Hello community,
here is the log from the commit of package xen for openSUSE:Factory checked in at 2014-10-05 20:30:33
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/xen (Old)
and /work/SRC/openSUSE:Factory/.xen.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "xen"
Changes:
--------
--- /work/SRC/openSUSE:Factory/xen/xen.changes 2014-09-25 09:33:43.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.xen.new/xen.changes 2014-10-05 20:30:37.000000000 +0200
@@ -1,0 +2,7 @@
+Tue Sep 30 09:01:16 MDT 2014 - carnold@suse.com
+
+- bnc#897657 - VUL-0: CVE-2014-7188: xen: XSA-108 Improper MSR
+ range used for x2APIC emulation
+ xsa108.patch
+
+-------------------------------------------------------------------
@@ -27,2 +34,2 @@
-- bnc#895802 - VUL-0: xen: XSA-106: Missing privilege level checks
- in x86 emulation of software interrupts
+- bnc#895802 - VUL-0: CVE-2014-7156: xen: XSA-106: Missing
+ privilege level checks in x86 emulation of software interrupts
@@ -30,2 +37,2 @@
-- bnc#895799 - VUL-0: xen: XSA-105: Missing privilege level checks
- in x86 HLT, LGDT, LIDT, and LMSW emulation
+- bnc#895799 - VUL-0: CVE-2014-7155: xen: XSA-105: Missing
+ privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation
@@ -33,2 +40,2 @@
-- bnc#895798 - VUL-0: xen: XSA-104: Race condition in
- HVMOP_track_dirty_vram
+- bnc#895798 - VUL-0: CVE-2014-7154: xen: XSA-104: Race condition
+ in HVMOP_track_dirty_vram
New:
----
xsa108.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ xen.spec ++++++
--- /var/tmp/diff_new_pack.rBfrIa/_old 2014-10-05 20:30:41.000000000 +0200
+++ /var/tmp/diff_new_pack.rBfrIa/_new 2014-10-05 20:30:41.000000000 +0200
@@ -15,6 +15,7 @@
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
+
# needssslcertforbuild
Name: xen
@@ -240,6 +241,7 @@
Patch105: xsa105.patch
Patch106: xsa106.patch
Patch107: xsa107.patch
+Patch108: xsa108.patch
# Upstream qemu
Patch250: VNC-Support-for-ExtendedKeyEvent-client-message.patch
Patch251: 0001-net-move-the-tap-buffer-into-TAPState.patch
@@ -636,6 +638,7 @@
%patch105 -p1
%patch106 -p1
%patch107 -p1
+%patch108 -p1
# Upstream qemu patches
%patch250 -p1
%patch251 -p1
++++++ xsa108.patch ++++++
x86/HVM: properly bound x2APIC MSR range
While the write path change appears to be purely cosmetic (but still
gets done here for consistency), the read side mistake permitted
accesses beyond the virtual APIC page.
This is XSA-108.
Signed-off-by: Jan Beulich