Created attachment 158521 [details] With patch from http://xenbits.xen.org/xsa/xsa137.patch Notification regarding XSA-137 / CVE-2015-3259 for "xl command line config handling stack overflow" http://xenbits.xen.org/xsa/advisory-137.html
Created attachment 158522 [details] Poudriere log for xen-tools-4.5.0_8 with XSA-137 patch Build test on 11.0-CURRENT r284725 amd64 I don't use Xen and am unable to test runtime.
Is there a reason most of the recent sysutils/xen-tools and emulators/xen-kernel CVE's haven't been addressed with VuXML? Perhaps because it's only supported on CURRENT? I can look into addressing this if desired.
thanks on the update, the reason for vuxml is just that I forgot to add those, if you want to provide a patch to document the previous issues I would be very thankful!
A commit references this bug: Author: bapt Date: Sat Jul 11 13:16:47 UTC 2015 New revision: 391737 URL: https://svnweb.freebsd.org/changeset/ports/391737 Log: Fix XSA-137 / CVE-2015-3259 PR: 201416 Submitted by: Jason Unovitch <jason.unovitch@gmail.com> Changes: head/sysutils/xen-tools/Makefile head/sysutils/xen-tools/files/xsa137.patch
Created attachment 158621 [details] security/vuxml update for xen - Document xen-tools and xen-kernel advisories XSA-117,118,119,121,122,123,125,126,128,129,130,131,132,134,136,137 == Validation == % make validate /bin/sh /usr/ports/security/vuxml/files/tidy.sh "/usr/ports/security/vuxml/files/tidy.xsl" "/usr/ports/security/vuxml/vuln.xml" > "/usr/ports/security/vuxml/vuln.xml.tidy" >>> Validating... /usr/local/bin/xmllint --valid --noout /usr/ports/security/vuxml/vuln.xml >>> Successful. Checking if tidy differs... ... seems okay Checking for space/tab... ... seems okay /usr/local/bin/python2.7 /usr/ports/security/vuxml/files/extra-validation.py /usr/ports/security/vuxml/vuln.xml == BEFORE == % env PKG_DBDIR=/usr/ports/security/vuxml pkg audit xen-tools-4.5.0 xen-tools-4.5.0 is vulnerable: xen-tools -- Unmediated PCI register access in qemu CVE: CVE-2015-4106 WWW: https://vuxml.FreeBSD.org/freebsd/3d657340-27ea-11e5-a4a5-002590263bf5.html xen-tools-4.5.0 is vulnerable: xen-tools -- PCI MSI mask bits inadvertently exposed to guests CVE: CVE-2015-4104 WWW: https://vuxml.FreeBSD.org/freebsd/4db8a0f4-27e9-11e5-a4a5-002590263bf5.html xen-tools-4.5.0 is vulnerable: xen-tools -- Guest triggerable qemu MSI-X pass-through error messages CVE: CVE-2015-4105 WWW: https://vuxml.FreeBSD.org/freebsd/cbe1a0f9-27e9-11e5-a4a5-002590263bf5.html xen-tools-4.5.0 is vulnerable: xen-tools -- HVM qemu unexpectedly enabling emulated VGA graphics backends CVE: CVE-2015-2152 WWW: https://vuxml.FreeBSD.org/freebsd/0d732fd1-27e0-11e5-a4a5-002590263bf5.html xen-tools-4.5.0 is vulnerable: xen-tools -- xl command line config handling stack overflow CVE: CVE-2015-3259 WWW: https://vuxml.FreeBSD.org/freebsd/f1deed23-27ec-11e5-a4a5-002590263bf5.html xen-tools-4.5.0 is vulnerable: xen-tools -- Unmediated PCI command register access in qemu CVE: CVE-2015-2756 WWW: https://vuxml.FreeBSD.org/freebsd/79f401cd-27e6-11e5-a4a5-002590263bf5.html xen-tools-4.5.0 is vulnerable: qemu, xen and VirtualBox OSE -- possible VM escape and code execution ("VENOM") CVE: CVE-2015-3456 WWW: https://vuxml.FreeBSD.org/freebsd/2780e442-fc59-11e4-b18b-6805ca1d3bb1.html xen-tools-4.5.0 is vulnerable: xen-kernel and xen-tools -- Long latency MMIO mapping operations are not preemptible CVE: CVE-2015-2752 WWW: https://vuxml.FreeBSD.org/freebsd/d40c66cb-27e4-11e5-a4a5-002590263bf5.html xen-tools-4.5.0 is vulnerable: xen-tools -- Potential unintended writes to host MSI message data field via qemu CVE: CVE-2015-4103 WWW: https://vuxml.FreeBSD.org/freebsd/af38cfec-27e7-11e5-a4a5-002590263bf5.html 1 problem(s) in the installed packages found. % env PKG_DBDIR=/usr/ports/security/vuxml pkg audit xen-kernel-4.5.0 xen-kernel-4.5.0 is vulnerable: xen-kernel -- Information leak through version information hypercall CVE: CVE-2015-2045 WWW: https://vuxml.FreeBSD.org/freebsd/ef9d041e-27e2-11e5-a4a5-002590263bf5.html xen-kernel-4.5.0 is vulnerable: xen-kernel -- arm: vgic-v2: GICD_SGIR is not properly emulated CVE: CVE-2015-0268 WWW: https://vuxml.FreeBSD.org/freebsd/785c86b1-27d6-11e5-a4a5-002590263bf5.html xen-kernel-4.5.0 is vulnerable: xen-kernel -- arm: vgic: incorrect rate limiting of guest triggered logging CVE: CVE-2015-1563 WWW: https://vuxml.FreeBSD.org/freebsd/912cb7f7-27df-11e5-a4a5-002590263bf5.html xen-kernel-4.5.0 is vulnerable: xen-kernel -- Information leak via internal x86 system device emulation CVE: CVE-2015-2044 WWW: https://vuxml.FreeBSD.org/freebsd/5023f559-27e2-11e5-a4a5-002590263bf5.html xen-kernel-4.5.0 is vulnerable: xen-kernel -- Certain domctl operations may be abused to lock up the host CVE: CVE-2015-2751 WWW: https://vuxml.FreeBSD.org/freebsd/103a47d5-27e7-11e5-a4a5-002590263bf5.html xen-kernel-4.5.0 is vulnerable: xen-kernel -- vulnerability in the iret hypercall handler CVE: CVE-2015-4164 WWW: https://vuxml.FreeBSD.org/freebsd/8c31b288-27ec-11e5-a4a5-002590263bf5.html xen-kernel-4.5.0 is vulnerable: xen-kernel -- GNTTABOP_swap_grant_ref operation misbehavior CVE: CVE-2015-4163 WWW: https://vuxml.FreeBSD.org/freebsd/80e846ff-27eb-11e5-a4a5-002590263bf5.html xen-kernel-4.5.0 is vulnerable: xen-kernel and xen-tools -- Long latency MMIO mapping operations are not preemptible CVE: CVE-2015-2752 WWW: https://vuxml.FreeBSD.org/freebsd/d40c66cb-27e4-11e5-a4a5-002590263bf5.html xen-kernel-4.5.0 is vulnerable: xen-kernel -- Information leak through XEN_DOMCTL_gettscinfo CVE: CVE-2015-3340 WWW: https://vuxml.FreeBSD.org/freebsd/ce658051-27ea-11e5-a4a5-002590263bf5.html xen-kernel-4.5.0 is vulnerable: xen-kernel -- Hypervisor memory corruption due to x86 emulator flaw CVE: CVE-2015-2151 WWW: https://vuxml.FreeBSD.org/freebsd/83a28417-27e3-11e5-a4a5-002590263bf5.html 1 problem(s) in the installed packages found. == AFTER == % env PKG_DBDIR=/usr/ports/security/vuxml pkg audit xen-kernel-4.5.0_3 0 problem(s) in the installed packages found. % env PKG_DBDIR=/usr/ports/security/vuxml pkg audit xen-tools-4.5.0_8 0 problem(s) in the installed packages found.
It is in, thank you very much!
A commit references this bug: Author: bapt Date: Sat Jul 11 17:21:35 UTC 2015 New revision: 391764 URL: https://svnweb.freebsd.org/changeset/ports/391764 Log: Document all recent xen-kernel and xen-tools security issues PR: 201416 Submitted by: Jason Unovitch <jason.unovitch@gmail.com> Changes: head/security/vuxml/vuln.xml
Created attachment 158622 [details] security/vuxml for XSA-135 - Add xen-tools to the list of packages fixed in existing XSA-136 / CVE-2015-4164 entry
(In reply to Baptiste Daroussin from comment #6) Thanks! That was quick. The second one was to modify the existing entry for XSA-135. Didn't want to clutter the already big patch for the additions. It should be much easier keeping this updated moving forward now.
(In reply to Jason Unovitch from comment #8) Comment 8 should say: - Add xen-tools to the list of packages fixed in existing XSA-135 / CVE-2015-3209 entry
A commit references this bug: Author: bapt Date: Sat Jul 11 17:29:04 UTC 2015 New revision: 391765 URL: https://svnweb.freebsd.org/changeset/ports/391765 Log: - Add xen-tools to the list of packages fixed in existing XSA-135 / CVE-2015-3209 entry PR: 201416 Submitted by: Jason Unovitch <jason.unovitch@gmail.com> Changes: head/security/vuxml/vuln.xml
A commit references this bug: Author: junovitch Date: Mon Aug 17 15:15:17 UTC 2015 New revision: 394515 URL: https://svnweb.freebsd.org/changeset/ports/394515 Log: MFH: r391737 Fix XSA-137 / CVE-2015-3259 PR: 201416 Submitted by: Jason Unovitch <jason.unovitch@gmail.com> Approved by: ports-secteam (feld), feld (mentor) Changes: _U branches/2015Q3/ branches/2015Q3/sysutils/xen-tools/Makefile branches/2015Q3/sysutils/xen-tools/files/xsa137.patch