From xen-announce-bounces@lists.xenproject.org Tue Apr 14 12:01:38 2020 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 14 Apr 2020 12:01:38 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1jOKFQ-0007ae-Qx; Tue, 14 Apr 2020 12:01:00 +0000 Received: from all-amaz-eas1.inumbo.com ([34.197.232.57] helo=us1-amaz-eas2.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1jOKFP-0007aJ-2Q for xen-announce@lists.xen.org; Tue, 14 Apr 2020 12:00:59 +0000 X-Inumbo-ID: 93684b7b-7e47-11ea-8927-12813bfff9fa Received: from mail.xenproject.org (unknown [104.130.215.37]) by us1-amaz-eas2.inumbo.com (Halon) with ESMTPS id 93684b7b-7e47-11ea-8927-12813bfff9fa; Tue, 14 Apr 2020 12:00:47 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:CC:From:To:MIME-Version: Content-Transfer-Encoding:Content-Type:Sender:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=eucW+RPaT0GEI8HFOjDiEnXO1niYC5IiWEbkmd5hCwo=; b=wd+55sFB06fPR6QnSYvEDjApz+ h05YF9ODQI1QrQkCzcuuYJ4rkxB3X0ogYiS0KU8821+I6oERensZlARt66Ybe+vbq1OlNJFyRyMn8 AblUNWcESKqLJIZyFlC2SCbys9DDdWQolc4AQ2bbBdQtSdPoDBZufHknXkFVMCFkMNDc=; Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1jOKF8-0000YA-5T; Tue, 14 Apr 2020 12:00:42 +0000 Received: from iwj by xenbits.xenproject.org with local (Exim 4.89) (envelope-from ) id 1jOKF8-00072Q-3i; Tue, 14 Apr 2020 12:00:42 +0000 Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.508 (Entity 5.508) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team Subject: Xen Security Advisory 313 v3 (CVE-2020-11740,CVE-2020-11741) - multiple xenoprof issues Message-Id: Date: Tue, 14 Apr 2020 12:00:42 +0000 X-BeenThere: xen-announce@lists.xenproject.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Cc: "Xen.org security team" Errors-To: xen-announce-bounces@lists.xenproject.org Sender: "Xen-announce" --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Xen Security Advisory CVE-2020-11740,CVE-2020-11741 / XSA-313 version 3 multiple xenoprof issues UPDATES IN VERSION 3 ==================== Public release. ISSUE DESCRIPTION ================= Unprivileged guests can request to map xenoprof buffers, even if profiling has not been enabled for those guests. These buffers were not scrubbed. This is CVE-2020-11740. Furthermore, for guests for which "active" profiling was enabled by the administrator, the xenoprof code uses the standard Xen shared ring structure. Unfortunately, this code did not treat the guest as a potential adversary: it trusts the guest not to modify buffer size information or modify head / tail pointers in unexpected ways. This is CVE-2020-11741. IMPACT ====== A malicious guest may be able to access sensitive information pertaining to other guests. Guests with "active profiling" enabled can crash the host (DoS). Privilege escalation cannot be ruled out. VULNERABLE SYSTEMS ================== Only x86 PV guests can leverage the vulnerabilities. Arm guests and x86 HVM and PVH guests cannot leverage the vulnerabilities. All Xen versions back to at least 3.2 are vulnerable. Any x86 PV guest can leverage the information leak. Only x86 PV guests whose host administrator has explicitly enabled "active profiling" for an untrusted guest can exploit the DoS / potential privilege escalation. Only builds of Xen with the Xenoprof functionality enabled at build time are vulnerable. The option to disable the functionality at build time was been introduced in Xen 4.7. MITIGATION ========== Never making any untrusted guests "active" will avoid all but the info leak part of the vulnerabilities. There's no known mitigation for the information leak (lack of scrubbing). CREDITS ======= This issue was discovered by Ilja Van Sprundel of IOActive. RESOLUTION ========== Applying the attached set of patches resolves these issues. The first patch fixes the information leak issue, and should be applied to all x86 systems running untrusted PV guests. The second patch fixes the "active profiling" issue. Systems which do not enable active profiling can safely skip patch 2. Note that patches for released versions are generally prepared to apply to the stable branches, and may not apply cleanly to the most recent release tarball. Downstreams are encouraged to update to the tip of the stable branch before applying these patches. xsa313-?.patch xen-unstable, Xen 4.9.x - 4.13.x $ sha256sum xsa313* 63a11c5470a6c24f19d3a8a45042306256e7422d6556e3d76badaa515deb76d6 xsa313.meta f186ad88b492b730aeae3bd01083dd6c13813ce08bcd4ffc608d7af500633a62 xsa313-1.patch 9fbcb5f11e5029e7d371ddb3520443c2780f240edc3d24436872935e34a85c37 xsa313-2.patch $ DEPLOYMENT DURING EMBARGO ========================= Deployment of the patches and/or mitigations described above (or others which are substantially similar) is permitted during the embargo, even on public-facing systems with untrusted guest users and administrators. But: Distribution of updated software is prohibited (except to other members of the predisclosure list). Predisclosure list members who wish to deploy significantly different patches and/or mitigations, please contact the Xen Project Security Team. (Note: this during-embargo deployment notice is retained in post-embargo publicly released Xen Project advisories, even though it is then no longer applicable. This is to enable the community to have oversight of the Xen Project Security Team's decisionmaking.) For more information about permissible uses of embargoed information, consult the Xen Project community's agreed Security Policy: http://www.xenproject.org/security-policy.html -----BEGIN PGP SIGNATURE----- iQFABAEBCAAqFiEEI+MiLBRfRHX6gGCng/4UyVfoK9kFAl6VpdkMHHBncEB4ZW4u b3JnAAoJEIP+FMlX6CvZYZcH/0UHo2zmXGMDvZn1EF20ccKXNoZjvAE5TxSr/A/M qkeASj4IMKlrPOrvs7aQSp97vECTz71Fxz2z7wpGwgIdiOYcRVg/t3b/+E1QSx5N T7xYxxD9ULOLBQyPjYnXYwDC9+9yy+PZuWt3oPeXHrdtLI/5VY/gCzU+k+7bDABh uljJ5KqxeQ5W8DOCR+XscQSZ9wiSkyh8MANjuJJ7uhtVDBo+ul94lrInJYEaBVpI At5cU53B5nVGQ3RkNyWKjSW3VbL1TLgTdWAJNQOo+Z0OZJiKm6xQ6OYph2L4C4j4 e5A5c8UZAXLxVFWIMuiRW2GekOQEkGXtu+uJP00GuXm3+cQ= =1C0J -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa313.meta" Content-Disposition: attachment; filename="xsa313.meta" Content-Transfer-Encoding: base64 ewogICJYU0EiOiAzMTMsCiAgIlN1cHBvcnRlZFZlcnNpb25zIjogWwogICAg Im1hc3RlciIsCiAgICAiNC4xMyIsCiAgICAiNC4xMiIsCiAgICAiNC4xMSIs CiAgICAiNC4xMCIsCiAgICAiNC45IgogIF0sCiAgIlRyZWVzIjogWwogICAg InhlbiIKICBdLAogICJSZWNpcGVzIjogewogICAgIjQuMTAiOiB7CiAgICAg ICJSZWNpcGVzIjogewogICAgICAgICJ4ZW4iOiB7CiAgICAgICAgICAiU3Rh YmxlUmVmIjogIjQ5YTVkNmU5MjMxN2E3ZDlhY2JmMGJkYmQyNWIyODA5ZGZk ODQyNjAiLAogICAgICAgICAgIlByZXJlcXMiOiBbXSwKICAgICAgICAgICJQ YXRjaGVzIjogWwogICAgICAgICAgICAieHNhMzEzLT8ucGF0Y2giCiAgICAg ICAgICBdCiAgICAgICAgfQogICAgICB9CiAgICB9LAogICAgIjQuMTEiOiB7 CiAgICAgICJSZWNpcGVzIjogewogICAgICAgICJ4ZW4iOiB7CiAgICAgICAg ICAiU3RhYmxlUmVmIjogIjZiYzU0YzA2OTZjMGY2ZjYzOTU5ODM2M2QyODRj NzE4OGE5ZTIwYWUiLAogICAgICAgICAgIlByZXJlcXMiOiBbXSwKICAgICAg ICAgICJQYXRjaGVzIjogWwogICAgICAgICAgICAieHNhMzEzLT8ucGF0Y2gi CiAgICAgICAgICBdCiAgICAgICAgfQogICAgICB9CiAgICB9LAogICAgIjQu MTIiOiB7CiAgICAgICJSZWNpcGVzIjogewogICAgICAgICJ4ZW4iOiB7CiAg ICAgICAgICAiU3RhYmxlUmVmIjogIjgyNGJkYjQzMmZjODgzMWVlNDY4NGU0 NTM2MWE3OGZhZWU0NTQ4ZWQiLAogICAgICAgICAgIlByZXJlcXMiOiBbXSwK ICAgICAgICAgICJQYXRjaGVzIjogWwogICAgICAgICAgICAieHNhMzEzLT8u