Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2014-10-05 20:30:33 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "xen" Changes: -------- --- /work/SRC/openSUSE:Factory/xen/xen.changes 2014-09-25 09:33:43.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.xen.new/xen.changes 2014-10-05 20:30:37.000000000 +0200 @@ -1,0 +2,7 @@ +Tue Sep 30 09:01:16 MDT 2014 - carn...@suse.com + +- bnc#897657 - VUL-0: CVE-2014-7188: xen: XSA-108 Improper MSR + range used for x2APIC emulation + xsa108.patch + +------------------------------------------------------------------- @@ -27,2 +34,2 @@ -- bnc#895802 - VUL-0: xen: XSA-106: Missing privilege level checks - in x86 emulation of software interrupts +- bnc#895802 - VUL-0: CVE-2014-7156: xen: XSA-106: Missing + privilege level checks in x86 emulation of software interrupts @@ -30,2 +37,2 @@ -- bnc#895799 - VUL-0: xen: XSA-105: Missing privilege level checks - in x86 HLT, LGDT, LIDT, and LMSW emulation +- bnc#895799 - VUL-0: CVE-2014-7155: xen: XSA-105: Missing + privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation @@ -33,2 +40,2 @@ -- bnc#895798 - VUL-0: xen: XSA-104: Race condition in - HVMOP_track_dirty_vram +- bnc#895798 - VUL-0: CVE-2014-7154: xen: XSA-104: Race condition + in HVMOP_track_dirty_vram New: ---- xsa108.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ xen.spec ++++++ --- /var/tmp/diff_new_pack.rBfrIa/_old 2014-10-05 20:30:41.000000000 +0200 +++ /var/tmp/diff_new_pack.rBfrIa/_new 2014-10-05 20:30:41.000000000 +0200 @@ -15,6 +15,7 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # + # needssslcertforbuild Name: xen @@ -240,6 +241,7 @@ Patch105: xsa105.patch Patch106: xsa106.patch Patch107: xsa107.patch +Patch108: xsa108.patch # Upstream qemu Patch250: VNC-Support-for-ExtendedKeyEvent-client-message.patch Patch251: 0001-net-move-the-tap-buffer-into-TAPState.patch @@ -636,6 +638,7 @@ %patch105 -p1 %patch106 -p1 %patch107 -p1 +%patch108 -p1 # Upstream qemu patches %patch250 -p1 %patch251 -p1 ++++++ xsa108.patch ++++++ x86/HVM: properly bound x2APIC MSR range While the write path change appears to be purely cosmetic (but still gets done here for consistency), the read side mistake permitted accesses beyond the virtual APIC page. This is XSA-108. Signed-off-by: Jan Beulich <jbeul...@suse.com> --- a/xen/arch/x86/hvm/hvm.c +++ b/xen/arch/x86/hvm/hvm.c @@ -3101,7 +3101,7 @@ int hvm_msr_read_intercept(unsigned int *msr_content = vcpu_vlapic(v)->hw.apic_base_msr; break; - case MSR_IA32_APICBASE_MSR ... MSR_IA32_APICBASE_MSR + 0x3ff: + case MSR_IA32_APICBASE_MSR ... MSR_IA32_APICBASE_MSR + 0xff: if ( hvm_x2apic_msr_read(v, msr, msr_content) ) goto gp_fault; break; @@ -3227,7 +3227,7 @@ int hvm_msr_write_intercept(unsigned int vlapic_tdt_msr_set(vcpu_vlapic(v), msr_content); break; - case MSR_IA32_APICBASE_MSR ... MSR_IA32_APICBASE_MSR + 0x3ff: + case MSR_IA32_APICBASE_MSR ... MSR_IA32_APICBASE_MSR + 0xff: if ( hvm_x2apic_msr_write(v, msr, msr_content) ) goto gp_fault; break; -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
