Bug 214936

Summary: emulators/xen {-tools/-kernel}: security advisories (XSA-185 - XSA-201)
Product: Ports & Packages Reporter: Jason Unovitch <junovitch>
Component: Individual Port(s)Assignee: Roger Pau Monné <royger>
Status: Closed FIXED    
Severity: Affects Some People CC: junovitch, ports-secteam
Priority: --- Keywords: security
Version: LatestFlags: bugzilla: maintainer-feedback? (royger)
junovitch: merge-quarterly+
Hardware: Any   
OS: Any   
URL: https://xenbits.xen.org/xsa/

Description Jason Unovitch freebsd_committer freebsd_triage 2016-11-29 23:20:52 UTC 
Roger,
There was a handful of Xen advisories earlier last week and a few missed in September. Please advise on applicability for VuXML and take a look at what we need to do to get our end users safeguared.

Advisory	Public release	Updated	Version	CVE(s)	Title
XSA-201	2016-11-29 14:48	2016-11-29 14:48	1	none (yet) assigned	ARM guests may induce host asynchronous abort
XSA-200	2016-12-13 12:00			none (yet) assigned	(Prereleased, but embargoed)
XSA-199	2016-12-06 12:00			assigned, but embargoed	(Prereleased, but embargoed)
XSA-198	2016-11-22 12:00	2016-11-22 12:00	3	CVE-2016-9379 CVE-2016-9380	delimiter injection vulnerabilities in pygrub
XSA-197	2016-11-22 12:00	2016-11-22 12:00	3	CVE-2016-9381	qemu incautious about shared ring processing
XSA-196	2016-11-22 12:00	2016-11-22 12:00	3	CVE-2016-9377 CVE-2016-9378	x86 software interrupt injection mis-handled
XSA-195	2016-11-22 12:00	2016-11-22 12:00	3	CVE-2016-9383	x86 64-bit bit test instruction emulation broken
XSA-194	2016-11-22 12:00	2016-11-22 12:00	3	CVE-2016-9384	guest 32-bit ELF symbol table load leaking host data
XSA-193	2016-11-22 12:00	2016-11-22 12:00	3	CVE-2016-9385	x86 segment base write emulation lacking canonical address checks
XSA-192	2016-11-22 12:00	2016-11-22 12:00	3	CVE-2016-9382	x86 task switch to VM86 mode mis-handled
XSA-191	2016-11-22 12:00	2016-11-22 12:00	3	CVE-2016-9386	x86 null segments not always treated as unusable
XSA-190	2016-10-04 12:00	2016-10-04 12:50	5	CVE-2016-7777	CR0.TS and CR0.EM not always honored for x86 HVM guests
XSA-189	2016-09-21 09:46		-	-	Unused Xen Security Advisory number
XSA-188	2016-09-08 12:00	2016-09-08 12:00	3	CVE-2016-7154	use after free in FIFO event channel code
XSA-187	2016-09-08 12:00	2016-09-08 12:04	3	CVE-2016-7094	x86 HVM: Overflow of sh_ctxt->seg_reg[]
XSA-186	2016-09-08 12:00	2016-09-08 12:00	4	CVE-2016-7093	x86: Mishandling of instruction pointer truncation during emulation
XSA-185	2016-09-08 12:00	2016-09-08 12:00	3	CVE-2016-7092	x86: Disallow L3 recursive pagetable for 32-bit PV guests
Comment 1 Roger Pau Monné freebsd_committer freebsd_triage 2016-11-30 17:23:36 UTC 
(In reply to Jason Unovitch from comment #0)
Hello,

The current Xen package(s) are affected by the following XSAs: 182, 183, 184, 185, 186, 187, 188, 190, 191, 192, 193, 194, 195, 197, 198.

I will prepare patches and hopefully commit them tomorrow, sorry for the delay.

Roger.
Comment 2 Roger Pau Monné freebsd_committer freebsd_triage 2016-12-02 16:12:26 UTC 
Done, I've updated the Xen packages to 4.7.1 and added the missing XSAs. It's at https://svnweb.freebsd.org/ports?view=revision&revision=427568

I'm closing the bug now, thanks.
Comment 3 commit-hook freebsd_committer freebsd_triage 2016-12-04 19:36:03 UTC 
A commit references this bug:

Author: junovitch
Date: Sun Dec  4 19:35:14 UTC 2016
New revision: 427795
URL: https://svnweb.freebsd.org/changeset/ports/427795

Log:
  Document Xen Security Advisories (XSAs 185-188, 190-195, 197-198)

  PR:		214936
  Security:	CVE-2016-7092
  Security:	CVE-2016-7093
  Security:	CVE-2016-7094
  Security:	CVE-2016-7154
  Security:	CVE-2016-7777
  Security:	CVE-2016-9379
  Security:	CVE-2016-9380
  Security:	CVE-2016-9381
  Security:	CVE-2016-9382
  Security:	CVE-2016-9383
  Security:	CVE-2016-9384
  Security:	CVE-2016-9385
  Security:	CVE-2016-9386
  Security:	https://vuxml.FreeBSD.org/freebsd/45ca25b5-ba4d-11e6-ae1b-002590263bf5.html
  Security:	https://vuxml.FreeBSD.org/freebsd/49211361-ba4d-11e6-ae1b-002590263bf5.html
  Security:	https://vuxml.FreeBSD.org/freebsd/4aae54be-ba4d-11e6-ae1b-002590263bf5.html
  Security:	https://vuxml.FreeBSD.org/freebsd/4d7cf654-ba4d-11e6-ae1b-002590263bf5.html
  Security:	https://vuxml.FreeBSD.org/freebsd/50ac2e96-ba4d-11e6-ae1b-002590263bf5.html
  Security:	https://vuxml.FreeBSD.org/freebsd/523bb0b7-ba4d-11e6-ae1b-002590263bf5.html
  Security:	https://vuxml.FreeBSD.org/freebsd/53dbd096-ba4d-11e6-ae1b-002590263bf5.html
  Security:	https://vuxml.FreeBSD.org/freebsd/5555120d-ba4d-11e6-ae1b-002590263bf5.html
  Security:	https://vuxml.FreeBSD.org/freebsd/56f0f11e-ba4d-11e6-ae1b-002590263bf5.html
  Security:	https://vuxml.FreeBSD.org/freebsd/58685e23-ba4d-11e6-ae1b-002590263bf5.html
  Security:	https://vuxml.FreeBSD.org/freebsd/59f79c99-ba4d-11e6-ae1b-002590263bf5.html