cGF0Y2giCiAgICAgICAgICBdCiAgICAgICAgfQogICAgICB9CiAgICB9LAog ICAgIjQuMTMiOiB7CiAgICAgICJSZWNpcGVzIjogewogICAgICAgICJ4ZW4i OiB7CiAgICAgICAgICAiU3RhYmxlUmVmIjogImQzZjNlNDQ3Njc2NjY3ZWYz MGI0ODcwOGQzNTljOGY4YjEzYTlhMDMiLAogICAgICAgICAgIlByZXJlcXMi OiBbXSwKICAgICAgICAgICJQYXRjaGVzIjogWwogICAgICAgICAgICAieHNh MzEzLT8ucGF0Y2giCiAgICAgICAgICBdCiAgICAgICAgfQogICAgICB9CiAg ICB9LAogICAgIjQuOSI6IHsKICAgICAgIlJlY2lwZXMiOiB7CiAgICAgICAg InhlbiI6IHsKICAgICAgICAgICJTdGFibGVSZWYiOiAiY2YyZTljYzBiYTA0 MzJmMDVjZGNhMzZkY2Q0NmJlNWZkZmQ3Y2EwYyIsCiAgICAgICAgICAiUHJl cmVxcyI6IFtdLAogICAgICAgICAgIlBhdGNoZXMiOiBbCiAgICAgICAgICAg ICJ4c2EzMTMtPy5wYXRjaCIKICAgICAgICAgIF0KICAgICAgICB9CiAgICAg IH0KICAgIH0sCiAgICAibWFzdGVyIjogewogICAgICAiUmVjaXBlcyI6IHsK ICAgICAgICAieGVuIjogewogICAgICAgICAgIlN0YWJsZVJlZiI6ICJlMTli NGIzYjU1Zjg0ZTBjZmNjMDJmZTVkNjY5NjU5NjlhODFjOTY1IiwKICAgICAg ICAgICJQcmVyZXFzIjogW10sCiAgICAgICAgICAiUGF0Y2hlcyI6IFsKICAg ICAgICAgICAgInhzYTMxMy0/LnBhdGNoIgogICAgICAgICAgXQogICAgICAg IH0KICAgICAgfQogICAgfQogIH0KfQ== --=separator Content-Type: application/octet-stream; name="xsa313-1.patch" Content-Disposition: attachment; filename="xsa313-1.patch" Content-Transfer-Encoding: base64 RnJvbTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgpTdWJqZWN0 OiB4ZW5vcHJvZjogY2xlYXIgYnVmZmVyIGludGVuZGVkIHRvIGJlIHNoYXJl ZCB3aXRoIGd1ZXN0cwoKYWxsb2NfeGVuaGVhcF9wYWdlcygpIG1ha2luZyB1 c2Ugb2YgTUVNRl9ub19zY3J1YiBpcyBmaW5lIGZvciBYZW4KaW50ZXJuYWxs eSB1c2VkIGFsbG9jYXRpb25zLCBidXQgYnVmZmVycyBhbGxvY2F0ZWQgdG8g YmUgc2hhcmVkIHdpdGgKKHVucHJpdmlsaWdlZCkgZ3Vlc3RzIG5lZWQgdG8g YmUgemFwcGVkIG9mIHRoZWlyIHByaW9yIGNvbnRlbnQuCgpUaGlzIGlzIHBh cnQgb2YgWFNBLTMxMy4KClJlcG9ydGVkLWJ5OiBJbGphIFZhbiBTcHJ1bmRl bCA8aXZhbnNwcnVuZGVsQGlvYWN0aXZlLmNvbT4KU2lnbmVkLW9mZi1ieTog SmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgpSZXZpZXdlZC1ieTog QW5kcmV3IENvb3BlciA8YW5kcmV3LmNvb3BlcjNAY2l0cml4LmNvbT4KUmV2 aWV3ZWQtYnk6IFdlaSBMaXUgPHdsQHhlbi5vcmc+CgotLS0gYS94ZW4vY29t bW9uL3hlbm9wcm9mLmMKKysrIGIveGVuL2NvbW1vbi94ZW5vcHJvZi5jCkBA IC0yNTMsNiArMjUzLDkgQEAgc3RhdGljIGludCBhbGxvY194ZW5vcHJvZl9z dHJ1Y3QoCiAgICAgICAgIHJldHVybiAtRU5PTUVNOwogICAgIH0KIAorICAg IGZvciAoIGkgPSAwOyBpIDwgbnBhZ2VzOyArK2kgKQorICAgICAgICBjbGVh cl9wYWdlKGQtPnhlbm9wcm9mLT5yYXdidWYgKyBpICogUEFHRV9TSVpFKTsK KwogICAgIGQtPnhlbm9wcm9mLT5ucGFnZXMgPSBucGFnZXM7CiAgICAgZC0+ eGVub3Byb2YtPm5idWYgPSBudmNwdTsKICAgICBkLT54ZW5vcHJvZi0+YnVm c2l6ZSA9IGJ1ZnNpemU7Cg== --=separator Content-Type: application/octet-stream; name="xsa313-2.patch" Content-Disposition: attachment; filename="xsa313-2.patch" Content-Transfer-Encoding: base64 RnJvbTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgpTdWJqZWN0 OiB4ZW5vcHJvZjogbGltaXQgY29uc3VtcHRpb24gb2Ygc2hhcmVkIGJ1ZmZl ciBkYXRhCgpTaW5jZSBhIHNoYXJlZCBidWZmZXIgY2FuIGJlIHdyaXR0ZW4g dG8gYnkgdGhlIGd1ZXN0LCB3ZSBtYXkgb25seSByZWFkCnRoZSBoZWFkIGFu ZCB0YWlsIHBvaW50ZXJzIGZyb20gdGhlcmUgKGFsbCBvdGhlciBmaWVsZHMg c2hvdWxkIG9ubHkgZXZlcgpiZSB3cml0dGVuIHRvKS4gRnVydGhlcm1vcmUs IGZvciBhbnkgcGFydGljdWxhciBvcGVyYXRpb24gdGhlIHR3byB2YWx1ZXMK bXVzdCBiZSByZWFkIGV4YWN0bHkgb25jZSwgd2l0aCBib3RoIGNoZWNrcyBh bmQgY29uc3VtcHRpb24gaGFwcGVuaW5nCndpdGggdGhlIHRodXMgcmVhZCB2 YWx1ZXMuIChUaGUgYmFja3RyYWNlIHJlbGF0ZWQgeGVub3Byb2ZfYnVmX3Nw YWNlKCkKdXNlIGluIHhlbm9wcm9mX2xvZ19ldmVudCgpIGlzIGFuIGV4Y2Vw dGlvbjogVGhlIHZhbHVlcyB1c2VkIHRoZXJlIGdldApyZS1jaGVja2VkIGJ5 IGV2ZXJ5IHN1YnNlcXVlbnQgeGVub3Byb2ZfYWRkX3NhbXBsZSgpLikKClNp bmNlIHRoYXQgY29kZSBuZWVkZWQgdG91Y2hpbmcsIGFsc28gZml4IHRoZSBk b3VibGUgaW5jcmVtZW50IG9mIHRoZQpsb3N0IHNhbXBsZXMgY291bnQgaW4g Y2FzZSB0aGUgYmFja3RyYWNlIHJlbGF0ZWQgeGVub3Byb2ZfYWRkX3NhbXBs ZSgpCmludm9jYXRpb24gaW4geGVub3Byb2ZfbG9nX2V2ZW50KCkgZmFpbHMu CgpXaGVyZSBjb2RlIGlzIGJlaW5nIHRvdWNoZWQgYW55d2F5LCBhZGQgY29u c3QgYXMgYXBwcm9wcmlhdGUsIGJ1dCB0YWtlCnRoZSBvcHBvcnR1bml0eSB0 byBlbnRpcmVseSBkcm9wIHRoZSBub3cgdW51c2VkIGRvbWFpbiBwYXJhbWV0 ZXIgb2YKeGVub3Byb2ZfYnVmX3NwYWNlKCkuCgpUaGlzIGlzIHBhcnQgb2Yg WFNBLTMxMy4KClJlcG9ydGVkLWJ5OiBJbGphIFZhbiBTcHJ1bmRlbCA8aXZh bnNwcnVuZGVsQGlvYWN0aXZlLmNvbT4KU2lnbmVkLW9mZi1ieTogSmFuIEJl dWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgpSZXZpZXdlZC1ieTogR2Vvcmdl IER1bmxhcCA8Z2VvcmdlLmR1bmxhcEBjaXRyaXguY29tPgpSZXZpZXdlZC1i eTogV2VpIExpdSA8d2xAeGVuLm9yZz4KCi0tLSBhL3hlbi9jb21tb24veGVu b3Byb2YuYworKysgYi94ZW4vY29tbW9uL3hlbm9wcm9mLmMKQEAgLTQ3OSwy NSArNDc5LDIyIEBAIHN0YXRpYyBpbnQgYWRkX3Bhc3NpdmVfbGlzdChYRU5f R1VFU1RfSEEKIAogCiAvKiBHZXQgc3BhY2UgaW4gdGhlIGJ1ZmZlciAqLwot c3RhdGljIGludCB4ZW5vcHJvZl9idWZfc3BhY2Uoc3RydWN0IGRvbWFpbiAq ZCwgeGVub3Byb2ZfYnVmX3QgKiBidWYsIGludCBzaXplKQorc3RhdGljIGlu dCB4ZW5vcHJvZl9idWZfc3BhY2UoaW50IGhlYWQsIGludCB0YWlsLCBpbnQg c2l6ZSkKIHsKLSAgICBpbnQgaGVhZCwgdGFpbDsKLQotICAgIGhlYWQgPSB4 ZW5vcHJvZl9idWYoZCwgYnVmLCBldmVudF9oZWFkKTsKLSAgICB0YWlsID0g eGVub3Byb2ZfYnVmKGQsIGJ1ZiwgZXZlbnRfdGFpbCk7Ci0KICAgICByZXR1 cm4gKCh0YWlsID4gaGVhZCkgPyAwIDogc2l6ZSkgKyB0YWlsIC0gaGVhZCAt IDE7CiB9CiAKIC8qIENoZWNrIGZvciBzcGFjZSBhbmQgYWRkIGEgc2FtcGxl LiBSZXR1cm4gMSBpZiBzdWNjZXNzZnVsLCAwIG90aGVyd2lzZS4gKi8KLXN0 YXRpYyBpbnQgeGVub3Byb2ZfYWRkX3NhbXBsZShzdHJ1Y3QgZG9tYWluICpk LCB4ZW5vcHJvZl9idWZfdCAqYnVmLAorc3RhdGljIGludCB4ZW5vcHJvZl9h ZGRfc2FtcGxlKGNvbnN0IHN0cnVjdCBkb21haW4gKmQsCisgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgY29uc3Qgc3RydWN0IHhlbm9wcm9mX3Zj cHUgKnYsCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgdWludDY0 X3QgZWlwLCBpbnQgbW9kZSwgaW50IGV2ZW50KQogeworICAgIHhlbm9wcm9m X2J1Zl90ICpidWYgPSB2LT5idWZmZXI7CiAgICAgaW50IGhlYWQsIHRhaWws IHNpemU7CiAKICAgICBoZWFkID0geGVub3Byb2ZfYnVmKGQsIGJ1ZiwgZXZl bnRfaGVhZCk7CiAgICAgdGFpbCA9IHhlbm9wcm9mX2J1ZihkLCBidWYsIGV2 ZW50X3RhaWwpOwotICAgIHNpemUgPSB4ZW5vcHJvZl9idWYoZCwgYnVmLCBl dmVudF9zaXplKTsKKyAgICBzaXplID0gdi0+ZXZlbnRfc2l6ZTsKICAgICAK ICAgICAvKiBtYWtlIHN1cmUgaW5kZXhlcyBpbiBzaGFyZWQgYnVmZmVyIGFy ZSBzYW5lICovCiAgICAgaWYgKCAoaGVhZCA8IDApIHx8IChoZWFkID49IHNp emUpIHx8ICh0YWlsIDwgMCkgfHwgKHRhaWwgPj0gc2l6ZSkgKQpAQCAtNTA2 LDcgKzUwMyw3IEBAIHN0YXRpYyBpbnQgeGVub3Byb2ZfYWRkX3NhbXBsZShz dHJ1Y3QgZG8KICAgICAgICAgcmV0dXJuIDA7CiAgICAgfQogCi0gICAgaWYg KCB4ZW5vcHJvZl9idWZfc3BhY2UoZCwgYnVmLCBzaXplKSA+IDAgKQorICAg IGlmICggeGVub3Byb2ZfYnVmX3NwYWNlKGhlYWQsIHRhaWwsIHNpemUpID4g MCApCiAgICAgewogICAgICAgICB4ZW5vcHJvZl9idWYoZCwgYnVmLCBldmVu dF9sb2dbaGVhZF0uZWlwKSA9IGVpcDsKICAgICAgICAgeGVub3Byb2ZfYnVm KGQsIGJ1ZiwgZXZlbnRfbG9nW2hlYWRdLm1vZGUpID0gbW9kZTsKQEAgLTUz MCw3ICs1MjcsNiBAQCBzdGF0aWMgaW50IHhlbm9wcm9mX2FkZF9zYW1wbGUo c3RydWN0IGRvCiBpbnQgeGVub3Byb2ZfYWRkX3RyYWNlKHN0cnVjdCB2Y3B1 ICp2Y3B1LCB1aW50NjRfdCBwYywgaW50IG1vZGUpCiB7CiAgICAgc3RydWN0 IGRvbWFpbiAqZCA9IHZjcHUtPmRvbWFpbjsKLSAgICB4ZW5vcHJvZl9idWZf dCAqYnVmID0gZC0+eGVub3Byb2YtPnZjcHVbdmNwdS0+dmNwdV9pZF0uYnVm ZmVyOwogCiAgICAgLyogRG8gbm90IGFjY2lkZW50YWxseSB3cml0ZSBhbiBl c2NhcGUgY29kZSBkdWUgdG8gYSBicm9rZW4gZnJhbWUuICovCiAgICAgaWYg KCBwYyA9PSBYRU5PUFJPRl9FU0NBUEVfQ09ERSApCkBAIC01MzksNyArNTM1 LDggQEAgaW50IHhlbm9wcm9mX2FkZF90cmFjZShzdHJ1Y3QgdmNwdSAqdmNw dQogICAgICAgICByZXR1cm4gMDsKICAgICB9CiAKLSAgICByZXR1cm4geGVu b3Byb2ZfYWRkX3NhbXBsZShkLCBidWYsIHBjLCBtb2RlLCAwKTsKKyAgICBy ZXR1cm4geGVub3Byb2ZfYWRkX3NhbXBsZShkLCAmZC0+eGVub3Byb2YtPnZj cHVbdmNwdS0+dmNwdV9pZF0sCisgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgcGMsIG1vZGUsIDApOwogfQogCiB2b2lkIHhlbm9wcm9mX2xvZ19l dmVudChzdHJ1Y3QgdmNwdSAqdmNwdSwgY29uc3Qgc3RydWN0IGNwdV91c2Vy X3JlZ3MgKnJlZ3MsCkBAIC01NzAsMTcgKzU2NywyMiBAQCB2b2lkIHhlbm9w cm9mX2xvZ19ldmVudChzdHJ1Y3QgdmNwdSAqdmNwCiAgICAgLyogUHJvdmlk