[Xen-devel] Xen 3.4.x Backports

[Jonathan Tripathy <jonnyt@xxxxxxxxxxx>]

Hi Keith,

CC: Xen-devel Mailing List

I've noticed that you seem to be a major contributor with regards to keeping the 3.4.x branch updated with backported security patches. As Xen security is a high priority, I hope you don't mind me discussing with you whether some CVEs are backported or not. I really appreciate your time to read this email. Of course, the rest of the list can chime in as always!

CVE-2011-2901:

http://www.openwall.com/lists/oss-security/2011/09/02/2

The patch performs the following:

-    (((unsigned long)(addr) < (1UL<<48)) || \
+    (((unsigned long)(addr) < (1UL<<47)) || \

I see that the Xen security advisory says that only hypervisors 3.3 or earlier are affected. However, I note that in later versions of Xen, the line changed in the patch remains untouched. Any ideas why this is the case? Additionally, Redhat in their advisories claim to fix this issue in their kernel update. How can this be, given that this is a Xen hypervisor issue?

CVE-2011-1898

http://old-list-archives.xen.org/archives/html/xen-devel/2011-05/msg00687.html

Any idea when this can be backported to 3.4.x? I see that this has made it to 4.1-testing stable branch

CVE-2012-0029
http://seclists.org/oss-sec/2012/q1/360

Maybe this is currently impossible to get going on the 3.4.x branch as the upstream qemu trees don't have a 3.4.x Xen patch for this?

CVE-2011-1166
https://bugzilla.redhat.com/show_bug.cgi?id=688579
http://xenbits.xen.org/hg/staging/xen-unstable.hg/rev/c79aae866ad8

Again, this doesn't appear to be backported to 3.4.x, however I note that Red Hat claim to have fixed this in their kernel version. This is where I get confused again. How can a hypervisor issue be fixed in the kernel??

Once again, I really appreciate your time, and I'm very sorry if I'm wasting it!

Thanks,

Jonathan

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel