pkgsrc.se | The NetBSD package collection

Next | Query returned 1 messages, browsing 1 to 10 | previous
CVS Commit History:

2014-09-28 15:28:58 by Matthias Scheler | Files touched by this commit (6)
Log message:
Pullup ticket #4506 - requested by bouyer
sysutils/xenkernel42: security patch

Revisions pulled up:
- sysutils/xenkernel42/Makefile                                 1.8
- sysutils/xenkernel42/distinfo                                 1.6
- sysutils/xenkernel42/patches/patch-xen_arch_x86_mm_shadow_common.c 1.1
- sysutils/xenkernel42/patches/patch-xen_arch_x86_x86_emulate_x86_emulate.c 1.1
- sysutils/xentools42/Makefile                                  1.23
- sysutils/xentools42/distinfo                                  1.12

---
   Module Name:	pkgsrc
   Committed By:	bouyer
   Date:		Fri Sep 26 10:39:32 UTC 2014

   Modified Files:
   	pkgsrc/sysutils/xenkernel42: Makefile distinfo
   	pkgsrc/sysutils/xentools42: distinfo
   Added Files:
   	pkgsrc/sysutils/xenkernel42/patches:
   	    patch-xen_arch_x86_mm_shadow_common.c
   	    patch-xen_arch_x86_x86_emulate_x86_emulate.c

   Log message:
   Update xentools42 and xenkernel42 to Xen 4.2.5, fixing:
   CVE-2014-2599 / XSA-89 HVMOP_set_mem_access is not preemptible
   CVE-2014-3124 / XSA-92 HVMOP_set_mem_type allows invalid P2M entries to be
     created
   CVE-2014-3967,CVE-2014-3968 / XSA-96 Vulnerabilities in HVM MSI injection
   CVE-2014-4021 / XSA-100 Hypervisor heap contents leaked to guests

   pkgsrc also includes patches from the Xen Security Advisory:
   XSA-104 (CVE-2014-7154) - Race condition in HVMOP_track_dirty_vram
   XSA-105 (CVE-2014-7155) - Missing privilege level checks in x86 HLT, LGDT,
     LIDT, and LMSW emulation
   XSA-106 (CVE-2014-7156) - Missing privilege level checks in x86 emulation
     of software interrupts

---
   Module Name:	pkgsrc
   Committed By:	bouyer
   Date:		Fri Sep 26 10:40:45 UTC 2014

   Modified Files:
   	pkgsrc/sysutils/xentools42: Makefile

   Log message:
   Update xentools42 and xenkernel42 to Xen 4.2.5, fixing:
   CVE-2014-2599 / XSA-89 HVMOP_set_mem_access is not preemptible
   CVE-2014-3124 / XSA-92 HVMOP_set_mem_type allows invalid P2M entries to be
     created
   CVE-2014-3967,CVE-2014-3968 / XSA-96 Vulnerabilities in HVM MSI injection
   CVE-2014-4021 / XSA-100 Hypervisor heap contents leaked to guests

   pkgsrc also includes patches from the Xen Security Advisory:
   XSA-104 (CVE-2014-7154) - Race condition in HVMOP_track_dirty_vram
   XSA-105 (CVE-2014-7155) - Missing privilege level checks in x86 HLT, LGDT,
     LIDT, and LMSW emulation
   XSA-106 (CVE-2014-7156) - Missing privilege level checks in x86 emulation
     of software interrupts
Next | Query returned 1 messages, browsing 1 to 10 | previous