ZSBiYWNrdHJhY2UgaWYgcmVxdWVzdGVkLiAqLwogICAgIGlmICggYmFja3Ry YWNlX2RlcHRoID4gMCApCiAgICAgewotICAgICAgICBpZiAoICh4ZW5vcHJv Zl9idWZfc3BhY2UoZCwgYnVmLCB2LT5ldmVudF9zaXplKSA8IDIpIHx8Ci0g ICAgICAgICAgICAgIXhlbm9wcm9mX2FkZF9zYW1wbGUoZCwgYnVmLCBYRU5P UFJPRl9FU0NBUEVfQ09ERSwgbW9kZSwgCi0gICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgWEVOT1BST0ZfVFJBQ0VfQkVHSU4pICkKKyAgICAg ICAgaWYgKCB4ZW5vcHJvZl9idWZfc3BhY2UoeGVub3Byb2ZfYnVmKGQsIGJ1 ZiwgZXZlbnRfaGVhZCksCisgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgIHhlbm9wcm9mX2J1ZihkLCBidWYsIGV2ZW50X3RhaWwpLAorICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICB2LT5ldmVudF9zaXplKSA8IDIg KQogICAgICAgICB7CiAgICAgICAgICAgICB4ZW5vcHJvZl9idWYoZCwgYnVm LCBsb3N0X3NhbXBsZXMpKys7CiAgICAgICAgICAgICBsb3N0X3NhbXBsZXMr KzsKICAgICAgICAgICAgIHJldHVybjsKICAgICAgICAgfQorCisgICAgICAg IC8qIHhlbm9wcm9mX2FkZF9zYW1wbGUoKSB3aWxsIGluY3JlbWVudCBsb3N0 X3NhbXBsZXMgb24gZmFpbHVyZSAqLworICAgICAgICBpZiAoICF4ZW5vcHJv Zl9hZGRfc2FtcGxlKGQsIHYsIFhFTk9QUk9GX0VTQ0FQRV9DT0RFLCBtb2Rl LAorICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFhFTk9QUk9G X1RSQUNFX0JFR0lOKSApCisgICAgICAgICAgICByZXR1cm47CiAgICAgfQog Ci0gICAgaWYgKCB4ZW5vcHJvZl9hZGRfc2FtcGxlKGQsIGJ1ZiwgcGMsIG1v ZGUsIGV2ZW50KSApCisgICAgaWYgKCB4ZW5vcHJvZl9hZGRfc2FtcGxlKGQs IHYsIHBjLCBtb2RlLCBldmVudCkgKQogICAgIHsKICAgICAgICAgaWYgKCBp c19hY3RpdmUodmNwdS0+ZG9tYWluKSApCiAgICAgICAgICAgICBhY3RpdmVf c2FtcGxlcysrOwotLS0gYS94ZW4vaW5jbHVkZS94ZW4veGVub3Byb2YuaAor KysgYi94ZW4vaW5jbHVkZS94ZW4veGVub3Byb2YuaApAQCAtNjEsMTIgKzYx LDEyIEBAIHN0cnVjdCB4ZW5vcHJvZiB7CiAKICNpZm5kZWYgQ09ORklHX0NP TVBBVAogI2RlZmluZSBYRU5PUFJPRl9DT01QQVQoeCkgMAotI2RlZmluZSB4 ZW5vcHJvZl9idWYoZCwgYiwgZmllbGQpICgoYiktPmZpZWxkKQorI2RlZmlu ZSB4ZW5vcHJvZl9idWYoZCwgYiwgZmllbGQpIEFDQ0VTU19PTkNFKChiKS0+ ZmllbGQpCiAjZWxzZQogI2RlZmluZSBYRU5PUFJPRl9DT01QQVQoeCkgKCh4 KS0+aXNfY29tcGF0KQotI2RlZmluZSB4ZW5vcHJvZl9idWYoZCwgYiwgZmll bGQpICgqKCEoZCktPnhlbm9wcm9mLT5pc19jb21wYXQgPyBcCi0gICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAmKGIpLT5uYXRpdmUu ZmllbGQgOiBcCi0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAmKGIpLT5jb21wYXQuZmllbGQpKQorI2RlZmluZSB4ZW5vcHJvZl9i dWYoZCwgYiwgZmllbGQpIEFDQ0VTU19PTkNFKCooIShkKS0+eGVub3Byb2Yt PmlzX2NvbXBhdCBcCisgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICA/ICYoYiktPm5hdGl2ZS5maWVsZCBcCisgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA6 ICYoYiktPmNvbXBhdC5maWVsZCkpCiAjZW5kaWYKIAogc3RydWN0IGRvbWFp bjsK --=separator-- From xen-announce-bounces@lists.xenproject.org Tue Apr 14 12:01:38 2020 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 14 Apr 2020 12:01:38 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1jOKFy-0007tq-Kg; Tue, 14 Apr 2020 12:01:34 +0000 Received: from all-amaz-eas1.inumbo.com ([34.197.232.57] helo=us1-amaz-eas2.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1jOKFy-0007tP-42 for xen-announce@lists.xen.org; Tue, 14 Apr 2020 12:01:34 +0000 X-Inumbo-ID: 997cd0da-7e47-11ea-8927-12813bfff9fa Received: from mail.xenproject.org (unknown [104.130.215.37]) by us1-amaz-eas2.inumbo.com (Halon) with ESMTPS id 997cd0da-7e47-11ea-8927-12813bfff9fa; Tue, 14 Apr 2020 12:00:57 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:CC:From:To:MIME-Version: Content-Transfer-Encoding:Content-Type:Sender:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=aRHmPYnG67uS0Qn4gfeD/shmRqkCxEqOSp7XObEeC28=; b=jrMr+KPRHX8NIRltmsAyItgJSK qWlGLhLanN1y/HTP1Hv1D90vUK653NrQxUWbQMUi0TmUw0FTfGSupqxOZaUm2TDQLvHGqqqhOBQTA Bw2S4LXTF6MJWhUDejaUoHpfKuPM09JhOgAYs7dc5ZWvQhuPyvr24UX5LpsdBLuwD5k4=; Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1jOKFH-0000Zg-K7; Tue, 14 Apr 2020 12:00:51 +0000 Received: from iwj by xenbits.xenproject.org with local (Exim 4.89) (envelope-from ) id 1jOKFH-00075Y-Iw; Tue, 14 Apr 2020 12:00:51 +0000 Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.508 (Entity 5.508) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team Subject: Xen Security Advisory 318 v3 (CVE-2020-11742) - Bad continuation handling in GNTTABOP_copy Message-Id: Date: Tue, 14 Apr 2020 12:00:51 +0000 X-BeenThere: xen-announce@lists.xenproject.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Cc: "Xen.org security team" Errors-To: xen-announce-bounces@lists.xenproject.org Sender: "Xen-announce" --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Xen Security Advisory CVE-2020-11742 / XSA-318 version 3 Bad continuation handling in GNTTABOP_copy UPDATES IN VERSION 3 ==================== Public release. ISSUE DESCRIPTION ================= Grant table operations are expected to return 0 for success, and a negative number for errors. The fix for CVE-2017-12135 / XSA-226 introduced a path through grant copy handling where success may be returned to the caller without any action taken. In particular the status fields of individual operations are left uninitialised, and may result in errant behaviour in the caller of GNTTABOP_copy. IMPACT ====== A buggy or malicious guest can construct its grant table in such a way that, when a backend domain tries to copy a grant, it hits the incorrect exit path. This returns success to the caller without doing anything, which may cause in crashes or other incorrect behaviour. VULNERABLE SYSTEMS ================== Systems running any version of Xen are vulnerable. MITIGATION ========== Only guests with access to transitive grants can exploit the vulnerability. In particular, this means that: * ARM systems which have taken the XSA-268 fix are not vulnerable, as Grant Table v2 was disabled for other security reasons. * All systems with the XSA-226 fixes, and booted with `gnttab=max-ver:1` or `gnttab=no-transitive` are not vulnerable. CREDITS ======= This issue was discovered by Pawel Wieczorkiewicz of Amazon and Jürgen Groß of SUSE. RESOLUTION ========== Applying the attached patch resolves this issue. Note that patches for released versions are generally prepared to apply to the stable branches, and may not apply cleanly to the most recent release tarball. Downstreams are encouraged to update to the tip of the stable branch before applying these patches. xsa318.patch Xen 4.9 - xen-unstable $ sha256sum xsa318* 4618c2609ab08178977c2b2a3d13f380ccfddd0168caca5ced708dd76a8e547c xsa318.patch $ NOTE CONCERNING SHORT EMBARGO ============================= This issue was discovered in response to the XSA-316 predisclosure. DEPLOYMENT DURING EMBARGO ========================= Deployment of the patches described above (or others which are substantially similar) is permitted during the embargo, even on public-facing systems with untrusted guest users and administrators. But: Distribution of updated software is prohibited (except to other members of the predisclosure list). Predisclosure list members who wish to deploy significantly different patches and/or mitigations, please contact the Xen Project Security Team. However, deployment of the mitigations is NOT permitted (except where all the affected systems and VMs are administered and used only by organisations which are members of the Xen Project Security Issues Predisclosure List). Specifically, deployment on public cloud systems is NOT permitted. This is because it is a guest visible change which will draw attention to the issue. -----BEGIN PGP SIGNATURE----- iQFABAEBCAAqFiEEI+MiLBRfRHX6gGCng/4UyVfoK9kFAl6Vpd4MHHBncEB4ZW4u