Bug#609531: marked as done (CVE-2010-4255: 64-bit PV xen guest can crash host by accessing hypervisor per-domain memory area)

Wed, 12 Jan 2011 06:51:28 -0800 

Your message dated Wed, 12 Jan 2011 14:49:40 +0000
with message-id <e1pd216-000107...@franck.debian.org>
and subject line Bug#609531: fixed in xen 4.0.1-2
has caused the Debian Bug report #609531,
regarding CVE-2010-4255: 64-bit PV xen guest can crash host by accessing 
hypervisor per-domain memory area
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
609531: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=609531
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: xen
Severity: grave
Tags: security

Please see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4255
for a description and a link to the upstream report/patch.

Cheers,
        Moritz

--- End Message ---
--- Begin Message --- 
Source: xen
Source-Version: 4.0.1-2

We believe that the bug you reported is fixed in the latest version of
xen, which is due to be installed in the Debian FTP archive:

libxen-dev_4.0.1-2_amd64.deb
  to main/x/xen/libxen-dev_4.0.1-2_amd64.deb
libxenstore3.0_4.0.1-2_amd64.deb
  to main/x/xen/libxenstore3.0_4.0.1-2_amd64.deb
xen-docs-4.0_4.0.1-2_all.deb
  to main/x/xen/xen-docs-4.0_4.0.1-2_all.deb
xen-hypervisor-4.0-amd64_4.0.1-2_amd64.deb
  to main/x/xen/xen-hypervisor-4.0-amd64_4.0.1-2_amd64.deb
xen-utils-4.0_4.0.1-2_amd64.deb
  to main/x/xen/xen-utils-4.0_4.0.1-2_amd64.deb
xen_4.0.1-2.debian.tar.gz
  to main/x/xen/xen_4.0.1-2.debian.tar.gz
xen_4.0.1-2.dsc
  to main/x/xen/xen_4.0.1-2.dsc
xenstore-utils_4.0.1-2_amd64.deb
  to main/x/xen/xenstore-utils_4.0.1-2_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 609...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Bastian Blank <wa...@debian.org> (supplier of updated xen package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 12 Jan 2011 15:01:40 +0100
Source: xen
Binary: xen-docs-4.0 libxenstore3.0 libxen-dev xenstore-utils xen-utils-4.0 
xen-hypervisor-4.0-amd64 xen-hypervisor-4.0-i386
Architecture: source amd64 all
Version: 4.0.1-2
Distribution: unstable
Urgency: low
Maintainer: Debian Xen Team <pkg-xen-de...@lists.alioth.debian.org>
Changed-By: Bastian Blank <wa...@debian.org>
Description: 
 libxen-dev - Public headers and libs for Xen
 libxenstore3.0 - Xenstore communications library for Xen
 xen-docs-4.0 - Documentation for Xen
 xen-hypervisor-4.0-amd64 - The Xen Hypervisor on AMD64
 xen-hypervisor-4.0-i386 - The Xen Hypervisor on i386
 xen-utils-4.0 - XEN administrative tools
 xenstore-utils - Xenstore utilities for Xen
Closes: 595490 599243 608715 609531
Changes: 
 xen (4.0.1-2) unstable; urgency=low
 .
   * Fix races in memory management.
   * Make sure that frame-table compression leaves enough alligned.
   * Disable XSAVE support. (closes: #595490)
   * Check for dying domain instead of raising an assertion.
   * Add C6 state with EOI errata for Intel.
   * Make some memory management interrupt safe. Unsure if really needed.
   * Raise bar for inter-socket migrations on mostly-idle systems.
   * Fix interrupt handling for legacy routed interrupts.
   * Allow to set maximal domain memory even during a running change.
   * Support new partition name in pygrub. (closes: #599243)
   * Fix some comparisions "< 0" that may be optimized away.
   * Check for MWAIT support before using it.
   * Fix endless loop on interrupts on Nehalem cpus.
   * Don't crash upon direct GDT/LDT access. (closes: #609531)
     CVE-2010-4255
   * Don't loose timer ticks after domain restore.
   * Reserve some space for IOMMU area in dom0. (closes: #608715)
   * Fix hypercall arguments after trace callout.
   * Fix some error paths in vtd support. Memory leak.
   * Reinstate ACPI DMAR table.
Checksums-Sha1: 
 4566d869cb11d2b35c38952c241f7b1193d8b479 1442 xen_4.0.1-2.dsc
 12a2f79a58bfdf25ab5c2526202f74f74f1ed2e9 53914 xen_4.0.1-2.debian.tar.gz
 cf222ad6ad77727d687824ccd8280ba62f779276 688360 
xen-hypervisor-4.0-amd64_4.0.1-2_amd64.deb
 b0360eeb34f6ab453df7fdff680b9db3f311be67 1317634 xen-docs-4.0_4.0.1-2_all.deb
 aa69d8f87bb5a3f0cfb381f6cf2cd850526f259f 258116 libxen-dev_4.0.1-2_amd64.deb
 54f74841eb96e4461be024b03f414a220c689220 23958 libxenstore3.0_4.0.1-2_amd64.deb
 c80c25812fc56f1de8754988fb058972a9aa0cf7 20876 xenstore-utils_4.0.1-2_amd64.deb
 6dfc61fd221c3503dd98c03b1d629d3230809c89 994106 xen-utils-4.0_4.0.1-2_amd64.deb
Checksums-Sha256: 
 2b574e96252cd1205f39b445d25709c9d016e3c00aa246846946c686803b5552 1442 
xen_4.0.1-2.dsc
 ba0ddfae1138cbd5002d04653905d026915f5d4e85e273d6c008b55d2e8040be 53914 
xen_4.0.1-2.debian.tar.gz
 5ba01c1f07c3844e7f310980369a629dc65b5852d2eabd51b72d12da836b46b8 688360 
xen-hypervisor-4.0-amd64_4.0.1-2_amd64.deb
 4adbd16ab8ed60748a38b743164fcbcb8d73be46360383cf73c7ecdad0c02492 1317634 
xen-docs-4.0_4.0.1-2_all.deb
 31d52d9b0b080fdc399296cbc878d5cf1ab67b3771b5e18c99e980d3f687e61f 258116 
libxen-dev_4.0.1-2_amd64.deb
 d197a586675d89a39b54df4e1cc746df56ea4c49b4dedfde19c0c53f8cd1cfaf 23958 
libxenstore3.0_4.0.1-2_amd64.deb
 efb6001314a0e809cc8d8aa026faa3f298c76082a34bd2c2aef3d1c58252c763 20876 
xenstore-utils_4.0.1-2_amd64.deb
 e73a27b349605bd5415ae2a9b66e075b8dddc2b61df94c637177daa89ed6d888 994106 
xen-utils-4.0_4.0.1-2_amd64.deb
Files: 
 2b9d30fe4249a5b36445569a408b0315 1442 kernel optional xen_4.0.1-2.dsc
 9041b1874f7aa18e1431e00ed74c5458 53914 kernel optional 
xen_4.0.1-2.debian.tar.gz
 d85d1568b71226b44025480d0bbcbdfa 688360 kernel optional 
xen-hypervisor-4.0-amd64_4.0.1-2_amd64.deb
 619e5b30cc7151c4464d693a1e2a8471 1317634 doc optional 
xen-docs-4.0_4.0.1-2_all.deb
 3a8fa14673c926f5bb5a3c84c01a5d0d 258116 libdevel optional 
libxen-dev_4.0.1-2_amd64.deb
 56a5a4420105814143462de34333e2e5 23958 libs optional 
libxenstore3.0_4.0.1-2_amd64.deb
 c433248b40e1f85fa014fc55cd65a555 20876 admin optional 
xenstore-utils_4.0.1-2_amd64.deb
 357afc9c92c7112fa66c7ced5feabaec 994106 kernel optional 
xen-utils-4.0_4.0.1-2_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAk0tt1AACgkQLkAIIn9ODhHn3ACdEGm0Ex/A7P/kccQi5V2qSM2I
tyUAoNqCzu2oM+4MRNTGGSZsX00Nvbcu
=hKnN
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to