[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH] Fix CVE-2007-1320, CVE-2007-1321 , CVE-2007-1322, CVE-2007-1323 and CVE-2007-1366

To: caglar@xxxxxxxxxxxxx
From: "Christian Limpach" <christian.limpach@xxxxxxxxx>
Date: Tue, 1 May 2007 19:14:07 +0100
Cc: xen-devel@xxxxxxxxxxxxxxxxxxx
Delivery-date: Tue, 01 May 2007 11:12:39 -0700
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=S7maC/yBST3HDzcpYAm0Ox3j6G4k4wZfWHcumDdpyqqevPvkwQouzgZmnck5NnqROpLQbzHRKvlmixDpITluep1qhhpyKkySgBsHs8JCiCb2z+lZ8JXMJ4fSG3BrKx+PV/uBCmqCtBrwcS48h0xcqFqx45s9EeQVsAmw0iRgBmk=
List-id: Xen developer discussion <xen-devel.lists.xensource.com>

On 5/1/07, S.Çağlar Onur <caglar@xxxxxxxxxxxxx> wrote:

Hi;

If anybody interested, attached patch (against 3.0.4) fixes CVE-2007-1320,
CVE-2007-1321 , CVE-2007-1322, CVE-2007-1323 and CVE-2007-1366 which affects
qemu and also seems valid for xen.


I've seen this patch before and I picked the most relevant fixes,
cleaned them up and checked them in a while ago.  I left out the ones
which touch code we don't compile and the ones which touch code we
don't enable by default.  If somebody else cleans up those, it would
be great to get them checked in.

We have the first check to bdrv_write in block.c and we have the same
check in bdrv_read -- we don't have that unsigned int ns < 0 check.

We have a fix for the cirrus bitblit issue -- I think the fix in the
patch you post actually doesn't cover all cases.

We have the hw/dma.c null pointer check.

We don't have the hw/fdc.c null pointer check.  We should probably add that one.

We don't have the hw/i8259.c change since we don't use that file.

We don't have the hw/ne2000.c change since we use the rtl8139 driver
by default -- could add that one.

We don't have the hw/pc.c change since exit'ing seems safer.

We don't have the hw/sb16.c change since we don't have sound by
default -- we should probably add that one.

We don't have the target-i386/translate.c changes since we don't use that file.

We don't have the vl.c changes since we only use the network tap mode.

   christian

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH] Fix CVE-2007-1320, CVE-2007-1321 , CVE-2007-1322, CVE-2007-1323 and CVE-2007-1366
  - From: S.ÃaÄlar Onur

References:
- [Xen-devel] [PATCH] Fix CVE-2007-1320, CVE-2007-1321 , CVE-2007-1322, CVE-2007-1323 and CVE-2007-1366
  - From: S.ÃaÄlar Onur

Prev by Date: [Xen-devel] can't boot 32-bit SLES10 HVMs since c/s 14436 was introduced
Next by Date: Re: [Xen-devel] [PATCH] Fix CVE-2007-1320, CVE-2007-1321 , CVE-2007-1322, CVE-2007-1323 and CVE-2007-1366
Previous by thread: Re: [Xen-devel] [PATCH] Fix CVE-2007-1320, CVE-2007-1321 , CVE-2007-1322, CVE-2007-1323 and CVE-2007-1366
Next by thread: Re: [Xen-devel] [PATCH] Fix CVE-2007-1320, CVE-2007-1321 , CVE-2007-1322, CVE-2007-1323 and CVE-2007-1366
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.