b3JnAAoJEIP+FMlX6CvZbC8IAIkpehqymi1+zrWN1OHdvIYIMv2TCzSSx3UtsoMk J67FpgDzX8ZLfiE0x5FELs3KUdILOe5IkEmM2ssrvQRoIp+X3U4Ybm6eoIB+BzjD bmJReqNYVY6dlJuAhO2i6L125uBITWdntlK/ZOOQAOd77hR2KueuGELV7KUoPbQa SAiQ8jsCjqWCacYll6oq1c7jRlc1+RD/5JjkGveHlLmLOnIiS96PkDzqskM8Aniz TLZ4WmIpfixDAHn3OYyHGoUyhNW3qlps3evDyj3Wela62LFsymDSHkcV8XFBLTGT pueuSELzne5m85moAB2UqKVhHDV+PRCV7bLHYm/s7yeIHSg= =hix9 -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa318.patch" Content-Disposition: attachment; filename="xsa318.patch" Content-Transfer-Encoding: base64 RnJvbTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgpTdWJqZWN0 OiBnbnR0YWI6IGZpeCBHTlRUQUJPUF9jb3B5IGNvbnRpbnVhdGlvbiBoYW5k bGluZwoKVGhlIFhTQS0yMjYgZml4IHdhcyBmbGF3ZWQgLSB0aGUgYmFja3dh cmRzIHRyYW5zZm9ybWF0aW9uIG9uIHJjIHdhcyBkb25lCnRvbyBlYXJseSwg Y2F1c2luZyBhIGNvbnRpbnVhdGlvbiB0byBub3QgZ2V0IGludm9rZWQgd2hl biB0aGUgbmVlZCBmb3IKcHJlZW1wdGlvbiB3YXMgZGV0ZXJtaW5lZCBhdCB0 aGUgdmVyeSBmaXJzdCBpdGVyYXRpb24gb2YgdGhlIHJlcXVlc3QuClRoaXMg aW4gcGFydGljdWxhciBtZWFucyB0aGF0IGFsbCBvZiB0aGUgc3RhdHVzIGZp ZWxkcyBvZiB0aGUgaW5kaXZpZHVhbApvcGVyYXRpb25zIHdvdWxkIGJlIGxl ZnQgdW50b3VjaGVkLCBpLmUuIHNldCB0byB3aGF0ZXZlciB0aGUgY2FsbGVy IG1heQpvciBtYXkgbm90IGhhdmUgaW5pdGlhbGl6ZWQgdGhlbSB0by4KClRo aXMgaXMgcGFydCBvZiBYU0EtMzE4LgoKUmVwb3J0ZWQtYnk6IFBhd2VsIFdp ZWN6b3JraWV3aWN6IDx3aXBhd2VsQGFtYXpvbi5kZT4KVGVzdGVkLWJ5OiBQ YXdlbCBXaWVjem9ya2lld2ljeiA8d2lwYXdlbEBhbWF6b24uZGU+ClNpZ25l ZC1vZmYtYnk6IEphbiBCZXVsaWNoIDxqYmV1bGljaEBzdXNlLmNvbT4KUmV2 aWV3ZWQtYnk6IEp1ZXJnZW4gR3Jvc3MgPGpncm9zc0BzdXNlLmNvbT4KCi0t LSBhL3hlbi9jb21tb24vZ3JhbnRfdGFibGUuYworKysgYi94ZW4vY29tbW9u L2dyYW50X3RhYmxlLmMKQEAgLTM1NzYsOCArMzU3Niw3IEBAIGRvX2dyYW50 X3RhYmxlX29wKAogICAgICAgICByYyA9IGdudHRhYl9jb3B5KGNvcHksIGNv dW50KTsKICAgICAgICAgaWYgKCByYyA+IDAgKQogICAgICAgICB7Ci0gICAg ICAgICAgICByYyA9IGNvdW50IC0gcmM7Ci0gICAgICAgICAgICBndWVzdF9o YW5kbGVfYWRkX29mZnNldChjb3B5LCByYyk7CisgICAgICAgICAgICBndWVz dF9oYW5kbGVfYWRkX29mZnNldChjb3B5LCBjb3VudCAtIHJjKTsKICAgICAg ICAgICAgIHVvcCA9IGd1ZXN0X2hhbmRsZV9jYXN0KGNvcHksIHZvaWQpOwog ICAgICAgICB9CiAgICAgICAgIGJyZWFrOwpAQCAtMzY0NCw2ICszNjQzLDkg QEAgZG9fZ3JhbnRfdGFibGVfb3AoCiAgIG91dDoKICAgICBpZiAoIHJjID4g MCB8fCBvcGFxdWVfb3V0ICE9IDAgKQogICAgIHsKKyAgICAgICAgLyogQWRq dXN0IHJjLCBzZWUgZ250dGFiX2NvcHkoKSBmb3Igd2h5IHRoaXMgaXMgbmVl ZGVkLiAqLworICAgICAgICBpZiAoIGNtZCA9PSBHTlRUQUJPUF9jb3B5ICkK KyAgICAgICAgICAgIHJjID0gY291bnQgLSByYzsKICAgICAgICAgQVNTRVJU KHJjIDwgY291bnQpOwogICAgICAgICBBU1NFUlQoKG9wYXF1ZV9vdXQgJiBH TlRUQUJPUF9DTURfTUFTSykgPT0gMCk7CiAgICAgICAgIHJjID0gaHlwZXJj YWxsX2NyZWF0ZV9jb250aW51YXRpb24oX19IWVBFUlZJU09SX2dyYW50X3Rh YmxlX29wLCAiaWhpIiwK --=separator-- From xen-announce-bounces@lists.xenproject.org Tue Apr 14 12:01:38 2020 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 14 Apr 2020 12:01:38 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1jOKFX-0007dp-FG; Tue, 14 Apr 2020 12:01:07 +0000 Received: from us1-rack-iad1.inumbo.com ([172.99.69.81]) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1jOKFW-0007dP-H1 for xen-announce@lists.xen.org; Tue, 14 Apr 2020 12:01:06 +0000 X-Inumbo-ID: 95863b10-7e47-11ea-b58d-bc764e2007e4 Received: from mail.xenproject.org (unknown [104.130.215.37]) by us1-rack-iad1.inumbo.com (Halon) with ESMTPS id 95863b10-7e47-11ea-b58d-bc764e2007e4; Tue, 14 Apr 2020 12:00:50 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:CC:From:To:MIME-Version: Content-Transfer-Encoding:Content-Type:Sender:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=aP7zEw2Ja7XpkzWCUNUnIBbF7IgwD7OB+rzvUn2jWBU=; b=qsp/VEYxnTsGFRHxVlj58CHIjK 831NIp1mUCgk53mugrrrBlPGA3AJywAcUDAfJec6GpgH17FQZFRewInEu17Viahhr9yaRnNRKMII5 sWdlKg8SrItxIXZELcV7YxOv1nh81rpiM3MOQGHSfAG8XAH101M6x/plArRHzinLf4jg=; Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1jOKFB-0000YM-5B; Tue, 14 Apr 2020 12:00:45 +0000 Received: from iwj by xenbits.xenproject.org with local (Exim 4.89) (envelope-from ) id 1jOKFB-00073X-32; Tue, 14 Apr 2020 12:00:45 +0000 Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.508 (Entity 5.508) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team Subject: Xen Security Advisory 314 v3 (CVE-2020-11739) - Missing memory barriers in read-write unlock paths Message-Id: Date: Tue, 14 Apr 2020 12:00:45 +0000 X-BeenThere: xen-announce@lists.xenproject.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Cc: "Xen.org security team" Errors-To: xen-announce-bounces@lists.xenproject.org Sender: "Xen-announce" --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Xen Security Advisory CVE-2020-11739 / XSA-314 version 3 Missing memory barriers in read-write unlock paths UPDATES IN VERSION 3 ==================== Public release. ISSUE DESCRIPTION ================= The read-write unlock paths don't contain a memory barrier. On Arm, this means a processor is allowed to re-order the memory access with the preceding ones. In other words, the unlock may be seen by another processor before all the memory accesses within the "critical" section. As a consequence, it may be possible to have a writer executing a critical section at the same time as readers or another writer. In other words, many of the assumptions (e.g a variable cannot be modified after a check) in the critical sections are not safe anymore. The read-write locks are used in hypercalls (such as grant-table ones), so a malicious guest could exploit the race. For instance, there is a small window where Xen can leak memory if XENMAPSPACE_grant_table is used concurrently. IMPACT ====== A malicous guest may be able to leak memory, or cause a hypervisor crash resulting in a Denial of Service (DoS). Information leak and privilege escalation cannot be excluded. VULNERABLE SYSTEMS ================== Systems running all versions of Xen are affected. Whether an individual Arm-based CPU is vulnerable depends on its memory re-ordering properties. Consult your CPU vendor. x86 systems are not vulnerable. MITIGATION ========== There is no known mitigation. CREDITS ======= This issue was discovered by Julien Grall of Amazon. RESOLUTION ========== Applying the appropriate attached patch resolves this issue. Note that patches for released versions are generally prepared to apply to the stable branches, and may not apply cleanly to the most recent release tarball. Downstreams are encouraged to update to the tip of the stable branch before applying these patches. xsa314.patch xen-unstable xsa314-4.13.patch Xen 4.13 - Xen 4.9 $ sha256sum xsa314* ff6e03780766d0358699ed0c5b0154be9ccbbc80796650f7568c295c5451ba0a xsa314.meta 7c507e7b46568e94aa9595a549bd3020b16d1eca97b8bfc3bb1f5d96eb338cc1 xsa314.patch a13e6a9cd531859882d1b0ef38245441d363d1ead1fa2a5ae5da7a0fce27e072 xsa314-4.13.patch $ DEPLOYMENT DURING EMBARGO ========================= Deployment of the patches and/or mitigations described above (or others which are substantially similar) is permitted during the embargo, even on public-facing systems with untrusted guest users and administrators. But: Distribution of updated software is prohibited (except to other members of the predisclosure list). Predisclosure list members who wish to deploy significantly different patches and/or mitigations, please contact the Xen Project Security Team. (Note: this during-embargo deployment notice is retained in post-embargo publicly