Your message dated Thu, 14 Jun 2012 15:48:51 +0000
with message-id <e1sfchz-00087z...@franck.debian.org>
and subject line Bug#677221: fixed in xen 4.1.3~rc1+hg-20120614.a9c0a89c08f2-1
has caused the Debian Bug report #677221,
regarding xen: Xen PV privilege escalation (CVE-2012-0217)
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
677221: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677221
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: xen
Version: 4.1.2-2
Severity: critical
Tags: security
Justification: allows PV domains to escape into the dom0 context
Hi,
I realize you're most likely pretty well aware of that problem already, but
Debian's Xen versions are vulnerable to a PV privilege escalation [1]. The issue
is tracked as CVE-2012-0217 and public as of today.
Therefore I am filing this bug for coordination and traceability. Please update
the packages and consider a security update for Squeeze.
[1] http://lists.xen.org/archives/html/xen-devel/2012-06/msg00670.html
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.3.0-trunk-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
--- End Message ---
--- Begin Message ---
Source: xen
Source-Version: 4.1.3~rc1+hg-20120614.a9c0a89c08f2-1
We believe that the bug you reported is fixed in the latest version of
xen, which is due to be installed in the Debian FTP archive:
libxen-4.1_4.1.3~rc1+hg-20120614.a9c0a89c08f2-1_amd64.deb
to main/x/xen/libxen-4.1_4.1.3~rc1+hg-20120614.a9c0a89c08f2-1_amd64.deb
libxen-dev_4.1.3~rc1+hg-20120614.a9c0a89c08f2-1_amd64.deb
to main/x/xen/libxen-dev_4.1.3~rc1+hg-20120614.a9c0a89c08f2-1_amd64.deb
libxen-ocaml-dev_4.1.3~rc1+hg-20120614.a9c0a89c08f2-1_amd64.deb
to main/x/xen/libxen-ocaml-dev_4.1.3~rc1+hg-20120614.a9c0a89c08f2-1_amd64.deb
libxen-ocaml_4.1.3~rc1+hg-20120614.a9c0a89c08f2-1_amd64.deb
to main/x/xen/libxen-ocaml_4.1.3~rc1+hg-20120614.a9c0a89c08f2-1_amd64.deb
libxenstore3.0_4.1.3~rc1+hg-20120614.a9c0a89c08f2-1_amd64.deb
to main/x/xen/libxenstore3.0_4.1.3~rc1+hg-20120614.a9c0a89c08f2-1_amd64.deb
xen-docs-4.1_4.1.3~rc1+hg-20120614.a9c0a89c08f2-1_all.deb
to main/x/xen/xen-docs-4.1_4.1.3~rc1+hg-20120614.a9c0a89c08f2-1_all.deb
xen-hypervisor-4.1-amd64_4.1.3~rc1+hg-20120614.a9c0a89c08f2-1_amd64.deb
to
main/x/xen/xen-hypervisor-4.1-amd64_4.1.3~rc1+hg-20120614.a9c0a89c08f2-1_amd64.deb
xen-utils-4.1_4.1.3~rc1+hg-20120614.a9c0a89c08f2-1_amd64.deb
to main/x/xen/xen-utils-4.1_4.1.3~rc1+hg-20120614.a9c0a89c08f2-1_amd64.deb
xen-utils-common_4.1.3~rc1+hg-20120614.a9c0a89c08f2-1_all.deb
to main/x/xen/xen-utils-common_4.1.3~rc1+hg-20120614.a9c0a89c08f2-1_all.deb
xen_4.1.3~rc1+hg-20120614.a9c0a89c08f2-1.debian.tar.gz
to main/x/xen/xen_4.1.3~rc1+hg-20120614.a9c0a89c08f2-1.debian.tar.gz
xen_4.1.3~rc1+hg-20120614.a9c0a89c08f2-1.dsc
to main/x/xen/xen_4.1.3~rc1+hg-20120614.a9c0a89c08f2-1.dsc
xen_4.1.3~rc1+hg-20120614.a9c0a89c08f2.orig-qemu.tar.gz
to main/x/xen/xen_4.1.3~rc1+hg-20120614.a9c0a89c08f2.orig-qemu.tar.gz
xen_4.1.3~rc1+hg-20120614.a9c0a89c08f2.orig.tar.gz
to main/x/xen/xen_4.1.3~rc1+hg-20120614.a9c0a89c08f2.orig.tar.gz
xenstore-utils_4.1.3~rc1+hg-20120614.a9c0a89c08f2-1_amd64.deb
to main/x/xen/xenstore-utils_4.1.3~rc1+hg-20120614.a9c0a89c08f2-1_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 677...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Bastian Blank <wa...@debian.org> (supplier of updated xen package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Thu, 14 Jun 2012 17:06:25 +0200
Source: xen
Binary: xen-docs-4.1 libxen-4.1 libxenstore3.0 libxen-dev xenstore-utils
libxen-ocaml libxen-ocaml-dev xen-utils-common xen-utils-4.1
xen-hypervisor-4.1-amd64 xen-hypervisor-4.1-i386
Architecture: source amd64 all
Version: 4.1.3~rc1+hg-20120614.a9c0a89c08f2-1
Distribution: unstable
Urgency: low
Maintainer: Debian Xen Team <pkg-xen-de...@lists.alioth.debian.org>
Changed-By: Bastian Blank <wa...@debian.org>
Description:
libxen-4.1 - Public libs for Xen
libxen-dev - Public headers and libs for Xen
libxen-ocaml - OCaml libraries for controlling Xen
libxen-ocaml-dev - OCaml libraries for controlling Xen (devel package)
libxenstore3.0 - Xenstore communications library for Xen
xen-docs-4.1 - Documentation for Xen
xen-hypervisor-4.1-amd64 - Xen Hypervisor on AMD64
xen-hypervisor-4.1-i386 - Xen Hypervisor on i386
xen-utils-4.1 - XEN administrative tools
xen-utils-common - Xen administrative tools - common files
xenstore-utils - Xenstore utilities for Xen
Closes: 677221 677244
Changes:
xen (4.1.3~rc1+hg-20120614.a9c0a89c08f2-1) unstable; urgency=low
.
