SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (Generic)  >   Xen Vendors:   XenSource
Xen SYSENTER Processing Error Lets Local PV Guest Users Deny Service on the Host System
SecurityTracker Alert ID:  1028455
SecurityTracker URL:  http://securitytracker.com/id/1028455
CVE Reference:   CVE-2013-1917   (Links to External Site)
Date:  Apr 19 2013
Impact:   Denial of service via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 3.1 - 4.2
Description:   A vulnerability was reported in Xen. A local user on the guest operating system can cause denial of service conditions on the host system.

A local user on a PV guest can issue a SYSENTER instruction to trigger a fault if the hypervisor uses IRET to return to the guest, which then will cause recovery code in the hypervisor to again use IRET without clearing a flag and the hypervisor will crash.

64-bit Xen versions 3.1 and later running on Intel CPUs are affected.

32-bit Xen is not affected.

Impact:   A local user on a PV guest operating system can cause the host operating system to crash.
Solution:   The vendor has issued a fix (xsa44-4.0.patch, xsa44-4.1.patch, xsa44-4.2.patch).
Vendor URL:  www.xen.org/ (Links to External Site)
Cause:   State error
Underlying OS:   Linux (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Apr 19 2013 (Citrix Issues Fix for XenServer) Xen SYSENTER Processing Error Lets Local PV Guest Users Deny Service on the Host System
Citrix has issued a fix for Citrix XenServer.



 Source Message Contents

Date:  Thu, 18 Apr 2013 13:50:55 +0000
Subject:  [oss-security] Xen Security Advisory 44 (CVE-2013-1917) - Xen PV DoS vulnerability with SYSENTER

--=separator
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

             Xen Security Advisory CVE-2013-1917 / XSA-44
                              version 3

                Xen PV DoS vulnerability with SYSENTER

UPDATES IN VERSION 3
====================

Backported patch for 4.0 now available.

ISSUE DESCRIPTION
=================

The SYSENTER instruction can be used by PV guests to accelerate system
call processing. This instruction, however, leaves the EFLAGS register
mostly unmodified - in particular, the NT flag doesn't get cleared. If
the hypervisor subsequently uses IRET to return to the guest (which it
will always do if the guest is a 32-bit one), that instruction will
cause a #GP fault to be raised, but the recovery code in the
hypervisor will again try to use IRET without intermediately clearing
the NT flag. The #GP fault raised on this second IRET is a fatal
event, causing the hypervisor to crash.

IMPACT
======

Malicious or buggy unprivileged user space can cause the entire host to crash.

VULNERABLE SYSTEMS
==================

All 64-bit Xen versions from 3.1 onwards running on Intel CPUs are
vulnerable.  32-bit Xen is not affected, as it doesn't permit the use
of SYSENTER by PV guests. 64-bit Xen run on AMD CPUs isn't affected
since AMD CPUs don't allow the use of SYSENTER in long mode.

The vulnerability is only exposed by PV guests.

MITIGATION
==========

Running only HVM guests, or running PV guests on only 32-bit hosts or only AMD
CPUs will avoid this vulnerability.

RESOLUTION
==========

Applying the appropriate attached patch resolves this issue.

xsa44-4.0.patch             Xen 4.0.x
xsa44-4.1.patch             Xen 4.1.x
xsa44-4.2.patch             Xen 4.2.x
xsa44-unstable.patch        xen-unstable

$ sha256sum xsa44*.patch
4de554d29adbae41a65d401becd9d074be27932ad9f3e0ed78ecb89de3ed35b5  xsa44-4.0.patch
3dbf47224be0f8fc66ba08d8a46b910bd9a3e672ffe864aa77c698bef0e27783  xsa44-4.1.patch
c6c3afa228426d78e0484b7ac34210f642f79add35c4a04ca5ff7db5f2539e49  xsa44-4.2.patch
0e6ad83da75dc207a165411844c0985fd7f9588d92c2c95911c245485351bf36  xsa44-unstable.patch
$
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBAgAGBQJRb/oqAAoJEIP+FMlX6CvZ9EYH/2OAz/GRAX4A2Y52HoUfslN9
lZa4YNJOtPOuLITMeapu7MXBgRJYA/GPFzfBVlAoPNQTNpUD0Mfxvwz9mVGIUtNX
t0Mriz/oFGDqHzvz3rksmvG9y6tMfwa++srXms/uTXd3T1CxeGIHA4hMuvCRkMAU
HQHQ1pfsK6XGHV+ITeJVBGEwKh+aDxBfqIXDU1yhgTA9djpsHXWNAsu5mNRBsb0i
zMVxZg+x1maHhxigLwsEm1poxneWhkq+0pvTo/hCdK2XcK9NaUXNAALMZfQn5kgK
IwaC52V3FJSxErIWlZz6IW6Zq4tugzu/VJ92hrM0fubd04mfFG15+buc+NdUmvk=
=qSef
-----END PGP SIGNATURE-----

