[Bug 211482] emulators/xen {-tools/-kernel}: security advisories (XSA-182,183,184)

Sun Jul 31 15:48:49 UTC 2016

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=211482

            Bug ID: 211482
           Summary: emulators/xen {-tools/-kernel}: security advisories
                    (XSA-182,183,184)
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
               URL: http://xenbits.xen.org/xsa/
                OS: Any
            Status: New
          Keywords: needs-patch, needs-qa, security
          Severity: Affects Some People
          Priority: ---
         Component: Individual Port(s)
          Assignee: royger at freebsd.org
          Reporter: junovitch at freebsd.org
                CC: ports-secteam at FreeBSD.org
          Assignee: royger at freebsd.org
             Flags: maintainer-feedback?(royger at freebsd.org),
                    merge-quarterly?

Roger,
There's been a report in the news of a potential guest to host escape in Xen
(http://www.itnews.com.au/news/xen-patches-critical-guest-privilege-escalation-bug-431869).
We have a few Xen Security advisories that came up in the last week. Can you
address the applicability as well as patches for the following?

XSA-184         CVE-2016-5403   virtio: unbounded memory allocation issue
XSA-183         CVE-2016-6259   x86: Missing SMAP whitelisting in 32-bit
exception / event delivery
XSA-182         CVE-2016-6258   x86: Privilege escalation in PV guests

Reference: http://xenbits.xen.org/xsa/

-- 
You are receiving this mail because:
You are the assignee for the bug.