Changes:
  head/security/vuxml/vuln.xml
Comment 4 commit-hook freebsd_committer freebsd_triage 2016-12-04 19:38:06 UTC 
A commit references this bug:

Author: junovitch
Date: Sun Dec  4 19:37:32 UTC 2016
New revision: 427796
URL: https://svnweb.freebsd.org/changeset/ports/427796

Log:
  MFH: r427568

  xen: update to 4.7.1

  Xen 4.7.1 contains the following XSAs: 184, 185, 186, 187, 188 and 190 which
  where missing in the previous package. Additionally XSAs 191, 192, 193, 194,
  195, 197 and 198 are also applied.

  PR:             214936
  Approved by:	bapt
  Approved by:	ports-secteam (with hat)
  Sponsored by:	Citrix Systems R&D
  Security:       CVE-2016-7092
  Security:       CVE-2016-7093
  Security:       CVE-2016-7094
  Security:       CVE-2016-7154
  Security:       CVE-2016-7777
  Security:       CVE-2016-9379
  Security:       CVE-2016-9380
  Security:       CVE-2016-9381
  Security:       CVE-2016-9382
  Security:       CVE-2016-9383
  Security:       CVE-2016-9384
  Security:       CVE-2016-9385
  Security:       CVE-2016-9386
  Security:       https://vuxml.FreeBSD.org/freebsd/45ca25b5-ba4d-11e6-ae1b-002590263bf5.html
  Security:       https://vuxml.FreeBSD.org/freebsd/49211361-ba4d-11e6-ae1b-002590263bf5.html
  Security:       https://vuxml.FreeBSD.org/freebsd/4aae54be-ba4d-11e6-ae1b-002590263bf5.html
  Security:       https://vuxml.FreeBSD.org/freebsd/4d7cf654-ba4d-11e6-ae1b-002590263bf5.html
  Security:       https://vuxml.FreeBSD.org/freebsd/50ac2e96-ba4d-11e6-ae1b-002590263bf5.html
  Security:       https://vuxml.FreeBSD.org/freebsd/523bb0b7-ba4d-11e6-ae1b-002590263bf5.html
  Security:       https://vuxml.FreeBSD.org/freebsd/53dbd096-ba4d-11e6-ae1b-002590263bf5.html
  Security:       https://vuxml.FreeBSD.org/freebsd/5555120d-ba4d-11e6-ae1b-002590263bf5.html
  Security:       https://vuxml.FreeBSD.org/freebsd/56f0f11e-ba4d-11e6-ae1b-002590263bf5.html
  Security:       https://vuxml.FreeBSD.org/freebsd/58685e23-ba4d-11e6-ae1b-002590263bf5.html
  Security:       https://vuxml.FreeBSD.org/freebsd/59f79c99-ba4d-11e6-ae1b-002590263bf5.html

Changes:
_U  branches/2016Q4/
  branches/2016Q4/emulators/xen-kernel/Makefile
  branches/2016Q4/emulators/xen-kernel/distinfo
  branches/2016Q4/emulators/xen-kernel/files/xsa182-unstable.patch
  branches/2016Q4/emulators/xen-kernel/files/xsa183-unstable.patch
  branches/2016Q4/emulators/xen-kernel/files/xsa191.patch
  branches/2016Q4/emulators/xen-kernel/files/xsa192.patch
  branches/2016Q4/emulators/xen-kernel/files/xsa193-4.7.patch
  branches/2016Q4/emulators/xen-kernel/files/xsa194.patch
  branches/2016Q4/emulators/xen-kernel/files/xsa195.patch
  branches/2016Q4/sysutils/xen-tools/Makefile
  branches/2016Q4/sysutils/xen-tools/distinfo
  branches/2016Q4/sysutils/xen-tools/files/0001-libxl-fix-creation-of-pkgconf-install-dir.patch
  branches/2016Q4/sysutils/xen-tools/files/0001-tools-configure-fix-pkg-config-install-path-for-Free.patch
  branches/2016Q4/sysutils/xen-tools/files/xsa184-qemuu-master.patch
  branches/2016Q4/sysutils/xen-tools/files/xsa197-qemuu.patch
  branches/2016Q4/sysutils/xen-tools/files/xsa198.patch
  branches/2016Q4/sysutils/xen-tools/pkg-plist
Comment 5 Jason Unovitch freebsd_committer freebsd_triage 2016-12-04 19:41:21 UTC 
(In reply to Roger Pau Monné from comment #2)
Excellent. Thank you Roger. I've MFH'd the update and set merge-quarterly+ here in Bugzilla. If you can on the next go remember to put 'MFH: 2016Q4' in the commit message (as described in https://www.freebsd.org/doc/en_US.ISO8859-1/articles/committers-guide/ports.html#ports-qa-misc-request-mfh) and the approval can be done right away.

Thanks again!