grant transfer allows PV guest to elevate privileges [XSA-214]

Debian Bug report logs - #861660
grant transfer allows PV guest to elevate privileges [XSA-214]

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Ian Jackson <ian.jackson@eu.citrix.com>

To: <submit@bugs.debian.org>

Subject: grant transfer allows PV guest to elevate privileges [XSA-214]

Date: Tue, 2 May 2017 13:02:10 +0100

Source: xen
Version: 4.4.1-9
Severity: important
Tags: security upstream fixed-upstream

See
  https://xenbits.xen.org/xsa/advisory-214.html

Ian.

Message #10 received at 861660-close@bugs.debian.org (full text, mbox, reply):

From: Ian Jackson <ian.jackson@eu.citrix.com>

To: 861660-close@bugs.debian.org

Subject: Bug#861660: fixed in xen 4.8.1-1+deb9u1

Date: Tue, 02 May 2017 12:34:33 +0000

Source: xen
Source-Version: 4.8.1-1+deb9u1

We believe that the bug you reported is fixed in the latest version of
xen, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 861660@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Ian Jackson <ian.jackson@eu.citrix.com> (supplier of updated xen package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 02 May 2017 12:19:57 +0100
Source: xen
Binary: libxen-4.8 libxenstore3.0 libxen-dev xenstore-utils xen-utils-common xen-utils-4.8 xen-hypervisor-4.8-amd64 xen-system-amd64 xen-hypervisor-4.8-arm64 xen-system-arm64 xen-hypervisor-4.8-armhf xen-system-armhf
Architecture: source
Version: 4.8.1-1+deb9u1
Distribution: unstable
Urgency: medium
Maintainer: Debian Xen Team <pkg-xen-devel@lists.alioth.debian.org>
Changed-By: Ian Jackson <ian.jackson@eu.citrix.com>
Description:
 libxen-4.8 - Public libs for Xen
 libxen-dev - Public headers and libs for Xen
 libxenstore3.0 - Xenstore communications library for Xen
 xen-hypervisor-4.8-amd64 - Xen Hypervisor on AMD64
 xen-hypervisor-4.8-arm64 - Xen Hypervisor on ARM64
 xen-hypervisor-4.8-armhf - Xen Hypervisor on ARMHF
 xen-system-amd64 - Xen System on AMD64 (meta-package)
 xen-system-arm64 - Xen System on ARM64 (meta-package)
 xen-system-armhf - Xen System on ARMHF (meta-package)
 xen-utils-4.8 - XEN administrative tools
 xen-utils-common - Xen administrative tools - common files
 xenstore-utils - Xenstore command line utilities for Xen
Closes: 861659 861660
Changes:
 xen (4.8.1-1+deb9u1) unstable; urgency=medium
 .
   * Security fixes for XSA-213 (Closes:#861659) and XSA-214
     (Closes:#861660).  (Xen 4.7 and later is not affected by XSA-215.)
Checksums-Sha1:
 eb0a070b107f1511750b3a57c7872182c7d2c9b5 2792 xen_4.8.1-1+deb9u1.dsc
 fd207bea38118d2dd1b552668f3b8cbe8b533177 54160 xen_4.8.1-1+deb9u1.debian.tar.xz
Checksums-Sha256:
 99751c44e21b37aa82532aaf25dc3f01653bbaff60711f778a8d781416f2153d 2792 xen_4.8.1-1+deb9u1.dsc
 7b853ef996c8adc6f8da4e1c90da756b0c4b54f02acd68fcae17364410e8c4fe 54160 xen_4.8.1-1+deb9u1.debian.tar.xz
Files:
 36c072752a6a10210970a935c494449a 2792 kernel optional xen_4.8.1-1+deb9u1.dsc
 1b410702a80ddb8b15655d93cd24e9d7 54160 kernel optional xen_4.8.1-1+deb9u1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEVZrkbC1rbTJl58uh4+M5I0i1DTkFAlkIdoYACgkQ4+M5I0i1
DTls1gf8DLB362mPN6ZN09J/3lT+sSsgFcp+yyO++BYmnPLDL0xD2KsBMzrKjfFr
3L/NmucM49rIsILgQDT8RJZTwNk24TOQSq21IKhwiF1lwYf1e4LAPD0N1PwFdGM9
E49MOcfHpl7xMNeJKP6qrQ2m0Q8ZnVF+aCsqMefVDInwUylTiVfqJZPLa8Zi4jka
wfzxqqZhjWDOFM+AOyg0ZracohbZG5EsMGAhwMT4OHalp0mECeLIT6YRF6u09qk/
dN2LNcv6qF/fiuUWzjNdM2Wi3RbXopZAYjVpZ+vij3OCRQ8lQWmCLNsP+8os4GRp
/2X2r1ODZg9Rsr9khLQG9nvsmQs2DQ==
=QB1n
-----END PGP SIGNATURE-----