released Xen Project advisories, even though it is then no longer applicable. This is to enable the community to have oversight of the Xen Project Security Team's decisionmaking.) For more information about permissible uses of embargoed information, consult the Xen Project community's agreed Security Policy: http://www.xenproject.org/security-policy.html -----BEGIN PGP SIGNATURE----- iQFABAEBCAAqFiEEI+MiLBRfRHX6gGCng/4UyVfoK9kFAl6VpdcMHHBncEB4ZW4u b3JnAAoJEIP+FMlX6CvZNSoH/2TB+nP1KWB0LUkP5yD1tlSC6Q58k3ReUw7uVfLh OOBhyOZz5jQOO9r6HDQtqxZBtihbmCDD9Ckl3V4au81TFxz8My24nMR+X1dqDcPi 0MQ2+Tu3z6S/NMw9DwLsN9b0MtHlmalOBrhbhif3/U0QDgLFhN2H8GtvFQ1imWmm JHoTdBHDUwxCvThIHZCui/T69U/csdfyV6f/HgMVTzpNIOBkiwUuOVuMEO25KqVk tO0z0CyK19K86VJu7k4q16RzCllUoe5bSU+7UVYOS1PxZ5XCvKTCYcZDz1HZMW/8 FOA8yNMzHV3b+0WvCnMpq9qHmmJXGx+vRSoeBF7YeU0wUkE= =oA9H -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa314.meta" Content-Disposition: attachment; filename="xsa314.meta" Content-Transfer-Encoding: base64 ewogICJYU0EiOiAzMTQsCiAgIlN1cHBvcnRlZFZlcnNpb25zIjogWwogICAg Im1hc3RlciIsCiAgICAiNC4xMyIsCiAgICAiNC4xMiIsCiAgICAiNC4xMSIs CiAgICAiNC4xMCIsCiAgICAiNC45IgogIF0sCiAgIlRyZWVzIjogWwogICAg InhlbiIKICBdLAogICJSZWNpcGVzIjogewogICAgIjQuMTAiOiB7CiAgICAg ICJSZWNpcGVzIjogewogICAgICAgICJ4ZW4iOiB7CiAgICAgICAgICAiU3Rh YmxlUmVmIjogIjQ5YTVkNmU5MjMxN2E3ZDlhY2JmMGJkYmQyNWIyODA5ZGZk ODQyNjAiLAogICAgICAgICAgIlByZXJlcXMiOiBbXSwKICAgICAgICAgICJQ YXRjaGVzIjogWwogICAgICAgICAgICAieHNhMzE0LTQuMTMucGF0Y2giCiAg ICAgICAgICBdCiAgICAgICAgfQogICAgICB9CiAgICB9LAogICAgIjQuMTEi OiB7CiAgICAgICJSZWNpcGVzIjogewogICAgICAgICJ4ZW4iOiB7CiAgICAg ICAgICAiU3RhYmxlUmVmIjogImRkZmZjNGQ4YTA3MmYxNDYzMjBmNGNhNThj NzY4YzRiNTYzYWI1NzEiLAogICAgICAgICAgIlByZXJlcXMiOiBbXSwKICAg ICAgICAgICJQYXRjaGVzIjogWwogICAgICAgICAgICAieHNhMzE0LTQuMTMu cGF0Y2giCiAgICAgICAgICBdCiAgICAgICAgfQogICAgICB9CiAgICB9LAog ICAgIjQuMTIiOiB7CiAgICAgICJSZWNpcGVzIjogewogICAgICAgICJ4ZW4i OiB7CiAgICAgICAgICAiU3RhYmxlUmVmIjogImE1ZmNhZmJmYmVlNTUyNjE4 NTNmYmEwNzE0OWMxYzc5NWYyYmFmNTgiLAogICAgICAgICAgIlByZXJlcXMi OiBbXSwKICAgICAgICAgICJQYXRjaGVzIjogWwogICAgICAgICAgICAieHNh MzE0LTQuMTMucGF0Y2giCiAgICAgICAgICBdCiAgICAgICAgfQogICAgICB9 CiAgICB9LAogICAgIjQuMTMiOiB7CiAgICAgICJSZWNpcGVzIjogewogICAg ICAgICJ4ZW4iOiB7CiAgICAgICAgICAiU3RhYmxlUmVmIjogIjcyMWYyYzMy M2NhNTVjNzc4NTdjOTNlNzI3NWI0YTkzYTBlMTVlMWYiLAogICAgICAgICAg IlByZXJlcXMiOiBbXSwKICAgICAgICAgICJQYXRjaGVzIjogWwogICAgICAg ICAgICAieHNhMzE0LTQuMTMucGF0Y2giCiAgICAgICAgICBdCiAgICAgICAg fQogICAgICB9CiAgICB9LAogICAgIjQuOSI6IHsKICAgICAgIlJlY2lwZXMi OiB7CiAgICAgICAgInhlbiI6IHsKICAgICAgICAgICJTdGFibGVSZWYiOiAi Y2YyZTljYzBiYTA0MzJmMDVjZGNhMzZkY2Q0NmJlNWZkZmQ3Y2EwYyIsCiAg ICAgICAgICAiUHJlcmVxcyI6IFtdLAogICAgICAgICAgIlBhdGNoZXMiOiBb CiAgICAgICAgICAgICJ4c2EzMTQtNC4xMy5wYXRjaCIKICAgICAgICAgIF0K ICAgICAgICB9CiAgICAgIH0KICAgIH0sCiAgICAibWFzdGVyIjogewogICAg ICAiUmVjaXBlcyI6IHsKICAgICAgICAieGVuIjogewogICAgICAgICAgIlN0 YWJsZVJlZiI6ICIwZDk5YzkwOWQ3ZTFjYmU2OTMyOWEwMGY3NzcyOTQ2ZjEw YTc4NjViIiwKICAgICAgICAgICJQcmVyZXFzIjogW10sCiAgICAgICAgICAi UGF0Y2hlcyI6IFsKICAgICAgICAgICAgInhzYTMxNC5wYXRjaCIKICAgICAg ICAgIF0KICAgICAgICB9CiAgICAgIH0KICAgIH0KICB9Cn0= --=separator Content-Type: application/octet-stream; name="xsa314.patch" Content-Disposition: attachment; filename="xsa314.patch" Content-Transfer-Encoding: base64 RnJvbSAyNDI5NTVhYzU2ZjE3NTMyMmFmMDQwZGYyOWFiOGNmYjU0YTNiNGY3 IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBKdWxpZW4gR3JhbGwg PGpncmFsbEBhbWF6b24uY29tPgpEYXRlOiBUaHUsIDIwIEZlYiAyMDIwIDIw OjU0OjQwICswMDAwClN1YmplY3Q6IFtQQVRDSF0geGVuL3J3bG9jazogQWRk IG1pc3NpbmcgbWVtb3J5IGJhcnJpZXIgaW4gdGhlIHVubG9jayBwYXRoIG9m CiByd2xvY2sKClRoZSByd2xvY2sgdW5sb2NrIHBhdGhzIGFyZSB1c2luZyBh dG9taWNfc3ViKCkgdG8gcmVsZWFzZSB0aGUgbG9jay4KSG93ZXZlciB0aGUg aW1wbGVtZW50YXRpb24gb2YgYXRvbWljX3N1YigpIHJpZ2h0ZnVsbHkgZG9l c24ndCBjb250YWluIGEKbWVtb3J5IGJhcnJpZXIuIE9uIEFybSwgdGhpcyBt ZWFucyBhIHByb2Nlc3NvciBpcyBhbGxvd2VkIHRvIHJlLW9yZGVyCnRoZSBt ZW1vcnkgYWNjZXNzIHdpdGggdGhlIHByZWNlZWRpbmcgYWNjZXNzLgoKSW4g b3RoZXIgd29yZHMsIHRoZSB1bmxvY2sgbWF5IGJlIHNlZW4gYnkgYW5vdGhl ciBwcm9jZXNzb3IgYmVmb3JlIGFsbAp0aGUgbWVtb3J5IGFjY2Vzc2VzIHdp dGhpbiB0aGUgImNyaXRpY2FsIiBzZWN0aW9uLgoKVGhlIHJ3bG9jayBwYXRo cyBhbHJlYWR5IGNvbnRhaW5zIGJhcnJpZXIgaW5kaXJlY3RseSwgYnV0IHRo ZXkgYXJlIG5vdAp2ZXJ5IHVzZWZ1bCB3aXRob3V0IHRoZSBjb3VudGVycGFy dCBpbiB0aGUgdW5sb2NrIHBhdGhzLgoKVGhlIG1lbW9yeSBiYXJyaWVycyBh cmUgbm90IG5lY2Vzc2FyeSBvbiB4ODYgYmVjYXVzZSBsb2Fkcy9zdG9yZXMg YXJlCm5vdCByZS1vcmRlcmVkIHdpdGggbG9jayBpbnN0cnVjdGlvbnMuCgpT byBhZGQgYXJjaF9sb2NrX3JlbGVhc2VfYmFycmllcigpIGluIHRoZSB1bmxv Y2sgcGF0aHMgdGhhdCB3aWxsIG9ubHkKYWRkIG1lbW9yeSBiYXJyaWVyIG9u IEFybS4KClRha2UgdGhlIG9wcG9ydHVuaXR5IHRvIGRvY3VtZW50IGVhY2gg bG9jayBwYXRocyBleHBsYWluaW5nIHdoeSBhCmJhcnJpZXIgaXMgbm90IG5l Y2Vzc2FyeS4KClRoaXMgaXMgWFNBLTMxNC4KClNpZ25lZC1vZmYtYnk6IEp1 bGllbiBHcmFsbCA8amdyYWxsQGFtYXpvbi5jb20+Ci0tLQogeGVuL2luY2x1 ZGUveGVuL3J3bG9jay5oIHwgMjkgKysrKysrKysrKysrKysrKysrKysrKysr KysrKy0KIDEgZmlsZSBjaGFuZ2VkLCAyOCBpbnNlcnRpb25zKCspLCAxIGRl bGV0aW9uKC0pCgpkaWZmIC0tZ2l0IGEveGVuL2luY2x1ZGUveGVuL3J3bG9j ay5oIGIveGVuL2luY2x1ZGUveGVuL3J3bG9jay5oCmluZGV4IDRkMWI0OGM3 MjIuLjQ5ZWE5YzAxMGEgMTAwNjQ0Ci0tLSBhL3hlbi9pbmNsdWRlL3hlbi9y d2xvY2suaAorKysgYi94ZW4vaW5jbHVkZS94ZW4vcndsb2NrLmgKQEAgLTYw LDYgKzYwLDEwIEBAIHN0YXRpYyBpbmxpbmUgaW50IF9yZWFkX3RyeWxvY2so cndsb2NrX3QgKmxvY2spCiAgICAgaWYgKCBsaWtlbHkoX2Nhbl9yZWFkX2xv Y2soY250cykpICkKICAgICB7CiAgICAgICAgIGNudHMgPSAodTMyKWF0b21p Y19hZGRfcmV0dXJuKF9RUl9CSUFTLCAmbG9jay0+Y250cyk7CisgICAgICAg IC8qCisgICAgICAgICAqIGF0b21pY19hZGRfcmV0dXJuKCkgaXMgYSBmdWxs IGJhcnJpZXIgc28gbm8gbmVlZCBmb3IgYW4KKyAgICAgICAgICogYXJjaF9s b2NrX2FjcXVpcmVfYmFycmllcigpLgorICAgICAgICAgKi8KICAgICAgICAg aWYgKCBsaWtlbHkoX2Nhbl9yZWFkX2xvY2soY250cykpICkKICAgICAgICAg ICAgIHJldHVybiAxOwogICAgICAgICBhdG9taWNfc3ViKF9RUl9CSUFTLCAm bG9jay0+Y250cyk7CkBAIC03OCwxMSArODIsMTkgQEAgc3RhdGljIGlubGlu ZSB2b2lkIF9yZWFkX2xvY2socndsb2NrX3QgKmxvY2spCiAKICAgICBwcmVl bXB0X2Rpc2FibGUoKTsKICAgICBjbnRzID0gYXRvbWljX2FkZF9yZXR1cm4o X1FSX0JJQVMsICZsb2NrLT5jbnRzKTsKKyAgICAvKgorICAgICAqIGF0b21p Y19hZGRfcmV0dXJuKCkgaXMgYSBmdWxsIGJhcnJpZXIgc28gbm8gbmVlZCBm b3IgYW4KKyAgICAgKiBhcmNoX2xvY2tfYWNxdWlyZV9iYXJyaWVyKCkuCisg ICAgICovCiAgICAgaWYgKCBsaWtlbHkoX2Nhbl9yZWFkX2xvY2soY250cykp ICkKICAgICAgICAgcmV0dXJuOwogCiAgICAgLyogVGhlIHNsb3dwYXRoIHdp bGwgZGVjcmVtZW50IHRoZSByZWFkZXIgY291bnQsIGlmIG5lY2Vzc2FyeS4g Ki8KICAgICBxdWV1ZV9yZWFkX2xvY2tfc2xvd3BhdGgobG9jayk7CisgICAg LyoKKyAgICAgKiBxdWV1ZV9yZWFkX2xvY2tfc2xvd3BhdGgoKSBpcyB1c2lu ZyBzcGlubG9jayBhbmQgdGhlcmVmb3JlIGlzIGEKKyAgICAgKiBmdWxsIGJh cnJpZXIuIFNvIG5vIG5lZWQgZm9yIGFuIGFyY2hfbG9ja19hY3F1aXJlX2Jh cnJpZXIoKS4KKyAgICAgKi8KIH0KIAogc3RhdGljIGlubGluZSB2b2lkIF9y ZWFkX2xvY2tfaXJxKHJ3bG9ja190ICpsb2NrKQpAQCAtMTA2LDYgKzExOCw3 IEBAIHN0YXRpYyBpbmxpbmUgdW5zaWduZWQgbG9uZyBfcmVhZF9sb2NrX2ly cXNhdmUocndsb2NrX3QgKmxvY2spCiAgKi8KIHN0YXRpYyBpbmxpbmUgdm9p ZCBfcmVhZF91bmxvY2socndsb2NrX3QgKmxvY2spCiB7CisgICAgYXJjaF9s b2NrX3JlbGVhc2VfYmFycmllcigpOwogICAgIC8qCiAgICAgICogQXRvbWlj YWxseSBkZWNyZW1lbnQgdGhlIHJlYWRlciBjb3VudAogICAgICAqLwpAQCAt MTQxLDEyICsxNTQsMjEgQEAgc3RhdGljIGlubGluZSB1bnNpZ25lZCBpbnQg X3dyaXRlX2xvY2tfdmFsKHZvaWQpCiAgKi8KIHN0YXRpYyBpbmxpbmUgdm9p ZCBfd3JpdGVfbG9jayhyd2xvY2tfdCAqbG9jaykKIHsKLSAgICAvKiBPcHRp bWl6ZSBmb3IgdGhlIHVuZmFpciBsb2NrIGNhc2Ugd2hlcmUgdGhlIGZhaXIg ZmxhZyBpcyAwLiAqLwogICAgIHByZWVtcHRfZGlzYWJsZSgpOworICAgIC8q