diff options
author | drochner <drochner@pkgsrc.org> | 2014-10-01 17:18:22 +0000 |
---|---|---|
committer | drochner <drochner@pkgsrc.org> | 2014-10-01 17:18:22 +0000 |
commit | b027aeb441689133423fa9f2e73dbbd261c7505b (patch) | |
tree | 197180e4ed86e22c6e6a6728262fda8b57773ac1 /sysutils | |
parent | 3bd1b30f70e82ec0f14fbf85d48881dc3fcdfb5f (diff) | |
download | pkgsrc-b027aeb441689133423fa9f2e73dbbd261c7505b.tar.gz |
fix out-of-bounds memory read access in x2APIC emulation (HVM only)
(CVE-2014-7188)
bump PKGREV
Diffstat (limited to 'sysutils')
-rw-r--r-- | sysutils/xenkernel41/Makefile | 4 | ||||
-rw-r--r-- | sysutils/xenkernel41/distinfo | 4 | ||||
-rw-r--r-- | sysutils/xenkernel41/patches/patch-CVE-2013-4355_1 | 25 |
3 files changed, 27 insertions, 6 deletions
diff --git a/sysutils/xenkernel41/Makefile b/sysutils/xenkernel41/Makefile index f406f1b46d4..6e8243051bd 100644 --- a/sysutils/xenkernel41/Makefile +++ b/sysutils/xenkernel41/Makefile @@ -1,9 +1,9 @@ -# $NetBSD: Makefile,v 1.39 2014/09/26 10:45:00 bouyer Exp $ +# $NetBSD: Makefile,v 1.40 2014/10/01 17:18:22 drochner Exp $ VERSION= 4.1.6.1 DISTNAME= xen-${VERSION} PKGNAME= xenkernel41-${VERSION} -PKGREVISION= 11 +PKGREVISION= 12 CATEGORIES= sysutils MASTER_SITES= http://bits.xensource.com/oss-xen/release/${VERSION}/ diff --git a/sysutils/xenkernel41/distinfo b/sysutils/xenkernel41/distinfo index 9b1f54d7f8c..1870679ad96 100644 --- a/sysutils/xenkernel41/distinfo +++ b/sysutils/xenkernel41/distinfo @@ -1,10 +1,10 @@ -$NetBSD: distinfo,v 1.30 2014/09/26 10:45:00 bouyer Exp $ +$NetBSD: distinfo,v 1.31 2014/10/01 17:18:22 drochner Exp $ SHA1 (xen-4.1.6.1.tar.gz) = e5f15feb0821578817a65ede16110c6eac01abd0 RMD160 (xen-4.1.6.1.tar.gz) = bff11421fc44a26f2cc3156713267abcb36d7a19 Size (xen-4.1.6.1.tar.gz) = 10428485 bytes SHA1 (patch-CVE-2013-1442) = 7aa43513ea7cddc50b4e6802412cfc2903cce8e1 -SHA1 (patch-CVE-2013-4355_1) = 99068aa658fc231fe6c6c77bf61d68405318aaa8 +SHA1 (patch-CVE-2013-4355_1) = 56dde995d7df4f18576040007fd5532de61d9069 SHA1 (patch-CVE-2013-4355_2) = 70fd2f2e45a05a53d8ce7d0bd72b18165dd13509 SHA1 (patch-CVE-2013-4355_3) = 93f7bf877945e585fb906dbfc8159e688813c12f SHA1 (patch-CVE-2013-4355_4) = 88f478997d2631ec41adfd42a9d79f2d87bb44d8 diff --git a/sysutils/xenkernel41/patches/patch-CVE-2013-4355_1 b/sysutils/xenkernel41/patches/patch-CVE-2013-4355_1 index 42d622fed20..202e85d183e 100644 --- a/sysutils/xenkernel41/patches/patch-CVE-2013-4355_1 +++ b/sysutils/xenkernel41/patches/patch-CVE-2013-4355_1 @@ -1,4 +1,4 @@ -$NetBSD: patch-CVE-2013-4355_1,v 1.4 2014/05/05 13:39:10 drochner Exp $ +$NetBSD: patch-CVE-2013-4355_1,v 1.5 2014/10/01 17:18:22 drochner Exp $ http://lists.xenproject.org/archives/html/xen-devel/2013-09/msg03160.html also fixes @@ -10,9 +10,12 @@ http://lists.xenproject.org/archives/html/xen-devel/2014-03/msg03177.html also fixes http://lists.xenproject.org/archives/html/xen-devel/2014-04/msg03853.html (CVE-2014-3124) +also fixes +http://lists.xenproject.org/archives/html/xen-devel/2014-10/msg00065.html +(CVE-2014-7188) --- xen/arch/x86/hvm/hvm.c.orig 2013-09-10 06:42:18.000000000 +0000 -+++ xen/arch/x86/hvm/hvm.c 2014-04-30 13:11:30.000000000 +0000 ++++ xen/arch/x86/hvm/hvm.c 2014-10-01 16:40:48.000000000 +0000 @@ -1961,11 +1961,7 @@ void hvm_task_switch( rc = hvm_copy_from_guest_virt( @@ -45,6 +48,24 @@ http://lists.xenproject.org/archives/html/xen-devel/2014-04/msg03853.html goto out; +@@ -2409,7 +2403,7 @@ int hvm_msr_read_intercept(unsigned int + *msr_content = vcpu_vlapic(v)->hw.apic_base_msr; + break; + +- case MSR_IA32_APICBASE_MSR ... MSR_IA32_APICBASE_MSR + 0x3ff: ++ case MSR_IA32_APICBASE_MSR ... MSR_IA32_APICBASE_MSR + 0xff: + if ( hvm_x2apic_msr_read(v, msr, msr_content) ) + goto gp_fault; + break; +@@ -2529,7 +2523,7 @@ int hvm_msr_write_intercept(unsigned int + vlapic_tdt_msr_set(vcpu_vlapic(v), msr_content); + break; + +- case MSR_IA32_APICBASE_MSR ... MSR_IA32_APICBASE_MSR + 0x3ff: ++ case MSR_IA32_APICBASE_MSR ... MSR_IA32_APICBASE_MSR + 0xff: + if ( hvm_x2apic_msr_write(v, msr, msr_content) ) + goto gp_fault; + break; @@ -2834,7 +2828,7 @@ int hvm_do_hypercall(struct cpu_user_reg case 4: case 2: |