Message #15 received at 861660@bugs.debian.org (full text, mbox, reply):

From: Ian Jackson <ian.jackson@eu.citrix.com>

To: <861659@bugs.debian.org>, <861660@bugs.debian.org>

Cc: <security@debian.org>, <pkg-xen-devel@lists.alioth.debian.org>

Subject: Xen package security updates for jessie 4.4, XSA-213, XSA-214

Date: Thu, 4 May 2017 17:06:07 +0100

Ian Jackson writes ("64bit PV guest breakout [XSA-213]"):
> Source: xen
> Version: 4.4.1-9
> Severity: important
> Tags: security upstream fixed-upstream
> 
> See
>   https://xenbits.xen.org/xsa/advisory-213.html

Ian Jackson writes ("grant transfer allows PV guest to elevate privileges [XSA-214]"):
> Source: xen
> Version: 4.4.1-9
> Severity: important
> Tags: security upstream fixed-upstream
> 
> See
>   https://xenbits.xen.org/xsa/advisory-214.html

I have fixed these in stretch but the jessie package remains unfixed.
I think I may be able to find some backports somewhere.  Would that be
useful ?  Is anyone else working on this ?

Ian.

Message #20 received at 861660@bugs.debian.org (full text, mbox, reply):

From: Moritz Muehlenhoff <jmm@inutil.org>

To: Ian Jackson <ian.jackson@eu.citrix.com>

Cc: 861659@bugs.debian.org, 861660@bugs.debian.org, security@debian.org, pkg-xen-devel@lists.alioth.debian.org

Subject: Re: Xen package security updates for jessie 4.4, XSA-213, XSA-214

Date: Thu, 4 May 2017 18:51:54 +0200

On Thu, May 04, 2017 at 05:06:07PM +0100, Ian Jackson wrote:
> Ian Jackson writes ("64bit PV guest breakout [XSA-213]"):
> > Source: xen
> > Version: 4.4.1-9
> > Severity: important
> > Tags: security upstream fixed-upstream
> > 
> > See
> >   https://xenbits.xen.org/xsa/advisory-213.html
> 
> Ian Jackson writes ("grant transfer allows PV guest to elevate privileges [XSA-214]"):
> > Source: xen
> > Version: 4.4.1-9
> > Severity: important
> > Tags: security upstream fixed-upstream
> > 
> > See
> >   https://xenbits.xen.org/xsa/advisory-214.html
> 
> I have fixed these in stretch but the jessie package remains unfixed.
> I think I may be able to find some backports somewhere.  Would that be
> useful ?  Is anyone else working on this ?

Yes, please!

Cheers,
        Moritz

Message #25 received at 861660@bugs.debian.org (full text, mbox, reply):

From: Ian Jackson <ian.jackson@eu.citrix.com>

To: Moritz Muehlenhoff <jmm@inutil.org>

Cc: <861659@bugs.debian.org>, <861660@bugs.debian.org>, <security@debian.org>, <pkg-xen-devel@lists.alioth.debian.org>

Subject: Re: Xen package security updates for jessie 4.4, XSA-213, XSA-214

Date: Thu, 4 May 2017 17:59:18 +0100

Moritz Muehlenhoff writes ("Re: Xen package security updates for jessie 4.4, XSA-213, XSA-214"):
> On Thu, May 04, 2017 at 05:06:07PM +0100, Ian Jackson wrote:
> > I have fixed these in stretch but the jessie package remains unfixed.
> > I think I may be able to find some backports somewhere.  Would that be
> > useful ?  Is anyone else working on this ?
> 
> Yes, please!

Working on it now.  What shall I do with my resulting package ?

Should I put jessie-security in the debian/changelog and dgit push it
(ie, from many people's pov, dput it) ?

Ian.