CisgICAgICogT3B0aW1pemUgZm9yIHRoZSB1bmZhaXIgbG9jayBjYXNlIHdo ZXJlIHRoZSBmYWlyIGZsYWcgaXMgMC4KKyAgICAgKgorICAgICAqIGF0b21p Y19jbXB4Y2hnKCkgaXMgYSBmdWxsIGJhcnJpZXIgc28gbm8gbmVlZCBmb3Ig YW4KKyAgICAgKiBhcmNoX2xvY2tfYWNxdWlyZV9iYXJyaWVyKCkuCisgICAg ICovCiAgICAgaWYgKCBhdG9taWNfY21weGNoZygmbG9jay0+Y250cywgMCwg X3dyaXRlX2xvY2tfdmFsKCkpID09IDAgKQogICAgICAgICByZXR1cm47CiAK ICAgICBxdWV1ZV93cml0ZV9sb2NrX3Nsb3dwYXRoKGxvY2spOworICAgIC8q CisgICAgICogcXVldWVfd3JpdGVfbG9ja19zbG93cGF0aCgpIGlzIHVzaW5n IHNwaW5sb2NrIGFuZCB0aGVyZWZvcmUgaXMgYQorICAgICAqIGZ1bGwgYmFy cmllci4gU28gbm8gbmVlZCBmb3IgYW4gYXJjaF9sb2NrX2FjcXVpcmVfYmFy cmllcigpLgorICAgICAqLwogfQogCiBzdGF0aWMgaW5saW5lIHZvaWQgX3dy aXRlX2xvY2tfaXJxKHJ3bG9ja190ICpsb2NrKQpAQCAtMTgzLDEyICsyMDUs MTcgQEAgc3RhdGljIGlubGluZSBpbnQgX3dyaXRlX3RyeWxvY2socndsb2Nr X3QgKmxvY2spCiAgICAgICAgIHJldHVybiAwOwogICAgIH0KIAorICAgIC8q CisgICAgICogYXRvbWljX2NtcHhjaGcoKSBpcyBhIGZ1bGwgYmFycmllciBz byBubyBuZWVkIGZvciBhbgorICAgICAqIGFyY2hfbG9ja19hY3F1aXJlX2Jh cnJpZXIoKS4KKyAgICAgKi8KICAgICByZXR1cm4gMTsKIH0KIAogc3RhdGlj IGlubGluZSB2b2lkIF93cml0ZV91bmxvY2socndsb2NrX3QgKmxvY2spCiB7 CiAgICAgQVNTRVJUKF9pc193cml0ZV9sb2NrZWRfYnlfbWUoYXRvbWljX3Jl YWQoJmxvY2stPmNudHMpKSk7CisgICAgYXJjaF9sb2NrX3JlbGVhc2VfYmFy cmllcigpOwogICAgIGF0b21pY19hbmQofihfUVdfQ1BVTUFTSyB8IF9RV19X TUFTSyksICZsb2NrLT5jbnRzKTsKICAgICBwcmVlbXB0X2VuYWJsZSgpOwog fQotLSAKMi4xNy4xCgo= --=separator Content-Type: application/octet-stream; name="xsa314-4.13.patch" Content-Disposition: attachment; filename="xsa314-4.13.patch" Content-Transfer-Encoding: base64 RnJvbSBhYjQ5ZjAwNWY3ZDAxZDQwMDRkNzZmMmUyOTVkMzFhY2E3ZDRmOTNh IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBKdWxpZW4gR3JhbGwg PGpncmFsbEBhbWF6b24uY29tPgpEYXRlOiBUaHUsIDIwIEZlYiAyMDIwIDIw OjU0OjQwICswMDAwClN1YmplY3Q6IFtQQVRDSF0geGVuL3J3bG9jazogQWRk IG1pc3NpbmcgbWVtb3J5IGJhcnJpZXIgaW4gdGhlIHVubG9jayBwYXRoIG9m CiByd2xvY2sKClRoZSByd2xvY2sgdW5sb2NrIHBhdGhzIGFyZSB1c2luZyBh dG9taWNfc3ViKCkgdG8gcmVsZWFzZSB0aGUgbG9jay4KSG93ZXZlciB0aGUg aW1wbGVtZW50YXRpb24gb2YgYXRvbWljX3N1YigpIHJpZ2h0ZnVsbHkgZG9l c24ndCBjb250YWluIGEKbWVtb3J5IGJhcnJpZXIuIE9uIEFybSwgdGhpcyBt ZWFucyBhIHByb2Nlc3NvciBpcyBhbGxvd2VkIHRvIHJlLW9yZGVyCnRoZSBt ZW1vcnkgYWNjZXNzIHdpdGggdGhlIHByZWNlZWRpbmcgYWNjZXNzLgoKSW4g b3RoZXIgd29yZHMsIHRoZSB1bmxvY2sgbWF5IGJlIHNlZW4gYnkgYW5vdGhl ciBwcm9jZXNzb3IgYmVmb3JlIGFsbAp0aGUgbWVtb3J5IGFjY2Vzc2VzIHdp dGhpbiB0aGUgImNyaXRpY2FsIiBzZWN0aW9uLgoKVGhlIHJ3bG9jayBwYXRo cyBhbHJlYWR5IGNvbnRhaW5zIGJhcnJpZXIgaW5kaXJlY3RseSwgYnV0IHRo ZXkgYXJlIG5vdAp2ZXJ5IHVzZWZ1bCB3aXRob3V0IHRoZSBjb3VudGVycGFy dCBpbiB0aGUgdW5sb2NrIHBhdGhzLgoKVGhlIG1lbW9yeSBiYXJyaWVycyBh cmUgbm90IG5lY2Vzc2FyeSBvbiB4ODYgYmVjYXVzZSBsb2Fkcy9zdG9yZXMg YXJlCm5vdCByZS1vcmRlcmVkIHdpdGggbG9jayBpbnN0cnVjdGlvbnMuCgpT byBhZGQgYXJjaF9sb2NrX3JlbGVhc2VfYmFycmllcigpIGluIHRoZSB1bmxv Y2sgcGF0aHMgdGhhdCB3aWxsIG9ubHkKYWRkIG1lbW9yeSBiYXJyaWVyIG9u IEFybS4KClRha2UgdGhlIG9wcG9ydHVuaXR5IHRvIGRvY3VtZW50IGVhY2gg bG9jayBwYXRocyBleHBsYWluaW5nIHdoeSBhCmJhcnJpZXIgaXMgbm90IG5l Y2Vzc2FyeS4KClRoaXMgaXMgWFNBLTMxNC4KClNpZ25lZC1vZmYtYnk6IEp1 bGllbiBHcmFsbCA8amdyYWxsQGFtYXpvbi5jb20+ClJldmlld2VkLWJ5OiBK YW4gQmV1bGljaCA8amJldWxpY2hAc3VzZS5jb20+ClJldmlld2VkLWJ5OiBT dGVmYW5vIFN0YWJlbGxpbmkgPHNzdGFiZWxsaW5pQGtlcm5lbC5vcmc+Cgot LS0KIHhlbi9pbmNsdWRlL3hlbi9yd2xvY2suaCB8IDI5ICsrKysrKysrKysr KysrKysrKysrKysrKysrKystCiAxIGZpbGUgY2hhbmdlZCwgMjggaW5zZXJ0 aW9ucygrKSwgMSBkZWxldGlvbigtKQoKZGlmZiAtLWdpdCBhL3hlbi9pbmNs dWRlL3hlbi9yd2xvY2suaCBiL3hlbi9pbmNsdWRlL3hlbi9yd2xvY2suaApp bmRleCAzZGZlYTFhYzJhLi41MTY0ODYzMDZmIDEwMDY0NAotLS0gYS94ZW4v aW5jbHVkZS94ZW4vcndsb2NrLmgKKysrIGIveGVuL2luY2x1ZGUveGVuL3J3 bG9jay5oCkBAIC00OCw2ICs0OCwxMCBAQCBzdGF0aWMgaW5saW5lIGludCBf cmVhZF90cnlsb2NrKHJ3bG9ja190ICpsb2NrKQogICAgIGlmICggbGlrZWx5 KCEoY250cyAmIF9RV19XTUFTSykpICkKICAgICB7CiAgICAgICAgIGNudHMg PSAodTMyKWF0b21pY19hZGRfcmV0dXJuKF9RUl9CSUFTLCAmbG9jay0+Y250 cyk7CisgICAgICAgIC8qCisgICAgICAgICAqIGF0b21pY19hZGRfcmV0dXJu KCkgaXMgYSBmdWxsIGJhcnJpZXIgc28gbm8gbmVlZCBmb3IgYW4KKyAgICAg ICAgICogYXJjaF9sb2NrX2FjcXVpcmVfYmFycmllcigpLgorICAgICAgICAg Ki8KICAgICAgICAgaWYgKCBsaWtlbHkoIShjbnRzICYgX1FXX1dNQVNLKSkg KQogICAgICAgICAgICAgcmV0dXJuIDE7CiAgICAgICAgIGF0b21pY19zdWIo X1FSX0JJQVMsICZsb2NrLT5jbnRzKTsKQEAgLTY0LDExICs2OCwxOSBAQCBz dGF0aWMgaW5saW5lIHZvaWQgX3JlYWRfbG9jayhyd2xvY2tfdCAqbG9jaykK ICAgICB1MzIgY250czsKIAogICAgIGNudHMgPSBhdG9taWNfYWRkX3JldHVy bihfUVJfQklBUywgJmxvY2stPmNudHMpOworICAgIC8qCisgICAgICogYXRv bWljX2FkZF9yZXR1cm4oKSBpcyBhIGZ1bGwgYmFycmllciBzbyBubyBuZWVk IGZvciBhbgorICAgICAqIGFyY2hfbG9ja19hY3F1aXJlX2JhcnJpZXIoKS4K KyAgICAgKi8KICAgICBpZiAoIGxpa2VseSghKGNudHMgJiBfUVdfV01BU0sp KSApCiAgICAgICAgIHJldHVybjsKIAogICAgIC8qIFRoZSBzbG93cGF0aCB3 aWxsIGRlY3JlbWVudCB0aGUgcmVhZGVyIGNvdW50LCBpZiBuZWNlc3Nhcnku ICovCiAgICAgcXVldWVfcmVhZF9sb2NrX3Nsb3dwYXRoKGxvY2spOworICAg IC8qCisgICAgICogcXVldWVfcmVhZF9sb2NrX3Nsb3dwYXRoKCkgaXMgdXNp bmcgc3BpbmxvY2sgYW5kIHRoZXJlZm9yZSBpcyBhCisgICAgICogZnVsbCBi YXJyaWVyLiBTbyBubyBuZWVkIGZvciBhbiBhcmNoX2xvY2tfYWNxdWlyZV9i YXJyaWVyKCkuCisgICAgICovCiB9CiAKIHN0YXRpYyBpbmxpbmUgdm9pZCBf cmVhZF9sb2NrX2lycShyd2xvY2tfdCAqbG9jaykKQEAgLTkyLDYgKzEwNCw3 IEBAIHN0YXRpYyBpbmxpbmUgdW5zaWduZWQgbG9uZyBfcmVhZF9sb2NrX2ly cXNhdmUocndsb2NrX3QgKmxvY2spCiAgKi8KIHN0YXRpYyBpbmxpbmUgdm9p ZCBfcmVhZF91bmxvY2socndsb2NrX3QgKmxvY2spCiB7CisgICAgYXJjaF9s b2NrX3JlbGVhc2VfYmFycmllcigpOwogICAgIC8qCiAgICAgICogQXRvbWlj YWxseSBkZWNyZW1lbnQgdGhlIHJlYWRlciBjb3VudAogICAgICAqLwpAQCAt MTIxLDExICsxMzQsMjAgQEAgc3RhdGljIGlubGluZSBpbnQgX3J3X2lzX2xv Y2tlZChyd2xvY2tfdCAqbG9jaykKICAqLwogc3RhdGljIGlubGluZSB2b2lk IF93cml0ZV9sb2NrKHJ3bG9ja190ICpsb2NrKQogewotICAgIC8qIE9wdGlt aXplIGZvciB0aGUgdW5mYWlyIGxvY2sgY2FzZSB3aGVyZSB0aGUgZmFpciBm bGFnIGlzIDAuICovCisgICAgLyoKKyAgICAgKiBPcHRpbWl6ZSBmb3IgdGhl IHVuZmFpciBsb2NrIGNhc2Ugd2hlcmUgdGhlIGZhaXIgZmxhZyBpcyAwLgor ICAgICAqCisgICAgICogYXRvbWljX2NtcHhjaGcoKSBpcyBhIGZ1bGwgYmFy cmllciBzbyBubyBuZWVkIGZvciBhbgorICAgICAqIGFyY2hfbG9ja19hY3F1 aXJlX2JhcnJpZXIoKS4KKyAgICAgKi8KICAgICBpZiAoIGF0b21pY19jbXB4 Y2hnKCZsb2NrLT5jbnRzLCAwLCBfUVdfTE9DS0VEKSA9PSAwICkKICAgICAg ICAgcmV0dXJuOwogCiAgICAgcXVldWVfd3JpdGVfbG9ja19zbG93cGF0aChs b2NrKTsKKyAgICAvKgorICAgICAqIHF1ZXVlX3dyaXRlX2xvY2tfc2xvd3Bh dGgoKSBpcyB1c2luZyBzcGlubG9jayBhbmQgdGhlcmVmb3JlIGlzIGEKKyAg ICAgKiBmdWxsIGJhcnJpZXIuIFNvIG5vIG5lZWQgZm9yIGFuIGFyY2hfbG9j a19hY3F1aXJlX2JhcnJpZXIoKS4KKyAgICAgKi8KIH0KIAogc3RhdGljIGlu bGluZSB2b2lkIF93cml0ZV9sb2NrX2lycShyd2xvY2tfdCAqbG9jaykKQEAg LTE1NywxMSArMTc5LDE2IEBAIHN0YXRpYyBpbmxpbmUgaW50IF93cml0ZV90 cnlsb2NrKHJ3bG9ja190ICpsb2NrKQogICAgIGlmICggdW5saWtlbHkoY250 cykgKQogICAgICAgICByZXR1cm4gMDsKIAorICAgIC8qCisgICAgICogYXRv bWljX2NtcHhjaGcoKSBpcyBhIGZ1bGwgYmFycmllciBzbyBubyBuZWVkIGZv ciBhbgorICAgICAqIGFyY2hfbG9ja19hY3F1aXJlX2JhcnJpZXIoKS4KKyAg ICAgKi8KICAgICByZXR1cm4gbGlrZWx5KGF0b21pY19jbXB4Y2hnKCZsb2Nr LT5jbnRzLCAwLCBfUVdfTE9DS0VEKSA9PSAwKTsKIH0KIAogc3RhdGljIGlu bGluZSB2b2lkIF93cml0ZV91bmxvY2socndsb2NrX3QgKmxvY2spCiB7Cisg ICAgYXJjaF9sb2NrX3JlbGVhc2VfYmFycmllcigpOwogICAgIC8qCiAgICAg ICogSWYgdGhlIHdyaXRlciBmaWVsZCBpcyBhdG9taWMsIGl0IGNhbiBiZSBj bGVhcmVkIGRpcmVjdGx5LgogICAgICAqIE90aGVyd2lzZSwgYW4gYXRvbWlj IHN1YnRyYWN0aW9uIHdpbGwgYmUgdXNlZCB0byBjbGVhciBpdC4KLS0gCjIu MTcuMQoK --=separator-- From xen-announce-bounces@lists.xenproject.org Tue Apr 14 12:01:38 2020 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 14 Apr 2020 12:01:38 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1jOKFb-0007fN-3X; Tue, 14 Apr 2020 12:01:11 +0000 Received: from all-amaz-eas1.inumbo.com ([34.197.232.57] helo=us1-amaz-eas2.