[3.5] xen: Multiple issues (CVE-2016-9386, CVE-2016-9382, CVE-2016-9385, CVE-2016-9384, CVE-2016-9383, CVE-2016-9377, CVE-2016-9378, CVE-2016-9381, CVE-2016-9379, CVE-2016-9380)
CVE-2016-9386, XSA-191: x86 null segments not always treated as unusable
Reference:
http://xenbits.xen.org/xsa/advisory-191.html
CVE-2016-9382, XSA-192: x86 task switch to VM86 mode mis-handled
Reference:
http://xenbits.xen.org/xsa/advisory-192.html
CVE-2016-9385, XSA-193: x86 segment base write emulation lacking canonical address checks
Reference:
http://xenbits.xen.org/xsa/advisory-193.html
CVE-2016-9384, XSA-194: guest 32-bit ELF symbol table load leaking host data
Reference:
http://xenbits.xen.org/xsa/advisory-194.html
CVE-2016-9383, XSA-195: x86 64-bit bit test instruction emulation broken
Reference:
http://xenbits.xen.org/xsa/advisory-195.html
CVE-2016-9377, CVE-2016-9378, XSA-196: x86 software interrupt injection mis-handled
Reference:
http://xenbits.xen.org/xsa/advisory-196.html
CVE-2016-9381, XSA-197: qemu incautious about shared ring processing
Reference:
http://xenbits.xen.org/xsa/advisory-197.html
CVE-2016-9379, CVE-2016-9380, XSA-198: delimiter injection vulnerabilities in pygrub
Reference:
http://xenbits.xen.org/xsa/advisory-198.html
(from redmine: issue id 6495, created on 2016-11-25, closed on 2017-09-05)
- Relations:
- parent #6494 (closed)
- Changesets:
- Revision 64afb5ab by Natanael Copa on 2016-11-25T17:00:23Z:
main/xen: fix various security issues
- XSA-198 CVE-2016-9379 CVE-2016-9380
delimiter injection vulnerabilities in pygrub
- XSA-197 CVE-2016-9381
qemu incautious about shared ring processing
- XSA-196 CVE-2016-9377 CVE-2016-9378
x86 software interrupt injection mis-handled
- XSA-195 CVE-2016-9383
x86 64-bit bit test instruction emulation broken
- XSA-194 CVE-2016-9384
guest 32-bit ELF symbol table load leaking host data
- XSA-193 CVE-2016-9385
x86 segment base write emulation lacking canonical address checks
- XSA-192 CVE-2016-9382
x86 task switch to VM86 mode mis-handled
- XSA-191 CVE-2016-9386
x86 null segments not always treated as unusable
fixes #6495