Message #30 received at 861660@bugs.debian.org (full text, mbox, reply):

From: Moritz Muehlenhoff <jmm@inutil.org>

To: Ian Jackson <ian.jackson@eu.citrix.com>

Cc: 861659@bugs.debian.org, 861660@bugs.debian.org, security@debian.org, pkg-xen-devel@lists.alioth.debian.org

Subject: Re: Xen package security updates for jessie 4.4, XSA-213, XSA-214

Date: Thu, 4 May 2017 19:06:21 +0200

On Thu, May 04, 2017 at 05:59:18PM +0100, Ian Jackson wrote:
> Moritz Muehlenhoff writes ("Re: Xen package security updates for jessie 4.4, XSA-213, XSA-214"):
> > On Thu, May 04, 2017 at 05:06:07PM +0100, Ian Jackson wrote:
> > > I have fixed these in stretch but the jessie package remains unfixed.
> > > I think I may be able to find some backports somewhere.  Would that be
> > > useful ?  Is anyone else working on this ?
> > 
> > Yes, please!
> 
> Working on it now.  What shall I do with my resulting package ?
> 
> Should I put jessie-security in the debian/changelog and dgit push it
> (ie, from many people's pov, dput it) ?

Yes, the distribution line should be jessie-security, but please send
a debdiff to team@security.debian.org for a quick review before
uploading (I have no idea whether dgit supports security-master).

Cheers,
        Moritz

Message #35 received at 861660@bugs.debian.org (full text, mbox, reply):

From: Ian Jackson <ian.jackson@eu.citrix.com>

To: Moritz Muehlenhoff <jmm@inutil.org>

Cc: <861659@bugs.debian.org>, <861660@bugs.debian.org>, <security@debian.org>, <pkg-xen-devel@lists.alioth.debian.org>

Subject: Re: Xen package security updates for jessie 4.4, XSA-213, XSA-214

Date: Thu, 4 May 2017 18:19:07 +0100

Moritz Muehlenhoff writes ("Re: Xen package security updates for jessie 4.4, XSA-213, XSA-214"):
> On Thu, May 04, 2017 at 05:59:18PM +0100, Ian Jackson wrote:
> > Should I put jessie-security in the debian/changelog and dgit push it
> > (ie, from many people's pov, dput it) ?
> 
> Yes, the distribution line should be jessie-security, but please send
> a debdiff to team@security.debian.org for a quick review before
> uploading (I have no idea whether dgit supports security-master).

I'll send you a debdiff, thanks.  I guess I'll find out whether dgit
does work or not.

I need to check the armhf build, since there are conflicts there.  I
don't think I can conveniently test the armhf version.

Ian.

Message #40 received at 861660@bugs.debian.org (full text, mbox, reply):

From: Moritz Muehlenhoff <jmm@inutil.org>

To: Ian Jackson <ian.jackson@eu.citrix.com>

Cc: 861659@bugs.debian.org, 861660@bugs.debian.org, security@debian.org, pkg-xen-devel@lists.alioth.debian.org

Subject: Re: Xen package security updates for jessie 4.4, XSA-213, XSA-214

Date: Thu, 4 May 2017 19:25:41 +0200

On Thu, May 04, 2017 at 06:19:07PM +0100, Ian Jackson wrote:
> Moritz Muehlenhoff writes ("Re: Xen package security updates for jessie 4.4, XSA-213, XSA-214"):
> > On Thu, May 04, 2017 at 05:59:18PM +0100, Ian Jackson wrote:
> > > Should I put jessie-security in the debian/changelog and dgit push it
> > > (ie, from many people's pov, dput it) ?
> > 
> > Yes, the distribution line should be jessie-security, but please send
> > a debdiff to team@security.debian.org for a quick review before
> > uploading (I have no idea whether dgit supports security-master).
> 
> I'll send you a debdiff, thanks.  I guess I'll find out whether dgit
> does work or not.
> 
> I need to check the armhf build, since there are conflicts there.  I
> don't think I can conveniently test the armhf version.

You mean CVE-2016-9815-CVE-2016-9818? We can simply leave them unfixed/ignored
I guess, it's not that there's any arm-based cloud hosting companies
running jessie on arm :-)

Cheers,
        Moritz

Message #45 received at 861660@bugs.debian.org (full text, mbox, reply):

From: Ian Jackson <ian.jackson@eu.citrix.com>

To: Moritz Muehlenhoff <jmm@inutil.org>

Cc: <861659@bugs.debian.org>, <861660@bugs.debian.org>, <security@debian.org>, <pkg-xen-devel@lists.alioth.debian.org>

Subject: Re: Xen package security updates for jessie 4.4, XSA-213, XSA-214

Date: Thu, 4 May 2017 18:43:39 +0100

Moritz Muehlenhoff writes ("Re: Xen package security updates for jessie 4.4, XSA-213, XSA-214"):
> On Thu, May 04, 2017 at 06:19:07PM +0100, Ian Jackson wrote:
> > I need to check the armhf build, since there are conflicts there.  I
> > don't think I can conveniently test the armhf version.
> 
> You mean CVE-2016-9815-CVE-2016-9818? We can simply leave them
> unfixed/ignored I guess, it's not that there's any arm-based cloud
> hosting companies running jessie on arm :-)

No.  I mean XSA-213, which doesn't have a CVE because MITRE :-/.

