[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] Xen 3.4.x Backports



Hi Keith,

CC: Xen-devel Mailing List

I've noticed that you seem to be a major contributor with regards to keeping the 3.4.x branch updated with backported security patches. As Xen security is a high priority, I hope you don't mind me discussing with you whether some CVEs are backported or not. I really appreciate your time to read this email. Of course, the rest of the list can chime in as always!

CVE-2011-2901:

http://www.openwall.com/lists/oss-security/2011/09/02/2

The patch performs the following:
-    (((unsigned long)(addr) < (1UL<<48)) || \
+    (((unsigned long)(addr) < (1UL<<47)) || \

I see that the Xen security advisory says that only hypervisors 3.3 or earlier are affected. However, I note that in later versions of Xen, the line changed in the patch remains untouched. Any ideas why this is the case? Additionally, Redhat in their advisories claim to fix this issue in their kernel update. How can this be, given that this is a Xen hypervisor issue?

CVE-2011-1898

http://old-list-archives.xen.org/archives/html/xen-devel/2011-05/msg00687.html

Any idea when this can be backported to 3.4.x? I see that this has made it to 4.1-testing stable branch

CVE-2012-0029
http://seclists.org/oss-sec/2012/q1/360

Maybe this is currently impossible to get going on the 3.4.x branch as the upstream qemu trees don't have a 3.4.x Xen patch for this?

CVE-2011-1166
https://bugzilla.redhat.com/show_bug.cgi?id=688579
http://xenbits.xen.org/hg/staging/xen-unstable.hg/rev/c79aae866ad8

Again, this doesn't appear to be backported to 3.4.x, however I note that Red Hat claim to have fixed this in their kernel version. This is where I get confused again. How can a hypervisor issue be fixed in the kernel??

Once again, I really appreciate your time, and I'm very sorry if I'm wasting it!

Thanks,

Jonathan
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.