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1jOKFZ-0007ed-2f for xen-announce@lists.xen.org; Tue, 14 Apr 2020 12:01:09 +0000 X-Inumbo-ID: 97cf226a-7e47-11ea-8927-12813bfff9fa Received: from mail.xenproject.org (unknown [104.130.215.37]) by us1-amaz-eas2.inumbo.com (Halon) with ESMTPS id 97cf226a-7e47-11ea-8927-12813bfff9fa; Tue, 14 Apr 2020 12:00:54 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:CC:From:To:MIME-Version: Content-Transfer-Encoding:Content-Type:Sender:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=LgG6yNBk6P6fulZ3TDuK42nX5L8NWGH0VJ9PKzbpb4w=; b=f+XLhCs5NJwWOX0af8pWUNosyf IHue8q37Qy5Eq8W3ml8vbj0A98N3NKuKJOh6LguhENaX2OLTDrrikXsf4FhqEVxpcB7u1Z2KBT/b4 8mLo/5REBYj1nr99JPsUyijycpZ5c4/mUt1+m0X8CcvUT3hRh6OeImV9XI3XsDWE06o4=; Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1jOKFE-0000Yj-9E; Tue, 14 Apr 2020 12:00:48 +0000 Received: from iwj by xenbits.xenproject.org with local (Exim 4.89) (envelope-from ) id 1jOKFE-00074e-81; Tue, 14 Apr 2020 12:00:48 +0000 Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.508 (Entity 5.508) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team Subject: Xen Security Advisory 316 v3 (CVE-2020-11743) - Bad error path in GNTTABOP_map_grant Message-Id: Date: Tue, 14 Apr 2020 12:00:48 +0000 X-BeenThere: xen-announce@lists.xenproject.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Cc: "Xen.org security team" Errors-To: xen-announce-bounces@lists.xenproject.org Sender: "Xen-announce" --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Xen Security Advisory CVE-2020-11743 / XSA-316 version 3 Bad error path in GNTTABOP_map_grant UPDATES IN VERSION 3 ==================== Public release. ISSUE DESCRIPTION ================= Grant table operations are expected to return 0 for success, and a negative number for errors. Some misplaced brackets cause one error path to return 1 instead of a negative value. The grant table code in Linux treats this condition as success, and proceeds with incorrectly initialised state. IMPACT ====== A buggy or malicious guest can construct its grant table in such a way that, when a backend domain tries to map a grant, it hits the incorrect error path. This will crash a Linux based dom0 or backend domain. VULNERABLE SYSTEMS ================== Systems running any version of Xen with the XSA-295 fixes are vulnerable. Systems which have not yet taken the XSA-295 fixes are not vulnerable. Systems running a Linux based dom0 or driver domain are vulnerable. Systems running a FreeBSD or NetBSD based dom0 or driver domain are not impacted, as they both treat any nonzero value as a failure. The vulnerability of other systems will depend on how they behave when getting an unexpected positive number from the GNTTABOP_map_grant hypercall. MITIGATION ========== Applying the Linux patches alone is sufficient to mitigate the issue. This might be a preferred route for downstreams who support livepatching Linux but not Xen. CREDITS ======= This issue was discovered by Ross Lagerwall of Citrix. RESOLUTION ========== Applying the appropriate Xen patch will resolve this issue. Additionally, a Linux patch is provided to make Linux's behaviour more robust to unexpected values. We recommend taking both patches if at all possible. Note that patches for released versions are generally prepared to apply to the stable branches, and may not apply cleanly to the most recent release tarball. Downstreams are encouraged to update to the tip of the stable branch before applying these patches. xsa316/xsa316-xen.patch Xen 4.9 - xen-unstable xsa316/xsa316-linux.patch Linux $ sha256sum xsa316*/* 7dcd02e8cc0434046747d572bc6c77cd3a2e4041eefd2fa703f4130e998b58dd xsa316/xsa316-linux.patch 4007578e30730861750d8808c0b63f2e03bbb05df909d71de19201084816a8b9 xsa316/xsa316-xen.patch $ DEPLOYMENT DURING EMBARGO ========================= Deployment of the patches and/or mitigations described above (or others which are substantially similar) is permitted during the embargo, even on public-facing systems with untrusted guest users and administrators. But: Distribution of updated software is prohibited (except to other members of the predisclosure list). Predisclosure list members who wish to deploy significantly different patches and/or mitigations, please contact the Xen Project Security Team. (Note: this during-embargo deployment notice is retained in post-embargo publicly released Xen Project advisories, even though it is then no longer applicable. This is to enable the community to have oversight of the Xen Project Security Team's decisionmaking.) For more information about permissible uses of embargoed information, consult the Xen Project community's agreed Security Policy: http://www.xenproject.org/security-policy.html -----BEGIN PGP SIGNATURE----- iQFABAEBCAAqFiEEI+MiLBRfRHX6gGCng/4UyVfoK9kFAl6Vpd0MHHBncEB4ZW4u b3JnAAoJEIP+FMlX6CvZjOgH/1xKsvqDnR04knl9OWvgL690gqxZpwliRRDwwkWh 1kOHJq2jsvm5bq38fYY9WpvmtvHW/RoM53Kacyz1Rl0y9VvK6hDU7P5np4WkMueX iEJOcIbQau1Pg8/zD8hYkqNNGTCjb79ZhggTih1HxpeZJTa7TJv9bNsZpCQkw+P/ EBXpfsqoPqAMN1qt5PclCT5zlasyBUVjW6+lF3tF6q77knQoWNpKbIOSqL2/V2/p vUMP/qyUikWW8JLH8N48jpRmFzjxwoDI4/3E1sbSv2VxlX1FksbZxan1cwcjoSG6 004GYSxqOjP4oPEAOrC6sXxc6DKoLLa8SVzYNhkg3XoScY0= =qCJA -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa316/xsa316-linux.patch" Content-Disposition: attachment; filename="xsa316/xsa316-linux.patch" Content-Transfer-Encoding: base64 RnJvbTogSnVlcmdlbiBHcm9zcyA8amdyb3NzQHN1c2UuY29tPgpTdWJqZWN0 OiB4ZW4veGVuYnVzOiBlbnN1cmUgeGVuYnVzX21hcF9yaW5nX3ZhbGxvYygp IHJldHVybnMgcHJvcGVyIGdyYW50IHN0YXR1cwoKeGVuYnVzX21hcF9yaW5n X3ZhbGxvYygpIG1hcHMgYSByaW5nIHBhZ2UgYW5kIHJldHVybnMgdGhlIHN0 YXR1cyBvZiB0aGUKdXNlZCBncmFudCAoMCBtZWFuaW5nIHN1Y2Nlc3MpLgoK VGhlcmUgYXJlIFhlbiBoeXBlcnZpc29ycyB3aGljaCBtaWdodCByZXR1cm4g dGhlIHZhbHVlIDEgZm9yIHRoZSBzdGF0dXMKb2YgYSBmYWlsZWQgZ3JhbnQg bWFwcGluZyBkdWUgdG8gYSBidWcuIFNvbWUgY2FsbGVycyBvZgp4ZW5idXNf bWFwX3JpbmdfdmFsbG9jKCkgdGVzdCBmb3IgZXJyb3JzIGJ5IHRlc3Rpbmcg dGhlIHJldHVybmVkIHN0YXR1cwp0byBiZSBsZXNzIHRoYW4gemVybywgcmVz dWx0aW5nIGluIG5vIGVycm9yIGRldGVjdGVkIGFuZCBjcmFzaGluZyBsYXRl cgpkdWUgdG8gYSBub3QgYXZhaWxhYmxlIHJpbmcgcGFnZS4KClNldCB0aGUg cmV0dXJuIHZhbHVlIG9mIHhlbmJ1c19tYXBfcmluZ192YWxsb2MoKSB0byBH TlRTVF9nZW5lcmFsX2Vycm9yCmluIGNhc2UgdGhlIGdyYW50IHN0YXR1cyBy ZXBvcnRlZCBieSBYZW4gaXMgZ3JlYXRlciB0aGFuIHplcm8uCgpUaGlzIGlz IHBhcnQgb2YgWFNBLTMxNi4KClNpZ25lZC1vZmYtYnk6IEp1ZXJnZW4gR3Jv c3MgPGpncm9zc0BzdXNlLmNvbT4KUmV2aWV3ZWQtYnk6IFdlaSBMaXUgPHds QHhlbi5vcmc+CgpkaWZmIC0tZ2l0IGEvZHJpdmVycy94ZW4veGVuYnVzL3hl bmJ1c19jbGllbnQuYyBiL2RyaXZlcnMveGVuL3hlbmJ1cy94ZW5idXNfY2xp ZW50LmMKaW5kZXggZTE3Y2E4MTU2MTcxLi5hMzgyOTJlZjc5ZjYgMTAwNjQ0 Ci0tLSBhL2RyaXZlcnMveGVuL3hlbmJ1cy94ZW5idXNfY2xpZW50LmMKKysr IGIvZHJpdmVycy94ZW4veGVuYnVzL3hlbmJ1c19jbGllbnQuYwpAQCAtNDQ4 LDcgKzQ0OCwxNCBAQCBFWFBPUlRfU1lNQk9MX0dQTCh4ZW5idXNfZnJlZV9l dnRjaG4pOwogaW50IHhlbmJ1c19tYXBfcmluZ192YWxsb2Moc3RydWN0IHhl bmJ1c19kZXZpY2UgKmRldiwgZ3JhbnRfcmVmX3QgKmdudF9yZWZzLAogCQkJ ICAgdW5zaWduZWQgaW50IG5yX2dyZWZzLCB2b2lkICoqdmFkZHIpCiB7Ci0J cmV0dXJuIHJpbmdfb3BzLT5tYXAoZGV2LCBnbnRfcmVmcywgbnJfZ3JlZnMs IHZhZGRyKTsKKwlpbnQgZXJyOworCisJZXJyID0gcmluZ19vcHMtPm1hcChk