Bug#859560: xen: CVE-2017-7228: x86: broken check in memory_exchange() permits PV guest breakout (XSA-212)

2017-04-17 Thread Niels Thykier 
On Tue, 11 Apr 2017 18:38:22 +0100 Ian Jackson
<ian.jack...@eu.citrix.com> wrote:
> Niels Thykier writes ("Bug#859560: xen: CVE-2017-7228: x86: broken check in 
> memory_exchange() permits PV guest breakout (XSA-212)"):
> > Hi Xen maintainers,
> > Is there any update on this bug?
> 
> Sorry for having dropping this.  I will try to sort out this (and the
> other outstanding security issues with this package) this week.
> 
> Ian.
> 
> 

Hi Ian,

Thanks for looking into this. :)

~Niels

Bug#859560: xen: CVE-2017-7228: x86: broken check in memory_exchange() permits PV guest breakout (XSA-212)

2017-04-11 Thread Ian Jackson 
Niels Thykier writes ("Bug#859560: xen: CVE-2017-7228: x86: broken check in 
memory_exchange() permits PV guest breakout (XSA-212)"):
> Hi Xen maintainers,
> Is there any update on this bug?

Sorry for having dropping this.  I will try to sort out this (and the
other outstanding security issues with this package) this week.

Ian.

Bug#859560: xen: CVE-2017-7228: x86: broken check in memory_exchange() permits PV guest breakout (XSA-212)

2017-04-11 Thread Niels Thykier 
On Tue, 04 Apr 2017 21:49:44 +0200 Salvatore Bonaccorso
 wrote:
> Source: xen
> Version: 4.8.1~pre.2017.01.23-1
> Severity: grave
> Tags: security upstream
> Justification: user security hole
> 
> Hi,
> 
> the following vulnerability was published for xen.
> 
> CVE-2017-7228[0]:
> | An issue (known as XSA-212) was discovered in Xen, with fixes available
> | for 4.8.x, 4.7.x, 4.6.x, 4.5.x, and 4.4.x. The earlier XSA-29 fix
> | introduced an insufficient check on XENMEM_exchange input, allowing the
> | caller to drive hypervisor memory accesses outside of the guest
> | provided input/output arrays.
> 
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
> 
> For further information see:
> 
> [0] https://security-tracker.debian.org/tracker/CVE-2017-7228
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7228
> [1] https://xenbits.xen.org/xsa/advisory-212.html
> 
> Please adjust the affected versions in the BTS as needed.
> 
> Regards,
> Salvatore
> 
> 

Hi Xen maintainers,

Is there any update on this bug?

Thanks,
~Niels

Bug#859560: xen: CVE-2017-7228: x86: broken check in memory_exchange() permits PV guest breakout (XSA-212)

2017-04-04 Thread Salvatore Bonaccorso 
Source: xen
Version: 4.8.1~pre.2017.01.23-1
Severity: grave
Tags: security upstream
Justification: user security hole

Hi,

the following vulnerability was published for xen.

CVE-2017-7228[0]:
| An issue (known as XSA-212) was discovered in Xen, with fixes available
| for 4.8.x, 4.7.x, 4.6.x, 4.5.x, and 4.4.x. The earlier XSA-29 fix
| introduced an insufficient check on XENMEM_exchange input, allowing the
| caller to drive hypervisor memory accesses outside of the guest
| provided input/output arrays.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-7228
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7228
[1] https://xenbits.xen.org/xsa/advisory-212.html

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore