WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-devel] insufficiencies in pv kernel image validation

from [Keith Coleman] [Permanent Link][Original]
To: MaoXiaoyun <tinnycloud@xxxxxxxxxxx>
Subject: Re: [Xen-devel] insufficiencies in pv kernel image validation
From: Keith Coleman <keith.coleman@xxxxxxxxxxxxx>
Date: Mon, 16 May 2011 13:05:18 -0400
Cc: xen devel <xen-devel@xxxxxxxxxxxxxxxxxxx>
Delivery-date: Mon, 16 May 2011 10:06:27 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <BLU157-w25813DF684C02E299E97A9DA8D0@xxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <BAY0-MC2-F46jsbFMAv00186193@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx> <BLU157-w25813DF684C02E299E97A9DA8D0@xxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx 
2011/5/16 MaoXiaoyun <tinnycloud@xxxxxxxxxxx>:
> Hi:
>
>    Documented in  https://bugzilla.redhat.com/show_bug.cgi?id=696927.
>
> [[[   It has been found that xc_try_bzip2_decode() and xc_try_lzma_decode()
> decode
> routines did not properly check for possible buffer size overflow in the
> decoding loop. Specially crafted kernel image file could be created that
> would
> trigger allocation of a small buffer resulting in buffer overflow with user
> supplied data.
>
> Additionally, several integer overflows and lack of error/range checking
> that
> could result in the loader reading its own address space or could lead to an
> infinite loop have been found.
>
> A privileged DomU user could use these flaws to cause denial of service or,
> possibly, execute arbitrary code in Dom0.
>
> Only management domains with 32-bit userland are vulnerable.
> ]]]
>
>  The last line of above,  what is "management domains"?
>  Does Xen 4.0/4.1 suffer this bug?
>  And any patches available?
>

Patches were committed to all maintained branches, including xen-3.4,
last Monday.

--
Keith Coleman

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Xen-users] Re: [Xen-devel] Linux 2.6.39 - what Xen components went in., Konrad Rzeszutek Wilk
Next by Date:  [Xen-devel] shared rings. rsp_cons, rsp_events, req_prod, req_events docs, charts, timelines?, Konrad Rzeszutek Wilk
Previous by Thread:  [Xen-devel] insufficiencies in pv kernel image validation, MaoXiaoyun
Next by Thread:  Re: [Xen-devel] insufficiencies in pv kernel image validation, Ian Jackson
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy