[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH] Fix CVE-2007-1320, CVE-2007-1321 , CVE-2007-1322, CVE-2007-1323 and CVE-2007-1366


  • To: caglar@xxxxxxxxxxxxx
  • From: "Christian Limpach" <christian.limpach@xxxxxxxxx>
  • Date: Tue, 1 May 2007 19:14:07 +0100
  • Cc: xen-devel@xxxxxxxxxxxxxxxxxxx
  • Delivery-date: Tue, 01 May 2007 11:12:39 -0700
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=S7maC/yBST3HDzcpYAm0Ox3j6G4k4wZfWHcumDdpyqqevPvkwQouzgZmnck5NnqROpLQbzHRKvlmixDpITluep1qhhpyKkySgBsHs8JCiCb2z+lZ8JXMJ4fSG3BrKx+PV/uBCmqCtBrwcS48h0xcqFqx45s9EeQVsAmw0iRgBmk=
  • List-id: Xen developer discussion <xen-devel.lists.xensource.com>

On 5/1/07, S.Çağlar Onur <caglar@xxxxxxxxxxxxx> wrote:
Hi;

If anybody interested, attached patch (against 3.0.4) fixes CVE-2007-1320,
CVE-2007-1321 , CVE-2007-1322, CVE-2007-1323 and CVE-2007-1366 which affects
qemu and also seems valid for xen.

I've seen this patch before and I picked the most relevant fixes,
cleaned them up and checked them in a while ago.  I left out the ones
which touch code we don't compile and the ones which touch code we
don't enable by default.  If somebody else cleans up those, it would
be great to get them checked in.

We have the first check to bdrv_write in block.c and we have the same
check in bdrv_read -- we don't have that unsigned int ns < 0 check.

We have a fix for the cirrus bitblit issue -- I think the fix in the
patch you post actually doesn't cover all cases.

We have the hw/dma.c null pointer check.

We don't have the hw/fdc.c null pointer check.  We should probably add that one.

We don't have the hw/i8259.c change since we don't use that file.

We don't have the hw/ne2000.c change since we use the rtl8139 driver
by default -- could add that one.

We don't have the hw/pc.c change since exit'ing seems safer.

We don't have the hw/sb16.c change since we don't have sound by
default -- we should probably add that one.

We don't have the target-i386/translate.c changes since we don't use that file.

We don't have the vl.c changes since we only use the network tap mode.

   christian
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.