* New upstream snapshot.
- Fix privilege escalation and syscall/sysenter DoS while using
non-canonical addresses by untrusted PV guests. (closes: #677221)
CVE-2012-0217
CVE-2012-0218
- Disable Xen on CPUs affected by AMD Erratum #121. PV guests can
cause a DoS of the host.
* Don't fail if standard toolstacks are not available. (closes: #677244)
Checksums-Sha1:
4584f904481335f6138e6408c4766b1fcd972ae3 2546
xen_4.1.3~rc1+hg-20120614.a9c0a89c08f2-1.dsc
1705f472f2b8aa80e9e2a79d3e56522d88054b04 3152335
xen_4.1.3~rc1+hg-20120614.a9c0a89c08f2.orig-qemu.tar.gz
29a16f5a5df534aa651ae9aa428a302a3a3ea8c8 6614215
xen_4.1.3~rc1+hg-20120614.a9c0a89c08f2.orig.tar.gz
af38a5e6a07ab895a77d02521960382f373f6b0f 107362
xen_4.1.3~rc1+hg-20120614.a9c0a89c08f2-1.debian.tar.gz
cc0692626d3be3c3b241cb4303919807bf155b57 748272
xen-hypervisor-4.1-amd64_4.1.3~rc1+hg-20120614.a9c0a89c08f2-1_amd64.deb
75b34bf16414fe1ada21feaf6554d958e692f78a 1170348
xen-docs-4.1_4.1.3~rc1+hg-20120614.a9c0a89c08f2-1_all.deb
f9e37becfee24a1c39ea7cc65a69e8f4dc333b24 77344
xen-utils-common_4.1.3~rc1+hg-20120614.a9c0a89c08f2-1_all.deb
55205e8258b2ba9d45a46f884beca2328c3c8acb 288402
libxen-dev_4.1.3~rc1+hg-20120614.a9c0a89c08f2-1_amd64.deb
1bf33738c54765bed16a4ab74534304c629395f4 87072
libxen-ocaml-dev_4.1.3~rc1+hg-20120614.a9c0a89c08f2-1_amd64.deb
c037003b48cc5ce99aa63a7911415c78cafdca66 27676
libxenstore3.0_4.1.3~rc1+hg-20120614.a9c0a89c08f2-1_amd64.deb
bcb16184b5459138a9bb336f934c0665edf1f77b 137166
libxen-4.1_4.1.3~rc1+hg-20120614.a9c0a89c08f2-1_amd64.deb
46bca9ad939feb62018d8b71b106fe98d2a2723c 61400
libxen-ocaml_4.1.3~rc1+hg-20120614.a9c0a89c08f2-1_amd64.deb
30c1f600a6c5abd205d4a0c18ecf257fdacc9794 24982
xenstore-utils_4.1.3~rc1+hg-20120614.a9c0a89c08f2-1_amd64.deb
3378883035e024b4139bc090dbd904b0d8373b17 1606592
xen-utils-4.1_4.1.3~rc1+hg-20120614.a9c0a89c08f2-1_amd64.deb
Checksums-Sha256:
ed197ef6b641f5bb23aa225a8c9c9810b66605c40ff5632ae1576455093cbb02 2546
xen_4.1.3~rc1+hg-20120614.a9c0a89c08f2-1.dsc
3f7ca8173f969d6a510f0f0ddb413c79856d679ab3892ac3f00964ca7f3d0325 3152335
xen_4.1.3~rc1+hg-20120614.a9c0a89c08f2.orig-qemu.tar.gz
492ca4a8fa11d8976ecc0293e00c09a6dcc516989816566ccda321a259cfb6b8 6614215
xen_4.1.3~rc1+hg-20120614.a9c0a89c08f2.orig.tar.gz
be5d9d1dc5d3d91f19e94852b766fad71b7e225acfc8abcc650a8fcd2a55f9de 107362
xen_4.1.3~rc1+hg-20120614.a9c0a89c08f2-1.debian.tar.gz
04c098b4874e606c0ad59f41c727efbdcff452f4b213860b94c85e53589bbae3 748272
xen-hypervisor-4.1-amd64_4.1.3~rc1+hg-20120614.a9c0a89c08f2-1_amd64.deb
bb074548450c9e68329d5d6d041d4ff3f4663693fd84e4b24158c3df35fddac3 1170348
xen-docs-4.1_4.1.3~rc1+hg-20120614.a9c0a89c08f2-1_all.deb
a9f73cf7bbc41673e9b4fb64b1b2fa5533efbf67cb9fe5115fb99645bd2901dd 77344
