nixpkgs/pkgs/applications/virtualization
Graham Christensen cc4919da89
xen: patch for XSAs: 197, 199, 207, 208, 209
XSA-197 Issue Description:

> The compiler can emit optimizations in qemu which can lead to double
> fetch vulnerabilities.  Specifically data on the rings shared
> between qemu and the hypervisor (which the guest under control can
> obtain mappings of) can be fetched twice (during which time the
> guest can alter the contents) possibly leading to arbitrary code
> execution in qemu.

More: https://xenbits.xen.org/xsa/advisory-197.html

XSA-199 Issue Description:

> The code in qemu which implements ioport read/write looks up the
> specified ioport address in a dispatch table.  The argument to the
> dispatch function is a uint32_t, and is used without a range check,
> even though the table has entries for only 2^16 ioports.
>
> When qemu is used as a standalone emulator, ioport accesses are
> generated only from cpu instructions emulated by qemu, and are
> therefore necessarily 16-bit, so there is no vulnerability.
>
> When qemu is used as a device model within Xen, io requests are
> generated by the hypervisor and read by qemu from a shared ring.  The
> entries in this ring use a common structure, including a 64-bit
> address field, for various accesses, including ioport addresses.
>
> Xen will write only 16-bit address ioport accesses.  However,
> depending on the Xen and qemu version, the ring may be writeable by
> the guest.  If so, the guest can generate out-of-range ioport
> accesses, resulting in wild pointer accesses within qemu.

More: https://xenbits.xen.org/xsa/advisory-199.html

XSA-207 Issue Description:

> Certain internal state is set up, during domain construction, in
> preparation for possible pass-through device assignment.  On ARM and
> AMD V-i hardware this setup includes memory allocation.  On guest
> teardown, cleanup was erroneously only performed when the guest
> actually had a pass-through device assigned.

More: https://xenbits.xen.org/xsa/advisory-207.html

XSA-209 Issue Description:

> When doing bitblt copy backwards, qemu should negate the blit width.
> This avoids an oob access before the start of video memory.

More: https://xenbits.xen.org/xsa/advisory-208.html

XSA-208 Issue Description:

> In CIRRUS_BLTMODE_MEMSYSSRC mode the bitblit copy routine
> cirrus_bitblt_cputovideo fails to check wethehr the specified memory
> region is safe.

More: https://xenbits.xen.org/xsa/advisory-209.html
2017-02-22 08:00:45 -05:00
..
8086tiny Small style fixups 2014-09-10 21:34:50 -03:00
aqemu aqemu: init at 0.9.2 2017-02-10 12:48:29 +01:00
bochs treewide: explicitly specify gtk and related package versions 2016-09-12 18:26:06 +03:00
cbfstool cbfstool: git-2015-07-09 -> 4.5 2016-10-22 21:07:33 +03:00
containerd containerd: 0.2.3 -> 0.2.5 2017-01-11 10:59:26 +01:00
docker docker: 1.13.0 -> 1.13.1 2017-02-13 16:42:39 +01:00
docker-distribution docker-distribution: init at 2.5.1 2016-10-12 14:05:09 +02:00
driver Virtualization: add XEN/KVM related drivers for Windows 2015-07-04 00:14:05 +02:00
ecs-agent ecs-agent: init at 1.14.0 2017-02-10 04:33:48 +00:00
lkl lkl: fix impure reference to /usr/bin/env 2017-01-25 21:30:59 +00:00
open-vm-tools open-vm-tools: 10.0.7 -> 10.1.0 2017-02-10 20:12:00 +02:00
openstack openstack: use python2 2016-10-22 16:47:22 +02:00
OVMF Use general hardening flag toggle lists 2016-03-05 18:55:26 +01:00
qboot qboot: turn off stackprotector and pic hardening 2016-04-03 11:41:30 +00:00
qemu qemu: 2.7 -> 2.8, drop 2.7 2017-01-26 20:23:40 -05:00
rancher-compose rancher-compose: set version during build 2016-10-22 14:40:30 +02:00
remotebox remotebox: 2.1 -> 2.2 2016-11-09 02:24:46 +01:00
rkt rkt: 1.24.0 -> 1.25.0 2017-02-21 18:51:34 -05:00
runc runc: add patches to fix CVE-2016-9962 2017-01-11 12:11:29 +01:00
seabios Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-08-03 13:34:44 +00:00
singularity singularity: init 2.2 2016-11-15 09:11:53 +11:00
spice-vdagent spice-vdagent: 0.16.0 -> 0.17.0 2016-09-26 08:20:04 -04:00
tini docker: 1.12.6 -> 1.13.0 2017-01-18 21:33:37 +01:00
virt-manager virt-manager: fixup evaluation to unbreak Hydra 2017-01-18 16:07:25 +01:00
virt-top virt-top: init at 1.0.8 (#21536) 2017-02-04 16:07:45 +01:00
virt-viewer virt-viewer: fix build and clean up 2015-12-28 21:44:12 +00:00
virtinst virtinst: use python2 2016-11-08 22:48:55 +01:00
virtualbox Merging against upstream master 2017-02-13 17:16:28 -06:00
xen xen: patch for XSAs: 197, 199, 207, 208, 209 2017-02-22 08:00:45 -05:00
xhyve Revert "xhyve: update and fix to use our Hypervisor framework" 2016-12-20 13:02:27 +01:00