on XENMEM_exchange input, allowing the | caller to drive hypervisor memory accesses outside of the guest | provided input/output arrays. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-7228 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7228 [1] https://xenbits.xen.org/xsa/advisory-212.html Please adjust the affected versions in the BTS as needed. Regards, Salvatore
Niels Thykier
2017-Apr-11 16:37 UTC
[Pkg-xen-devel] Bug#859560: xen: CVE-2017-7228: x86: broken check in memory_exchange() permits PV guest breakout (XSA-212)
On Tue, 04 Apr 2017 21:49:44 +0200 Salvatore Bonaccorso <carnil at debian.org> wrote:> Source: xen > Version: 4.8.1~pre.2017.01.23-1 > Severity: grave > Tags: security upstream > Justification: user security hole > > Hi, > > the following vulnerability was published for xen. > > CVE-2017-7228[0]: > | An issue (known as XSA-212) was discovered in Xen, with fixes available > | for 4.8.x, 4.7.x, 4.6.x, 4.5.x, and 4.4.x. The earlier XSA-29 fix > | introduced an insufficient check on XENMEM_exchange input, allowing the > | caller to drive hypervisor memory accesses outside of the guest > | provided input/output arrays. > > If you fix the vulnerability please also make sure to include the > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > For further information see: > > [0] https://security-tracker.debian.org/tracker/CVE-2017-7228 > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7228 > [1] https://xenbits.xen.org/xsa/advisory-212.html > > Please adjust the affected versions in the BTS as needed. > > Regards, > Salvatore > >Hi Xen maintainers, Is there any update on this bug? Thanks, ~Niels
Ian Jackson
2017-Apr-11 17:38 UTC
[Pkg-xen-devel] Bug#859560: xen: CVE-2017-7228: x86: broken check in memory_exchange() permits PV guest breakout (XSA-212)
Niels Thykier writes ("Bug#859560: xen: CVE-2017-7228: x86: broken check in memory_exchange() permits PV guest breakout (XSA-212)"):> Hi Xen maintainers, > Is there any update on this bug?Sorry for having dropping this. I will try to sort out this (and the other outstanding security issues with this package) this week. Ian.
Debian Bug Tracking System
2017-Apr-18 17:39 UTC
[Pkg-xen-devel] Bug#859560: marked as done (xen: CVE-2017-7228: x86: broken check in memory_exchange() permits PV guest breakout (XSA-212))
Your message dated Tue, 18 Apr 2017 17:34:15 +0000 with message-id <E1d0X15-000Dti-Kf at fasolo.debian.org> and subject line Bug#859560: fixed in xen 4.8.1-1 has caused the Debian Bug report #859560, regarding xen: CVE-2017-7228: x86: broken check in memory_exchange() permits PV guest breakout (XSA-212) to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner at bugs.debian.org immediately.) -- 859560: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859560 Debian Bug Tracking System Contact owner at bugs.debian.org with problems -------------- next part -------------- An embedded message was scrubbed... From: Salvatore Bonaccorso <carnil at debian.org> Subject: xen: CVE-2017-7228: x86: broken check in memory_exchange() permits PV guest breakout (XSA-212) Date: Tue, 04 Apr 2017 21:49:44 +0200 Size: 2506 URL: <http://lists.alioth.debian.org/pipermail/pkg-xen-devel/attachments/20170418/0d86cae8/attachment-0002.mht> -------------- next part -------------- An embedded message was scrubbed... From: Ian Jackson <ian.jackson at eu.citrix.com> Subject: Bug#859560: fixed in xen 4.8.1-1 Date: Tue, 18 Apr 2017 17:34:15 +0000 Size: 5682 URL: <http://lists.alioth.debian.org/pipermail/pkg-xen-devel/attachments/20170418/0d86cae8/attachment-0003.mht>
Debian Bug Tracking System
2017-May-27 12:36 UTC
[Pkg-xen-devel] Bug#859560: marked as done (xen: CVE-2017-7228: x86: broken check in memory_exchange() permits PV guest breakout (XSA-212))
Your message dated Sat, 27 May 2017 12:34:02 +0000 with message-id <E1dEauw-000J3d-IT at fasolo.debian.org> and subject line Bug#859560: fixed in xen 4.4.1-9+deb8u9 has caused the Debian Bug report #859560, regarding xen: CVE-2017-7228: x86: broken check in memory_exchange() permits PV guest breakout (XSA-212) to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner at bugs.debian.org immediately.) -- 859560: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859560 Debian Bug Tracking System Contact owner at bugs.debian.org with problems -------------- next part -------------- An embedded message was scrubbed... From: Salvatore Bonaccorso <carnil at debian.org> Subject: xen: CVE-2017-7228: x86: broken check in memory_exchange() permits PV guest breakout (XSA-212) Date: Tue, 04 Apr 2017 21:49:44 +0200 Size: 2506 URL: <http://lists.alioth.debian.org/pipermail/pkg-xen-devel/attachments/20170527/f5438628/attachment-0002.mht> -------------- next part -------------- An embedded message was scrubbed... From: Ian Jackson <ijackson at chiark.greenend.org.uk> Subject: Bug#859560: fixed in xen 4.4.1-9+deb8u9 Date: Sat, 27 May 2017 12:34:02 +0000 Size: 8259 URL: <http://lists.alioth.debian.org/pipermail/pkg-xen-devel/attachments/20170527/f5438628/attachment-0003.mht>