Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

possible memory corruption via failsafe callback [XSA-215]

Related Vulnerabilities: CVE-2016-9932   CVE-2016-10024   CVE-2016-10013   CVE-2017-7228  

Source

Debian Bug report logs - #861662
possible memory corruption via failsafe callback [XSA-215]

version graph

Package: src:xen; Maintainer for src:xen is Debian Xen Team <pkg-xen-devel@lists.alioth.debian.org>;

Reported by: Ian Jackson <ian.jackson@eu.citrix.com>

Date: Tue, 2 May 2017 12:12:01 UTC

Severity: important

Tags: fixed-upstream, security, upstream

Found in version xen/4.4.1-9

Fixed in versions xen/4.8.0~rc3-0exp1, xen/4.8.0~rc3-1, xen/4.4.1-9+deb8u9

Done: Ian Jackson <ijackson@chiark.greenend.org.uk>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, Debian Xen Team <pkg-xen-devel@lists.alioth.debian.org>:
Bug#861662; Package src:xen. (Tue, 02 May 2017 12:12:04 GMT) (full text, mbox, link).

Acknowledgement sent to Ian Jackson <ian.jackson@eu.citrix.com>:
New Bug report received and forwarded. Copy sent to Debian Xen Team <pkg-xen-devel@lists.alioth.debian.org>. (Tue, 02 May 2017 12:12:04 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Ian Jackson <ian.jackson@eu.citrix.com>
To: <submit@bugs.debian.org>
Subject: possible memory corruption via failsafe callback [XSA-215]
Date: Tue, 2 May 2017 13:08:47 +0100
Source: xen
Version: 4.4.1-9
Severity: important
Tags: security upstream fixed-upstream
Control: fixed -1 4.8.0~rc3-0exp1
Control: fixed -1 4.8.0~rc3-1

See
  https://xenbits.xen.org/xsa/advisory-215.html

Xen 4.7 and later (ie, stretch and sid) are not affected.

Ian.

Marked as fixed in versions xen/4.8.0~rc3-0exp1. Request was from Ian Jackson <ian.jackson@eu.citrix.com> to submit@bugs.debian.org. (Tue, 02 May 2017 12:12:04 GMT) (full text, mbox, link).

Marked as fixed in versions xen/4.8.0~rc3-1. Request was from Ian Jackson <ian.jackson@eu.citrix.com> to submit@bugs.debian.org. (Tue, 02 May 2017 12:12:05 GMT) (full text, mbox, link).

Reply sent to Ian Jackson <ijackson@chiark.greenend.org.uk>:
You have taken responsibility. (Sat, 27 May 2017 12:36:36 GMT) (full text, mbox, link).

Notification sent to Ian Jackson <ian.jackson@eu.citrix.com>:
Bug acknowledged by developer. (Sat, 27 May 2017 12:36:36 GMT) (full text, mbox, link).

Message #14 received at 861662-close@bugs.debian.org (full text, mbox, reply):

From: Ian Jackson <ijackson@chiark.greenend.org.uk>
To: 861662-close@bugs.debian.org
Subject: Bug#861662: fixed in xen 4.4.1-9+deb8u9
Date: Sat, 27 May 2017 12:34:02 +0000
Source: xen
Source-Version: 4.4.1-9+deb8u9

We believe that the bug you reported is fixed in the latest version of
xen, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 861662@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Ian Jackson <ijackson@chiark.greenend.org.uk> (supplier of updated xen package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 08 May 2017 15:04:37 +0100
Source: xen
Binary: libxen-4.4 libxenstore3.0 libxen-dev xenstore-utils xen-utils-common xen-utils-4.4 xen-hypervisor-4.4-amd64 xen-system-amd64 xen-hypervisor-4.4-arm64 xen-system-arm64 xen-hypervisor-4.4-armhf xen-system-armhf
Architecture: all i386 source
Version: 4.4.1-9+deb8u9
Distribution: jessie-security
Urgency: medium
Maintainer: Debian Xen Team <pkg-xen-devel@lists.alioth.debian.org>
Changed-By: Ian Jackson <ijackson@chiark.greenend.org.uk>
Closes: 848081 859560 861659 861660 861662
Description: 
 libxen-4.4 - Public libs for Xen
 libxen-dev - Public headers and libs for Xen
 libxenstore3.0 - Xenstore communications library for Xen
 xen-hypervisor-4.4-amd64 - Xen Hypervisor on AMD64
 xen-hypervisor-4.4-arm64 - Xen Hypervisor on ARM64
 xen-hypervisor-4.4-armhf - Xen Hypervisor on ARMHF
 xen-system-amd64 - Xen System on AMD64 (meta-package)
 xen-system-arm64 - Xen System on ARM64 (meta-package)
 xen-system-armhf - Xen System on ARMHF (meta-package)
 xen-utils-4.4 - XEN administrative tools
 xen-utils-common - Xen administrative tools - common files
 xenstore-utils - Xenstore command line utilities for Xen
Changes:
 xen (4.4.1-9+deb8u9) jessie-security; urgency=medium
 .
   Security updates:
   * XSA-200: Closes:#848081: CVE-2016-9932: x86 emulation operand size
   * XSA-202: CVE-2016-10024: x86 PV guests may be able to mask interrupts
   * XSA-204: CVE-2016-10013: x86: Mishandling of SYSCALL singlestep
   * XSA-212: Closes:#859560: CVE-2017-7228: x86: broken memory_exchange()
   * XSA-213: Closes:#861659: 64bit PV guest breakout
   * XSA-214: Closes:#861660: grant transfer PV privilege escalation
   * XSA-215: Closes:#861662: memory corruption via failsafe callback
Checksums-Sha1: 
 dccdc1d672c7715990dd985a8283e8cc15ff312e 2691 xen_4.4.1-9+deb8u9.dsc
 a8f99df8862e1f2ab9c866f11cafad85961dc2ba 117608 xen_4.4.1-9+deb8u9.debian.tar.xz
 728d82a4aa8e6927326164dd85ef6de79d88ad01 122470 xen-utils-common_4.4.1-9+deb8u9_all.deb
 627996f4388cd9fe72f29ddb14d1d12e58509f75 746102 xen-hypervisor-4.4-amd64_4.4.1-9+deb8u9_i386.deb
 0c35fb0bac9ee7f66f6e92f62c304b3f0792fbce 21188 xen-system-amd64_4.4.1-9+deb8u9_i386.deb
 a486f18e797783937a180525817d2a8a7b8b1893 32896 libxenstore3.0_4.4.1-9+deb8u9_i386.deb
 915a7ab0980fb731d0d9645c45f64bf568b2644a 317442 libxen-4.4_4.4.1-9+deb8u9_i386.deb
 657d2355f55543bae8b8402f459f3bfa265e316b 496778 libxen-dev_4.4.1-9+deb8u9_i386.deb
 4bf206d5ff3723f8c54ccb56feae2ee3da9b536e 403990 xen-utils-4.4_4.4.1-9+deb8u9_i386.deb
 9e7fa1fc651190892461a514ebeb168b31ffa0a6 27440 xenstore-utils_4.4.1-9+deb8u9_i386.deb
Checksums-Sha256: 
 b04bcb8548088c76f0c397d3a9399ced1725f8ac0d728342df05f32be2d876cf 2691 xen_4.4.1-9+deb8u9.dsc
 189427cbb2b40974123eb3492149d9d9509c90aa9cac789a91c7f76b3364b24b 117608 xen_4.4.1-9+deb8u9.debian.tar.xz
 9713c806a4996a17433415f018b0f0a1a02793f8bd7cd4227f7c934e267cc7a3 122470 xen-utils-common_4.4.1-9+deb8u9_all.deb
 f3b2b7edf61d0685aa4dcb55c43fe2afd6f03f08ff8012b17e05f40713d2e1e1 746102 xen-hypervisor-4.4-amd64_4.4.1-9+deb8u9_i386.deb
 aaa078d37345752dc32b5a94120ebdd5a04ca66aaa77fbe69b4d292dc047e94d 21188 xen-system-amd64_4.4.1-9+deb8u9_i386.deb
 b81f7ce82cf8c6964016073ddb80a1a685a5fa600b98da948bc7c328d35be118 32896 libxenstore3.0_4.4.1-9+deb8u9_i386.deb
 70fbfae3c33be2003b8c5be69f5064f7ccb2f1322e8375a2dc2f5859ac00e531 317442 libxen-4.4_4.4.1-9+deb8u9_i386.deb
 567ec75a599d2d14a0a3d8b3303e8e07cbd1ba1d780b12a1f97823d3162cfeed 496778 libxen-dev_4.4.1-9+deb8u9_i386.deb
 7f54740f5cece13f510e25a46d91fe816c4ceb50c7184ee0d1e5eec9fa8b892a 403990 xen-utils-4.4_4.4.1-9+deb8u9_i386.deb
 7d47306e90b7cc044fd431f000c9680d6b3d252ff6d6c8f20094597329b464db 27440 xenstore-utils_4.4.1-9+deb8u9_i386.deb
Files: 
 10333973b06697ac8f3776e4fed6f07d 2691 kernel optional xen_4.4.1-9+deb8u9.dsc
 241f5be5b2ea17e3e086b3f4ab78c675 117608 kernel optional xen_4.4.1-9+deb8u9.debian.tar.xz
 5f29444a1b8299185bc69c8eb4fc926a 122470 kernel optional xen-utils-common_4.4.1-9+deb8u9_all.deb
 3c91066a0458cfc663e1178f28d5714f 746102 kernel optional xen-hypervisor-4.4-amd64_4.4.1-9+deb8u9_i386.deb
 537717e53e96fe9a1272a42c621dfe0b 21188 kernel optional xen-system-amd64_4.4.1-9+deb8u9_i386.deb
 18ed75ff9923769538bcbd2e0f52eb8b 32896 libs optional libxenstore3.0_4.4.1-9+deb8u9_i386.deb
 cff1c696436894d32de0057c2a778e09 317442 libs optional libxen-4.4_4.4.1-9+deb8u9_i386.deb
 cab7b76ddb381a9ba56ef7dc971f3b96 496778 libdevel optional libxen-dev_4.4.1-9+deb8u9_i386.deb
 fcd713c41061f0abbd18cb7bfb140fdb 403990 kernel optional xen-utils-4.4_4.4.1-9+deb8u9_i386.deb
 c90054fc19ab358d661fd1c61bd4b7de 27440 admin optional xenstore-utils_4.4.1-9+deb8u9_i386.deb

-----BEGIN PGP SIGNATURE-----

iQFUBAEBCAA+FiEEVZrkbC1rbTJl58uh4+M5I0i1DTkFAlkQhEsgHGlqYWNrc29u
QGNoaWFyay5ncmVlbmVuZC5vcmcudWsACgkQ4+M5I0i1DTnvEAf+Nr9kBS+zX2He
Bs1wsJQnswW3JAS7IDfm4cR2gQqrfpxP2H9+LFP+1EqMys2rCfDGF9iDqHBhgAGO
sBChrsb0zcJ1gE45ounTc8M6gOqvLfVgP0X6dW455DM4GQ+yeEhjyXGCWZw6eHKb
MAk9mDZOnhim4izDwoTDL1w5Xv3HfHSHo9mmiMZ4qKiOHN3VKZ9HyFOwfg6XTOUK
UyzrCQpVKav8TpJnKbTinUONBWrDcr9aFN1aTzdkWUuB4kMF6smHy0XqQ2rRafPf
ExAw+QW9qskKZLCCSLraQuioB3NWaktYCjYsk4f6o1wnhuXS6/tmMQUx8oMyXfvZ
vBCKGe4xLg==
=Mk/N
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 25 Jun 2017 07:27:13 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 15:56:53 2019; Machine Name: beach

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started