ZXYsIGdudF9yZWZzLCBucl9ncmVmcywgdmFkZHIpOworCS8qIFNvbWUgaHlw ZXJ2aXNvcnMgYXJlIGJ1Z2d5IGFuZCBjYW4gcmV0dXJuIDEuICovCisJaWYg KGVyciA+IDApCisJCWVyciA9IEdOVFNUX2dlbmVyYWxfZXJyb3I7CisKKwly ZXR1cm4gZXJyOwogfQogRVhQT1JUX1NZTUJPTF9HUEwoeGVuYnVzX21hcF9y aW5nX3ZhbGxvYyk7CiAK --=separator Content-Type: application/octet-stream; name="xsa316/xsa316-xen.patch" Content-Disposition: attachment; filename="xsa316/xsa316-xen.patch" Content-Transfer-Encoding: base64 RnJvbTogUm9zcyBMYWdlcndhbGwgPHJvc3MubGFnZXJ3YWxsQGNpdHJpeC5j b20+ClN1YmplY3Q6IHhlbi9nbnR0YWI6IEZpeCBlcnJvciBwYXRoIGluIG1h cF9ncmFudF9yZWYoKQoKUGFydCBvZiBYU0EtMjk1IChjL3MgODYzZTc0ZWIy Y2ZmYikgaW5hZHZlcnRlbnRseSByZS1wb3NpdGlvbmVkIHRoZSBicmFja2V0 cywKY2hhbmdpbmcgdGhlIGxvZ2ljLiAgSWYgdGhlIF9zZXRfc3RhdHVzKCkg Y2FsbCBmYWlscywgdGhlIGdyYW50X21hcCBoeXBlcmNhbGwKd291bGQgZmFp bCB3aXRoIGEgc3RhdHVzIG9mIDEgKHJjICE9IEdOVFNUX29rYXkpIGluc3Rl YWQgb2YgdGhlIGV4cGVjdGVkCm5lZ2F0aXZlIEdOVFNUXyogZXJyb3IuCgpU aGlzIGVycm9yIHBhdGggY2FuIGJlIHRha2VuIGR1ZSB0byBiYWQgZ3Vlc3Qg c3RhdGUsIGFuZCBjYXVzZXMgbmV0L2Jsay1iYWNrCmluIExpbnV4IHRvIGNy YXNoLgoKVGhpcyBpcyBYU0EtMzE2LgoKU2lnbmVkLW9mZi1ieTogUm9zcyBM YWdlcndhbGwgPHJvc3MubGFnZXJ3YWxsQGNpdHJpeC5jb20+ClJldmlld2Vk LWJ5OiBBbmRyZXcgQ29vcGVyIDxhbmRyZXcuY29vcGVyM0BjaXRyaXguY29t PgpSZXZpZXdlZC1ieTogSnVsaWVuIEdyYWxsIDxqZ3JhbGxAYW1hem9uLmNv bT4KCmRpZmYgLS1naXQgYS94ZW4vY29tbW9uL2dyYW50X3RhYmxlLmMgYi94 ZW4vY29tbW9uL2dyYW50X3RhYmxlLmMKaW5kZXggOWZkNmU2MDQxNi4uNGI1 MzQ0ZGMyMSAxMDA2NDQKLS0tIGEveGVuL2NvbW1vbi9ncmFudF90YWJsZS5j CisrKyBiL3hlbi9jb21tb24vZ3JhbnRfdGFibGUuYwpAQCAtMTAzMSw3ICsx MDMxLDcgQEAgbWFwX2dyYW50X3JlZigKICAgICB7CiAgICAgICAgIGlmICgg KHJjID0gX3NldF9zdGF0dXMoc2hhaCwgc3RhdHVzLCByZCwgcmd0LT5ndF92 ZXJzaW9uLCBhY3QsCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg b3AtPmZsYWdzICYgR05UTUFQX3JlYWRvbmx5LCAxLAotICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgIGxkLT5kb21haW5faWQpICE9IEdOVFNUX29r YXkpICkKKyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBsZC0+ZG9t YWluX2lkKSkgIT0gR05UU1Rfb2theSApCiAgICAgICAgICAgICBnb3RvIGFj dF9yZWxlYXNlX291dDsKIAogICAgICAgICBpZiAoICFhY3QtPnBpbiApCg== --=separator-- From xen-announce-bounces@lists.xenproject.org Mon Apr 27 09:31:13 2020 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 27 Apr 2020 09:31:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1jT05R-0003hz-8u; Mon, 27 Apr 2020 09:30:01 +0000 Received: from us1-rack-iad1.inumbo.com ([172.99.69.81]) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1jLlKB-0004vQ-2t for Xen-announce@lists.xenproject.org; Tue, 07 Apr 2020 10:19:19 +0000 X-Inumbo-ID: 3d1e2278-78b9-11ea-83d8-bc764e2007e4 Received: from gauss.credativ.com (unknown [93.94.130.89]) by us1-rack-iad1.inumbo.com (Halon) with ESMTPS id 3d1e2278-78b9-11ea-83d8-bc764e2007e4; Tue, 07 Apr 2020 10:19:18 +0000 (UTC) Received: from gauss.credativ.com (localhost [127.0.0.1]) by gauss.credativ.com (Postfix) with ESMTP id 775AEA01C2; Tue, 7 Apr 2020 12:19:17 +0200 (CEST) Received: from [10.10.10.47] (fw-front.credativ.com [62.154.226.94]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: dbe@gauss.credativ.com) by gauss.credativ.com (Postfix) with ESMTPSA id 52289A0130 for ; Tue, 7 Apr 2020 12:19:17 +0200 (CEST) To: Xen-announce@lists.xenproject.org From: Dominic Brekau Subject: Important: There will be no subject prefix anymore on this mailing list Autocrypt: addr=dominic.brekau@credativ.de; keydata= mQINBFnSNDoBEADbPKaoy7njwOuzcAa9wQiCP5Cr7pkO5drB5Go9ST4qh9IJUThjyHJa5/7e +/ZCpi3+e9htMpCmOIZXzIJh0kGdywg4glWIKBnAivVL6B6N8wWGs0Bz5NPRO8IX3Nax70H7 TzEjaV/S9LLSjYN8xcxr03i6An8Fzs1ADmaLvJ25gSr3U7Do3YFzOWZ/ixLNQA/waHuc+oNq 9w9+TYkq7QJ43iJTklchKfBv1gkXZpKMhjkOarwF7yG9epjhvN3B8RnThBNIX4reFFd1kObI 5ypKmbVXJ4qw6W4fx6h98dfd1/iqqJF4rfRyxnWsy1R28cXZaMyFMr3jtkWsTuMejHE8lPT8 gLAtLnU15ajMjTQi4XOscm2o5vOScm6k9E2nveSv0q6OQpilbK0c7ClK/MuY/eh+moyndcmh HMoV8a34vQSvqurnZyrIawDup6c6DHywV2roEEm8aJr3sfEQ+fNnl5iyKewph1GR640fPyw4 pulJugffmQ4+yKXUEO6JFki/9uKcuT71Z0aS8i6NjBrMnqD28gjvYhXM87uJ9Vb8pXLWSTIZ UIAG7GWQ0xbm2+8dB8jjDDKR/t30DceD6SPHQ0RwbJMaEOWUG0LP7Dq+1MsG/MBR7viBq1Zf ASonrpMDFsRLpPZV8nRYLb8QC2C5UiM3iGO4/L+98QXZtmJ9ywARAQABtCtEb21pbmljIEJy ZWthdSA8ZG9taW5pYy5icmVrYXVAY3JlZGF0aXYuZGU+iQI9BBMBCAAnBQJZ0jQ6AhsjBQkJ ZgGABQsJCAcCBhUICQoLAgQWAgMBAh4BAheAAAoJEObqC6gXhpPoe0QQAKSju6pb356Fr3A5 yNOM1R4D8am7Pq42Sm67LHCsbPkwGauuNxeRVAy/PcAq5H5p3gyBQ7VW9cyjF3AIKwfcUUE5 c1/JoDOoVWeMH90RKnzhmGjSxEwsGYUEegj+FDGM46oYKOsEq8tXQJWbCppYjv/XJ1zcpj3Q EPKhsJzc3EeOrQhYQcT7s6GvEDS0tKuglse/xx4EyzQ0xxeGjLJ44sZcsQC+DRAvh61BLVg4 NejYsPum5fsSbjTHzcy4w/b+wYyyDHvExjsO8ZSXe/G+cd1E6yeau/Uw6h1bZ+6oPzkIUsJ0 +sCUi/62BoaRql+3iMyoT4/dmJqzRyWSg/z8VZFu/QptDOFnYZYAj122rCcRs5PNa9wFVqkC FGjmgtmB1BIvSZFnFn9hkRv9Il73HSQI02QiUkNzttifOyewloGbn60N/XL3PySbG75xQ/vZ WiJSIpnQPfq37f0rOgvld2plLFJAAJ8qaO4T0CaGZYpWKz8BJpJgkvONDCKKFSwLaJSNCqOm 05U0C+dQkHxT1sw6DfG1HlSKbUAUpYtx7YQj0oRWtTeQq7kTHHP6fZnmcdT88AGBHOQ4WoA3 NYMQlJVoDFMmXagYASWQ3Ww/l44wmx/oQnCYjBQkeccnAT2VFLYdFjEXR2c8r7mMnArUr0ik bnClfAZQK8ZwjZJQeKxPuQINBFnSNDoBEADHaELu0iupCAk56bhEoluGkcrtfrzJ1u557Bsm l7BuNc/OA0t52j3vT1LOUiX12rZYFYKphaqjGN1xLkLJs2UtgAj73Dj4eZAnybDJTqNMjZqe R6UhpNayqpT2EFSGMbXjomsexDynUTCc0STu2bAFyTzSTjJxO4J/sPB3zWLjVRrx4RYnA3bP 0noWZ5MiHk99cCAKfSKyQGAJjUU33cBlDb1VE8q8D5eZpK2TmlF3PvvpJ+KVGZTenlF3dfvz eXuUB4qgpBFKtQxsrg70bMa7BlNgW+oQVk/OEIx5G/x0daKlOySZ6vB6NZ0V8upOBmyZkDyl tOtK4kvLBXJeVEXi4LeQdnPAwaZ8qzKDMfd9gXUQ9UkpEZmgo8E6x7kiedO3/1q6r3tqo945 UpiisOQLsxM8H3kPsROBdk0hGx5pvIXsbuj/yGxTF+3GFsU4QPNRMaQ/vrzPL1YKmYqC5ttt tpG50gHWqYqbBctEl0v9qHV70xzKu8I1V1EnHiWmGY+dk0/KsHJEE39zBa4z5i7pKIqqGyQB Mo3x5gZBVRgq3Q2H6niLh6fhJOeUnpb+rEHyGvXPUYYqGaIMw3+y3YKqGKA3+fup8wEyA/Wo YUZMmOBUgrMqtzb1xcfM0k0WIoAOt8PXp288chWzz90biQYv/AmHsaY3OfNo7AdNQga+LQAR AQABiQIlBBgBCAAPBQJZ0jQ6AhsMBQkJZgGAAAoJEObqC6gXhpPom/oQAI5VqTLd4xpiI9S6 DZ6VhuMrLXek+hofoFPLUS8KsAxkS93ARo0yD9mQoGERnlmVDQDoKSMfU12HWJ6BH7unlU4p vP4dchPcekTSX36bJ3NH0boPS/AqBRzI8L5/IPHi01dlFiCkeVjV/VwuVD7ugTfppVBZQZ+q MYYz4KIZseOBjGLT8mYYVAttNIu9QcxSu1w0IwlSLvKxJ4e51P0Tg5Hm1i+Ef3jU1H64aubc NugV1L3kXQmUaLASqVcSfhjYgRyKDyBrdNLVEC+uQC08di7/qf1xGp5sp+Vl/1Y78SBR51/0 rKS/IdXBDINeBQDAPLNykCA2UtgNznIWVBwyjzFyyFtTwcZ38c4Avf8ZPhARc9ZfC9EvOsgj J5dQTLBvXuI+Au1HHlzmSvGpL4WMp+p9qY5JZmWMOvniQts7xKIuLmOfBrYQv7rfREm3xUMF bcWMipjw3TT8q1qhAec74wkn7WT95vPiegzvNbH5WxL+lx1dMFd2JFDmxeKfVkUAvJH1+mye CGri3jKeaw2bifAPg1tLxvnaySLyZJYfQUA1F0N5vSRtwoQhajfPR7UfVnHXLs4H3w7ENvfJ M8j0Q4uXn3j2w0z7GcHXOGhzrE+9Z09tBVWBvgi/fE9H0SUvTiWW65ryeAj1UwlS1XQ1plh+ rRI/hThnx5yXGLSMtMoL Message-ID: <4d7a0546-f397-08d8-b81f-ccad97f890ff@credativ.de> Date: Tue, 7 Apr 2020 12:19:16 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.6.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Content-Language: en-US X-Mailman-Approved-At: Mon, 27 Apr 2020 09:30:00 +0000 X-BeenThere: xen-announce@lists.xenproject.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-announce-bounces@lists.xenproject.org Sender: "Xen-announce" Hello everyone on xen-announce for not breaking DKIM anymore, from now on there will be no subject prefix and no email footer like in the past. If you would like to filter emails from this mailing list you can use something like checking if the header 'List-Id' contains "xen-announce.lists.xenproject.org". An example for sieve could be: > if header :contains "List-Id" "xen-announce.lists.xenproject.org" { >     fileinto "INBOX/xen-announce" ; > } Regards Dominic Brekau