Ian.

Message #50 received at 861660-close@bugs.debian.org (full text, mbox, reply):

From: Ian Jackson <ijackson@chiark.greenend.org.uk>

To: 861660-close@bugs.debian.org

Subject: Bug#861660: fixed in xen 4.4.1-9+deb8u9

Date: Sat, 27 May 2017 12:34:02 +0000

Source: xen
Source-Version: 4.4.1-9+deb8u9

We believe that the bug you reported is fixed in the latest version of
xen, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 861660@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Ian Jackson <ijackson@chiark.greenend.org.uk> (supplier of updated xen package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 08 May 2017 15:04:37 +0100
Source: xen
Binary: libxen-4.4 libxenstore3.0 libxen-dev xenstore-utils xen-utils-common xen-utils-4.4 xen-hypervisor-4.4-amd64 xen-system-amd64 xen-hypervisor-4.4-arm64 xen-system-arm64 xen-hypervisor-4.4-armhf xen-system-armhf
Architecture: all i386 source
Version: 4.4.1-9+deb8u9
Distribution: jessie-security
Urgency: medium
Maintainer: Debian Xen Team <pkg-xen-devel@lists.alioth.debian.org>
Changed-By: Ian Jackson <ijackson@chiark.greenend.org.uk>
Closes: 848081 859560 861659 861660 861662
Description: 
 libxen-4.4 - Public libs for Xen
 libxen-dev - Public headers and libs for Xen
 libxenstore3.0 - Xenstore communications library for Xen
 xen-hypervisor-4.4-amd64 - Xen Hypervisor on AMD64
 xen-hypervisor-4.4-arm64 - Xen Hypervisor on ARM64
 xen-hypervisor-4.4-armhf - Xen Hypervisor on ARMHF
 xen-system-amd64 - Xen System on AMD64 (meta-package)
 xen-system-arm64 - Xen System on ARM64 (meta-package)
 xen-system-armhf - Xen System on ARMHF (meta-package)
 xen-utils-4.4 - XEN administrative tools
 xen-utils-common - Xen administrative tools - common files
 xenstore-utils - Xenstore command line utilities for Xen
Changes:
 xen (4.4.1-9+deb8u9) jessie-security; urgency=medium
 .
   Security updates:
   * XSA-200: Closes:#848081: CVE-2016-9932: x86 emulation operand size
   * XSA-202: CVE-2016-10024: x86 PV guests may be able to mask interrupts
   * XSA-204: CVE-2016-10013: x86: Mishandling of SYSCALL singlestep
   * XSA-212: Closes:#859560: CVE-2017-7228: x86: broken memory_exchange()
   * XSA-213: Closes:#861659: 64bit PV guest breakout
   * XSA-214: Closes:#861660: grant transfer PV privilege escalation
   * XSA-215: Closes:#861662: memory corruption via failsafe callback
Checksums-Sha1: 
 dccdc1d672c7715990dd985a8283e8cc15ff312e 2691 xen_4.4.1-9+deb8u9.dsc
 a8f99df8862e1f2ab9c866f11cafad85961dc2ba 117608 xen_4.4.1-9+deb8u9.debian.tar.xz
 728d82a4aa8e6927326164dd85ef6de79d88ad01 122470 xen-utils-common_4.4.1-9+deb8u9_all.deb
 627996f4388cd9fe72f29ddb14d1d12e58509f75 746102 xen-hypervisor-4.4-amd64_4.4.1-9+deb8u9_i386.deb
 0c35fb0bac9ee7f66f6e92f62c304b3f0792fbce 21188 xen-system-amd64_4.4.1-9+deb8u9_i386.deb
 a486f18e797783937a180525817d2a8a7b8b1893 32896 libxenstore3.0_4.4.1-9+deb8u9_i386.deb
