[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [oss-security] Xen Security Advisory 27 (CVE-2012-5511) - several HVM operations do not validate the range of their inputs

To: oss-security@xxxxxxxxxxxxxxxxxx
From: "Steven M. Christey" <coley@xxxxxxxxxxxxxxxxxx>
Date: Thu, 13 Dec 2012 17:03:23 -0500 (EST)
Cc: xen-users@xxxxxxxxxxxxx, "Xen.org security team" <security@xxxxxxx>, xen-announce@xxxxxxxxxxxxx, xen-devel@xxxxxxxxxxxxx
Delivery-date: Tue, 18 Dec 2012 13:08:17 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>


All,

This advisory required two different CVE IDs - not one - because thestack-based buffer overflow was fixed in a different version than theother issues. CVE assigns different IDs when bugs are not present in thesame exact set of versions.

CVE-2012-5511 - use this, but only for the stack-based buffer overflowthat was fixed in 4.2.

CVE-2012-6333 - new ID for the other "large input" validation issues thatlead to the physical CPU hang, which were NOT fixed in 4.2.



- Steve

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

References:
- [Xen-devel] Xen Security Advisory 27 (CVE-2012-5511) - several HVM operations do not validate the range of their inputs
  - From: Xen . org security team

Prev by Date: Re: [Xen-devel] [Xen-users] 1000 Domains: Not able to access Domu via xm console from Dom0
Next by Date: [Xen-devel] Something about xenalyze
Previous by thread: [Xen-devel] Xen Security Advisory 27 (CVE-2012-5511) - several HVM operations do not validate the range of their inputs
Next by thread: [Xen-devel] [PATCH RFC v2] Expand eligibility for the pre-disclosure list
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.