This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


Re: [Xen-devel] [PATCH] Fix CVE-2007-1320, CVE-2007-1321 , CVE-2007-1322

To: caglar@xxxxxxxxxxxxx
Subject: Re: [Xen-devel] [PATCH] Fix CVE-2007-1320, CVE-2007-1321 , CVE-2007-1322, CVE-2007-1323 and CVE-2007-1366
From: "Christian Limpach" <christian.limpach@xxxxxxxxx>
Date: Tue, 1 May 2007 19:14:07 +0100
Cc: xen-devel@xxxxxxxxxxxxxxxxxxx
Delivery-date: Tue, 01 May 2007 11:12:39 -0700
Dkim-signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=Y1tfAHhAYVhPQAJ148pJhGbz4OcNC/uyCSzYa0xnMFB9thJw+kYzPafnqSYEIa5/yGiEgUJ7I5/i1YWEqQ96b1hmARxQtndp25/46LMjrESo3GY4J6/32StiBxZ01USKFgoWqCuh7zJ04DLP3fliCgtCSmWvDJOS+dEux2RATog=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=S7maC/yBST3HDzcpYAm0Ox3j6G4k4wZfWHcumDdpyqqevPvkwQouzgZmnck5NnqROpLQbzHRKvlmixDpITluep1qhhpyKkySgBsHs8JCiCb2z+lZ8JXMJ4fSG3BrKx+PV/uBCmqCtBrwcS48h0xcqFqx45s9EeQVsAmw0iRgBmk=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <200705011629.20671.caglar@xxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <200705011629.20671.caglar@xxxxxxxxxxxxx>
Reply-to: Christian.Limpach@xxxxxxxxxxxx
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
On 5/1/07, S.Çağlar Onur <caglar@xxxxxxxxxxxxx> wrote:

If anybody interested, attached patch (against 3.0.4) fixes CVE-2007-1320,
CVE-2007-1321 , CVE-2007-1322, CVE-2007-1323 and CVE-2007-1366 which affects
qemu and also seems valid for xen.

I've seen this patch before and I picked the most relevant fixes,
cleaned them up and checked them in a while ago.  I left out the ones
which touch code we don't compile and the ones which touch code we
don't enable by default.  If somebody else cleans up those, it would
be great to get them checked in.

We have the first check to bdrv_write in block.c and we have the same
check in bdrv_read -- we don't have that unsigned int ns < 0 check.

We have a fix for the cirrus bitblit issue -- I think the fix in the
patch you post actually doesn't cover all cases.

We have the hw/dma.c null pointer check.

We don't have the hw/fdc.c null pointer check.  We should probably add that one.

We don't have the hw/i8259.c change since we don't use that file.

We don't have the hw/ne2000.c change since we use the rtl8139 driver
by default -- could add that one.

We don't have the hw/pc.c change since exit'ing seems safer.

We don't have the hw/sb16.c change since we don't have sound by
default -- we should probably add that one.

We don't have the target-i386/translate.c changes since we don't use that file.

We don't have the vl.c changes since we only use the network tap mode.

Xen-devel mailing list