Re: Xen 3.4.x Backports

xen-devel.lists.xenproject.org archive mirror
 help / color / mirror / Atom feed

From: Ian Campbell <Ian.Campbell@citrix.com>
To: Jonathan Tripathy <jonnyt@abpni.co.uk>
Cc: "keith.coleman@n2servers.com" <keith.coleman@n2servers.com>,
	"xen-devel@lists.xen.org" <xen-devel@lists.xen.org>
Subject: Re: Xen 3.4.x Backports
Date: Wed, 29 Feb 2012 09:53:18 +0000	[thread overview]
Message-ID: <1330509198.4270.19.camel@zakaz.uk.xensource.com> (raw)
In-Reply-To: <4F4D650E.3010909@abpni.co.uk>

On Tue, 2012-02-28 at 23:36 +0000, Jonathan Tripathy wrote:
> Hi Keith,

On a related note it would be very useful if
http://wiki.xen.org/wiki/Security_Announcements could be updated when
security fixes corresponding to Xen.org security vulnerability
disclosures are added to the 3.4 branch. Keith, can you do that? If not
then if you drop me a line each time I'll take care of it for you.

> CVE-2011-2901:
> http://www.openwall.com/lists/oss-security/2011/09/02/2
> 
> The patch performs the following:
> -    (((unsigned long)(addr) < (1UL<<48)) || \
> +    (((unsigned long)(addr) < (1UL<<47)) || \
> 
> I see that the Xen security advisory says that only hypervisors 3.3 or
> earlier are affected. However, I note that in later versions of Xen,
> the line changed in the patch remains untouched. Any ideas why this is
> the case?

The problem has been fixed in xen-unstable. However only 3.3 and earlier
were actually vulnerable due to the issue and so it has not been
backported the stable branches.

[...]

I've left the others for Keith to comment on as 3.4 maintainer.

Ian

next prev parent reply	other threads:[~2012-02-29  9:53 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-02-28 23:36 Xen 3.4.x Backports Jonathan Tripathy
2012-02-28 23:47 ` Fajar A. Nugraha
2012-02-28 23:51   ` Jonathan Tripathy
2012-02-28 23:56     ` Fajar A. Nugraha
2012-02-29  9:53 ` Ian Campbell [this message]
2012-03-01 11:40   ` Keith Coleman
2012-06-14 10:37     ` Jonathan Tripathy

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1330509198.4270.19.camel@zakaz.uk.xensource.com \
    --to=ian.campbell@citrix.com \
    --cc=jonnyt@abpni.co.uk \
    --cc=keith.coleman@n2servers.com \
    --cc=xen-devel@lists.xen.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).