[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Xen Security Advisory 240 (CVE-2017-15595) - Unlimited recursion in linear pagetable de-typing

On Tue, Dec 12, 2017 at 10:03 AM, Steven Haigh <netwiz@xxxxxxxxx> wrote:
> On Tuesday, 12 December 2017 5:16:06 AM AEDT Xen. org security team wrote:
>>             Xen Security Advisory CVE-2017-15595 / XSA-240
>>                                version 6
>>            Unlimited recursion in linear pagetable de-typing
>> ====================
>> Yet another new patch, addressing another issue similar to the one
>> addressed in v5.
> Is there any news / information on what to patch on this for releases that
> already have xsa240 included such as 4.9.1 and 4.7.4?

Yes, looking through the advisory after it was sent out, I think we
definitely should have provided instructions for downstreams for how
to actually use the patches.

As discussed previously, the entire series should look like:
1) Patch 0001 from the original advisory
2) Patches from XSA 243
3) The "checked into tree" version of xsa240/0002
4) Patch xsa240-*/0003
5) Patch xsa240-*/0004

In other words, you should be able to apply xsa240 patch 4 directly on
xsa240 patch 3.

Sorry again for the confusion.


Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.