xen-utils-common_4.1.3~rc1+hg-20120614.a9c0a89c08f2-1_all.deb
61c3cbf3f61eb07605731cef5c8da34a7617b34674832e595317cdb173172f8c 288402
libxen-dev_4.1.3~rc1+hg-20120614.a9c0a89c08f2-1_amd64.deb
5e691eee487ca953c587ac04ab3ad0d364eae61494c154258f74281743e0287e 87072
libxen-ocaml-dev_4.1.3~rc1+hg-20120614.a9c0a89c08f2-1_amd64.deb
04f04f2b678676e2dd63904abe224078d7f5e4f6ae41e037d4ca4c4ac19548ed 27676
libxenstore3.0_4.1.3~rc1+hg-20120614.a9c0a89c08f2-1_amd64.deb
7a8307bf815b5d017c48bce7369f9e2772e662a1ca2d399226589dbf38c0f3e2 137166
libxen-4.1_4.1.3~rc1+hg-20120614.a9c0a89c08f2-1_amd64.deb
008efd3d5efc02727ea306d8aef0dee5f98e55d5ca0fda9a134c6049e6a79840 61400
libxen-ocaml_4.1.3~rc1+hg-20120614.a9c0a89c08f2-1_amd64.deb
03e82023ab35fb075f11e03f6d04dcfaae67809e66ad7ccd9b95c6fc2c192adf 24982
xenstore-utils_4.1.3~rc1+hg-20120614.a9c0a89c08f2-1_amd64.deb
2072750cb5b3637280911ba753804ea82b4545682968f890f3a162f4e85158bd 1606592
xen-utils-4.1_4.1.3~rc1+hg-20120614.a9c0a89c08f2-1_amd64.deb
Files:
ccdf2eee7424e2544af7eb2779005064 2546 kernel optional
xen_4.1.3~rc1+hg-20120614.a9c0a89c08f2-1.dsc
e3bed6b2b70d5972c8322eeaf367df91 3152335 kernel optional
xen_4.1.3~rc1+hg-20120614.a9c0a89c08f2.orig-qemu.tar.gz
bab0d3f329365aef1d8b691254e2d3ff 6614215 kernel optional
xen_4.1.3~rc1+hg-20120614.a9c0a89c08f2.orig.tar.gz
695c2185a06978272168dc12a9f16477 107362 kernel optional
xen_4.1.3~rc1+hg-20120614.a9c0a89c08f2-1.debian.tar.gz
e8599754310b49fee1f324117494070d 748272 kernel optional
xen-hypervisor-4.1-amd64_4.1.3~rc1+hg-20120614.a9c0a89c08f2-1_amd64.deb
dbd2a0f238fc5ff5c540437327e8e65d 1170348 doc optional
xen-docs-4.1_4.1.3~rc1+hg-20120614.a9c0a89c08f2-1_all.deb
fde4e3731b47fb366c3c0e3f5c7585fb 77344 kernel optional
xen-utils-common_4.1.3~rc1+hg-20120614.a9c0a89c08f2-1_all.deb
bd4528cdc3abd969633daa9b588d172f 288402 libdevel optional
libxen-dev_4.1.3~rc1+hg-20120614.a9c0a89c08f2-1_amd64.deb
5f39a4094dabb4c445ce4ea994b1acea 87072 ocaml optional
libxen-ocaml-dev_4.1.3~rc1+hg-20120614.a9c0a89c08f2-1_amd64.deb
8e0141731bff155f8fbf9f49b73584f1 27676 libs optional
libxenstore3.0_4.1.3~rc1+hg-20120614.a9c0a89c08f2-1_amd64.deb
8278c336b7779a26272a92dd0dc8023c 137166 libs optional
libxen-4.1_4.1.3~rc1+hg-20120614.a9c0a89c08f2-1_amd64.deb
48097e1a515125f02e5cf4d59af32a1f 61400 ocaml optional
libxen-ocaml_4.1.3~rc1+hg-20120614.a9c0a89c08f2-1_amd64.deb
8469ab96982cfba95bb05629b701d17e 24982 admin optional
xenstore-utils_4.1.3~rc1+hg-20120614.a9c0a89c08f2-1_amd64.deb
f33e8755067b8e7a1c0f964d6997da44 1606592 kernel optional
xen-utils-4.1_4.1.3~rc1+hg-20120614.a9c0a89c08f2-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAk/aBcwACgkQLkAIIn9ODhE94wCgnpfSxY1DvRgQqTB1SXDwa/OI
Q7MAniGwyIpkNaTVQ1yabGlzRMG6H7YJ
=P627
-----END PGP SIGNATURE-----
--- End Message ---
