alioth/nixpkgs
3
0
Fork 0
forked from mirrors/nixpkgs
Code Releases Activity
nixpkgs/pkgs/applications
History
Graham Christensen cc4919da89
xen: patch for XSAs: 197, 199, 207, 208, 209 
XSA-197 Issue Description:

> The compiler can emit optimizations in qemu which can lead to double
> fetch vulnerabilities.  Specifically data on the rings shared
> between qemu and the hypervisor (which the guest under control can
> obtain mappings of) can be fetched twice (during which time the
> guest can alter the contents) possibly leading to arbitrary code
> execution in qemu.

More: https://xenbits.xen.org/xsa/advisory-197.html

XSA-199 Issue Description:

> The code in qemu which implements ioport read/write looks up the
> specified ioport address in a dispatch table.  The argument to the
> dispatch function is a uint32_t, and is used without a range check,
> even though the table has entries for only 2^16 ioports.
>
> When qemu is used as a standalone emulator, ioport accesses are
> generated only from cpu instructions emulated by qemu, and are
> therefore necessarily 16-bit, so there is no vulnerability.
>
> When qemu is used as a device model within Xen, io requests are
> generated by the hypervisor and read by qemu from a shared ring.  The
> entries in this ring use a common structure, including a 64-bit
> address field, for various accesses, including ioport addresses.
>
> Xen will write only 16-bit address ioport accesses.  However,
> depending on the Xen and qemu version, the ring may be writeable by
> the guest.  If so, the guest can generate out-of-range ioport
> accesses, resulting in wild pointer accesses within qemu.

More: https://xenbits.xen.org/xsa/advisory-199.html

XSA-207 Issue Description:

> Certain internal state is set up, during domain construction, in
> preparation for possible pass-through device assignment.  On ARM and
> AMD V-i hardware this setup includes memory allocation.  On guest
> teardown, cleanup was erroneously only performed when the guest
> actually had a pass-through device assigned.

More: https://xenbits.xen.org/xsa/advisory-207.html

XSA-209 Issue Description:

> When doing bitblt copy backwards, qemu should negate the blit width.
> This avoids an oob access before the start of video memory.

More: https://xenbits.xen.org/xsa/advisory-208.html

XSA-208 Issue Description:

> In CIRRUS_BLTMODE_MEMSYSSRC mode the bitblit copy routine
> cirrus_bitblt_cputovideo fails to check wethehr the specified memory
> region is safe.

More: https://xenbits.xen.org/xsa/advisory-209.html
2017-02-22 08:00:45 -05:00
..
altcoins altcoins.stellar-core: fix evaluation 2017-01-15 14:02:38 +01:00
audio Merge pull request #22116 from LnL7/darwin-cmus 2017-02-20 13:02:30 +01:00
backup
display-managers
editors Merge pull request #23033 from mdorman/emacs-updates 2017-02-21 16:27:00 +01:00
gis Revert "qgis: enableParallelBuilding" 2017-01-29 15:20:07 +01:00
graphics qtikz: update to Qt5; remove ktikz 2017-02-19 12:26:51 +01:00
inferno
misc albert: 0.8.11 -> 0.9.3 2017-02-20 21:46:36 -05:00
networking Merge branch 'u/tg' into real_master 2017-02-22 20:14:26 +08:00
office Merge pull request #22944 from johbo/add-trytond 2017-02-21 08:03:43 +01:00
science pymol: fix evaluation 2017-02-22 08:48:42 +01:00
search
taxes
version-management pijul: remove 2017-02-21 15:34:28 +01:00
video Merge pull request #22698 from FRidh/kde 2017-02-14 12:54:39 -06:00
virtualization xen: patch for XSAs: 197, 199, 207, 208, 209 2017-02-22 08:00:45 -05:00
window-managers awesome-4.0: Add hicolor-icon-theme for theme support 2017-02-17 21:58:28 +03:00