 915a7ab0980fb731d0d9645c45f64bf568b2644a 317442 libxen-4.4_4.4.1-9+deb8u9_i386.deb
 657d2355f55543bae8b8402f459f3bfa265e316b 496778 libxen-dev_4.4.1-9+deb8u9_i386.deb
 4bf206d5ff3723f8c54ccb56feae2ee3da9b536e 403990 xen-utils-4.4_4.4.1-9+deb8u9_i386.deb
 9e7fa1fc651190892461a514ebeb168b31ffa0a6 27440 xenstore-utils_4.4.1-9+deb8u9_i386.deb
Checksums-Sha256: 
 b04bcb8548088c76f0c397d3a9399ced1725f8ac0d728342df05f32be2d876cf 2691 xen_4.4.1-9+deb8u9.dsc
 189427cbb2b40974123eb3492149d9d9509c90aa9cac789a91c7f76b3364b24b 117608 xen_4.4.1-9+deb8u9.debian.tar.xz
 9713c806a4996a17433415f018b0f0a1a02793f8bd7cd4227f7c934e267cc7a3 122470 xen-utils-common_4.4.1-9+deb8u9_all.deb
 f3b2b7edf61d0685aa4dcb55c43fe2afd6f03f08ff8012b17e05f40713d2e1e1 746102 xen-hypervisor-4.4-amd64_4.4.1-9+deb8u9_i386.deb
 aaa078d37345752dc32b5a94120ebdd5a04ca66aaa77fbe69b4d292dc047e94d 21188 xen-system-amd64_4.4.1-9+deb8u9_i386.deb
 b81f7ce82cf8c6964016073ddb80a1a685a5fa600b98da948bc7c328d35be118 32896 libxenstore3.0_4.4.1-9+deb8u9_i386.deb
 70fbfae3c33be2003b8c5be69f5064f7ccb2f1322e8375a2dc2f5859ac00e531 317442 libxen-4.4_4.4.1-9+deb8u9_i386.deb
 567ec75a599d2d14a0a3d8b3303e8e07cbd1ba1d780b12a1f97823d3162cfeed 496778 libxen-dev_4.4.1-9+deb8u9_i386.deb
 7f54740f5cece13f510e25a46d91fe816c4ceb50c7184ee0d1e5eec9fa8b892a 403990 xen-utils-4.4_4.4.1-9+deb8u9_i386.deb
 7d47306e90b7cc044fd431f000c9680d6b3d252ff6d6c8f20094597329b464db 27440 xenstore-utils_4.4.1-9+deb8u9_i386.deb
Files: 
 10333973b06697ac8f3776e4fed6f07d 2691 kernel optional xen_4.4.1-9+deb8u9.dsc
 241f5be5b2ea17e3e086b3f4ab78c675 117608 kernel optional xen_4.4.1-9+deb8u9.debian.tar.xz
 5f29444a1b8299185bc69c8eb4fc926a 122470 kernel optional xen-utils-common_4.4.1-9+deb8u9_all.deb
 3c91066a0458cfc663e1178f28d5714f 746102 kernel optional xen-hypervisor-4.4-amd64_4.4.1-9+deb8u9_i386.deb
 537717e53e96fe9a1272a42c621dfe0b 21188 kernel optional xen-system-amd64_4.4.1-9+deb8u9_i386.deb
 18ed75ff9923769538bcbd2e0f52eb8b 32896 libs optional libxenstore3.0_4.4.1-9+deb8u9_i386.deb
 cff1c696436894d32de0057c2a778e09 317442 libs optional libxen-4.4_4.4.1-9+deb8u9_i386.deb
 cab7b76ddb381a9ba56ef7dc971f3b96 496778 libdevel optional libxen-dev_4.4.1-9+deb8u9_i386.deb
 fcd713c41061f0abbd18cb7bfb140fdb 403990 kernel optional xen-utils-4.4_4.4.1-9+deb8u9_i386.deb
 c90054fc19ab358d661fd1c61bd4b7de 27440 admin optional xenstore-utils_4.4.1-9+deb8u9_i386.deb

-----BEGIN PGP SIGNATURE-----

iQFUBAEBCAA+FiEEVZrkbC1rbTJl58uh4+M5I0i1DTkFAlkQhEsgHGlqYWNrc29u
QGNoaWFyay5ncmVlbmVuZC5vcmcudWsACgkQ4+M5I0i1DTnvEAf+Nr9kBS+zX2He
Bs1wsJQnswW3JAS7IDfm4cR2gQqrfpxP2H9+LFP+1EqMys2rCfDGF9iDqHBhgAGO
sBChrsb0zcJ1gE45ounTc8M6gOqvLfVgP0X6dW455DM4GQ+yeEhjyXGCWZw6eHKb
MAk9mDZOnhim4izDwoTDL1w5Xv3HfHSHo9mmiMZ4qKiOHN3VKZ9HyFOwfg6XTOUK
UyzrCQpVKav8TpJnKbTinUONBWrDcr9aFN1aTzdkWUuB4kMF6smHy0XqQ2rRafPf
ExAw+QW9qskKZLCCSLraQuioB3NWaktYCjYsk4f6o1wnhuXS6/tmMQUx8oMyXfvZ
vBCKGe4xLg==
=Mk/N
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.