[xen/f17] make xendomains systemd script executable, security patch for CVE-2013-1920 / XSA-47
myoung
myoung at fedoraproject.org
Thu Apr 4 23:29:38 UTC 2013
commit 66b88b10ab38036e3b594872875068beda844574
Author: Michael Young <m.a.young at durham.ac.uk>
Date: Fri Apr 5 00:26:47 2013 +0100
make xendomains systemd script executable, security patch for
CVE-2013-1920 / XSA-47
xen.spec | 12 ++++++++++--
xsa47-4.1.patch | 31 +++++++++++++++++++++++++++++++
2 files changed, 41 insertions(+), 2 deletions(-)
---
diff --git a/xen.spec b/xen.spec
index 2f26f9b..032995f 100644
--- a/xen.spec
+++ b/xen.spec
@@ -20,7 +20,7 @@
Summary: Xen is a virtual machine monitor
Name: xen
Version: 4.1.4
-Release: 6%{?dist}
+Release: 7%{?dist}
Group: Development/Libraries
License: GPLv2+ and LGPLv2+ and BSD
URL: http://xen.org/
@@ -78,6 +78,7 @@ Patch57: xsa27.fix.patch
Patch58: xsa36-4.1.patch
Patch59: xsa38.patch
Patch60: gcc48.build.patch
+Patch61: xsa47-4.1.patch
Patch100: xen-configure-xend.patch
@@ -241,6 +242,7 @@ manage Xen virtual machines.
%patch58 -p1
%patch59 -p1
%patch60 -p1
+%patch61 -p1
%patch100 -p1
@@ -362,7 +364,7 @@ install -m 644 %{SOURCE45} %{buildroot}%{_unitdir}/xenconsoled.service
install -m 644 %{SOURCE46} %{buildroot}%{_unitdir}/xen-watchdog.service
install -m 644 %{SOURCE47} %{buildroot}%{_unitdir}/xendomains.service
mkdir -p %{buildroot}%{_libexecdir}
-install -m 644 %{SOURCE48} %{buildroot}%{_libexecdir}/xendomains
+install -m 755 %{SOURCE48} %{buildroot}%{_libexecdir}/xendomains
%endif
# config file only used for hotplug, Fedora uses udev instead
@@ -699,6 +701,12 @@ rm -rf %{buildroot}
%endif
%changelog
+* Thu Apr 04 2013 Michael Young <m.a.young at durham.ac.uk> - 4.1.4-7
+- make xendomains systemd script executable (#919705)
+- Potential use of freed memory in event channel operations [XSA-47,
+ CVE-2013-1920]
+
+
* Fri Feb 22 2013 Michael Young <m.a.young at durham.ac.uk> - 4.1.4-6
- patch for [XSA-36, CVE-2013-0153] can cause boot time crash
- backport the fixes discovered when building with gcc 4.8
diff --git a/xsa47-4.1.patch b/xsa47-4.1.patch
new file mode 100644
index 0000000..bbad0c4
--- /dev/null
+++ b/xsa47-4.1.patch
@@ -0,0 +1,31 @@
+defer event channel bucket pointer store until after XSM checks
+
+Otherwise a dangling pointer can be left, which would cause subsequent
+memory corruption as soon as the space got re-allocated for some other
+purpose.
+
+This is CVE-2013-1920 / XSA-47.
+
+Reported-by: Wei Liu <wei.liu2 at citrix.com>
+Signed-off-by: Jan Beulich <jbeulich at suse.com>
+Reviewed-by: Tim Deegan <tim at xen.org>
+
+--- a/xen/common/event_channel.c
++++ b/xen/common/event_channel.c
+@@ -104,7 +104,6 @@ static int get_free_port(struct domain *
+ if ( unlikely(chn == NULL) )
+ return -ENOMEM;
+ memset(chn, 0, EVTCHNS_PER_BUCKET * sizeof(*chn));
+- bucket_from_port(d, port) = chn;
+
+ for ( i = 0; i < EVTCHNS_PER_BUCKET; i++ )
+ {
+@@ -117,6 +116,8 @@ static int get_free_port(struct domain *
+ }
+ }
+
++ bucket_from_port(d, port) = chn;
++
+ return port;
+ }
+
More information about the scm-commits
mailing list