CVS commit: pkgsrc/sysutils/xenkernel42

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/sysutils/xenkernel42
From: "Manuel Bouyer" <bouyer%netbsd.org@localhost>
Date: Thu, 27 Nov 2014 15:20:31 +0000

Module Name:    pkgsrc
Committed By:   bouyer
Date:           Thu Nov 27 15:20:31 UTC 2014

Modified Files:
        pkgsrc/sysutils/xenkernel42: Makefile distinfo
Added Files:
        pkgsrc/sysutils/xenkernel42/patches: patch-CVE-2014-8594
            patch-CVE-2014-8595 patch-CVE-2014-8866 patch-CVE-2014-8867
            patch-CVE-2014-9030

Log Message:
Apply patch from Xen advisory:
CVE-2014-8594/XSA-109:
x86: don't allow page table updates on non-PV page tables in do_mmu_update(),
fixing:
Malicious or buggy stub domain kernels or tool stacks otherwise living
outside of Domain0 can mount a denial of service attack which, if
successful, can affect the whole system.

CVE-2014-8595/XSA-110:
x86emul: enforce privilege level restrictions when loading CS, fixing:
Malicious HVM guest user mode code may be able to elevate its
privileges to guest supervisor mode, or to crash the guest.

CVE-2014-8866/XSA-111:
x86: limit checks in hypercall_xlat_continuation() to actual arguments, fixing:
A buggy or malicious HVM guest can crash the host.

CVE-2014-8867/XSA-112:
x86/HVM: confine internally handled MMIO to solitary regions, fixing:
A buggy or malicious HVM guest can crash the host.

CVE-2014-9030/XSA-113:
x86/mm: fix a reference counting error in MMU_MACHPHYS_UPDATE, fixing:
Malicious or buggy stub domain kernels or tool stacks otherwise living
outside of Domain0 can mount a denial of service attack which, if
successful, can affect the whole system.


To generate a diff of this commit:
cvs rdiff -u -r1.9 -r1.10 pkgsrc/sysutils/xenkernel42/Makefile
cvs rdiff -u -r1.7 -r1.8 pkgsrc/sysutils/xenkernel42/distinfo
cvs rdiff -u -r0 -r1.1 \
    pkgsrc/sysutils/xenkernel42/patches/patch-CVE-2014-8594 \
    pkgsrc/sysutils/xenkernel42/patches/patch-CVE-2014-8595 \
    pkgsrc/sysutils/xenkernel42/patches/patch-CVE-2014-8866 \
    pkgsrc/sysutils/xenkernel42/patches/patch-CVE-2014-8867 \
    pkgsrc/sysutils/xenkernel42/patches/patch-CVE-2014-9030

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Prev by Date: CVS commit: pkgsrc/www/webkit-gtk
Next by Date: CVS commit: pkgsrc/misc/kchmviewer
Previous by Thread: CVS commit: pkgsrc/www/webkit-gtk
Next by Thread: CVS commit: pkgsrc/misc/kchmviewer
Indexes:

Home | Main Index | Thread Index | Old Index