--=separator
Content-Type: application/octet-stream; name="xsa44-4.0.patch"
Content-Disposition: attachment; filename="xsa44-4.0.patch"
Content-Transfer-Encoding: base64

eDg2OiBjbGVhciBFRkxBR1MuTlQgaW4gU1lTRU5URVIgZW50cnkgcGF0aAoK
Li4uIGFzIGl0IGNhdXNlcyBwcm9ibGVtcyBpZiB3ZSBoYXBwZW4gdG8gZXhp
dCBiYWNrIHZpYSBJUkVUOiBJbiB0aGUKY291cnNlIG9mIHRyeWluZyB0byBo
YW5kbGUgdGhlIGZhdWx0LCB0aGUgaHlwZXJ2aXNvciBjcmVhdGVzIGEgc3Rh
Y2sKZnJhbWUgYnkgaGFuZCwgYW5kIHVzZXMgUFVTSEZRIHRvIHNldCB0aGUg
cmVzcGVjdGl2ZSBFRkxBR1MgZmllbGQsIGJ1dApleHBlY3RzIHRvIGJlIGFi
bGUgdG8gSVJFVCB0aHJvdWdoIHRoYXQgc3RhY2sgZnJhbWUgdG8gdGhlIHNl
Y29uZApwb3J0aW9uIG9mIHRoZSBmaXh1cCBjb2RlICh3aGljaCBjYXVzZXMg
YSAjR1AgZHVlIHRvIHRoZSBzdG9yZWQgRUZMQUdTCmhhdmluZyBOVCBzZXQp
LgoKQW5kIGV2ZW4gaWYgdGhpcyB3b3JrZWQgKGUuZyBpZiB3ZSBjbGVhcmVk
IE5UIGluIHRoYXQgcGF0aCksIGl0IHdvdWxkCnRoZW4gKHRocm91Z2ggdGhl
IGZhaWwgc2FmZSBjYWxsYmFjaykgY2F1c2UgYSAjR1AgaW4gdGhlIGd1ZXN0
IHdpdGggdGhlClNZU0VOVEVSIGhhbmRsZXIncyBmaXJzdCBpbnN0cnVjdGlv
biBhcyB0aGUgc291cmNlLCB3aGljaCBpbiB0dXJuIHdvdWxkCmFsbG93IGd1
ZXN0IHVzZXIgbW9kZSBjb2RlIHRvIGNyYXNoIHRoZSBndWVzdCBrZXJuZWwu
CgpJbmplY3QgYSAjR1Agb24gdGhlIGZha2UgKE5VTEwpIGFkZHJlc3Mgb2Yg
dGhlIFNZU0VOVEVSIGluc3RydWN0aW9uCmluc3RlYWQsIGp1c3QgbGlrZSBp
biB0aGUgY2FzZSB3aGVyZSB0aGUgZ3Vlc3Qga2VybmVsIGRpZG4ndCByZWdp
c3RlcgphIGNvcnJlc3BvbmRpbmcgZW50cnkgcG9pbnQuCgpPbiAzMi1iaXQg
d2UgYWxzbyBuZWVkIHRvIG1ha2Ugc3VyZSB3ZSBjbGVhciBTWVNFTlRFUl9D
UyBmb3IgYWxsIENQVXMKKG5laXRoZXIgI1JFU0VUIG5vciAjSU5JVCBndWFy
YW50ZWUgdGhpcykuCgpUaGlzIGlzIENWRS0yMDEzLTE5MTcgLyBYU0EtNDQu
CgpSZXBvcnRlZC1ieTogQW5kcmV3IENvb3BlciA8YW5kcmV3LmNvb3BlcjNA
Y2l0aXJ4LmNvbT4KU2lnbmVkLW9mZi1ieTogSmFuIEJldWxpY2ggPGpiZXVs
aWNoQHN1c2UuY29tPgpUZXN0ZWQtYnk6IEFuZHJldyBDb29wZXIgPGFuZHJl
dy5jb29wZXIzQGNpdHJpeC5jb20+CkFja2VkLWJ5OiBBbmRyZXcgQ29vcGVy
IDxhbmRyZXcuY29vcGVyM0BjaXRyaXguY29tPgpTaWduZWQtb2ZmLWJ5OiBJ
YW4gQ2FtcGJlbGwgPElhbi5DYW1wYmVsbEBjaXRyaXguY29tPgoKZGlmZiAt
LWdpdCBhL3hlbi9hcmNoL3g4Ni9hY3BpL3N1c3BlbmQuYyBiL3hlbi9hcmNo
L3g4Ni9hY3BpL3N1c3BlbmQuYwppbmRleCBkZGRkYmM4Li43ODE5YjMwIDEw
MDY0NAotLS0gYS94ZW4vYXJjaC94ODYvYWNwaS9zdXNwZW5kLmMKKysrIGIv
eGVuL2FyY2gveDg2L2FjcGkvc3VzcGVuZC5jCkBAIC01OSw4ICs1OSwxMiBA
QCB2b2lkIHJlc3RvcmVfcmVzdF9wcm9jZXNzb3Jfc3RhdGUodm9pZCkKICAg
ICAgICAgd3Jtc3IoTVNSX0lBMzJfU1lTRU5URVJfQ1MsIF9fSFlQRVJWSVNP
Ul9DUywgMCk7CiAgICAgfQogI2Vsc2UgLyogIWRlZmluZWQoQ09ORklHX1g4
Nl82NCkgKi8KLSAgICBpZiAoIHN1cGVydmlzb3JfbW9kZV9rZXJuZWwgJiYg
Y3B1X2hhc19zZXAgKQotICAgICAgICB3cm1zcihNU1JfSUEzMl9TWVNFTlRF
Ul9FU1AsICZ0aGlzX2NwdShpbml0X3RzcykuZXNwMSwgMCk7CisgICAgaWYg
KCBjcHVfaGFzX3NlcCApCisgICAgeworICAgICAgICB3cm1zcihNU1JfSUEz
Ml9TWVNFTlRFUl9DUywgMCwgMCk7CisgICAgICAgIGlmICggc3VwZXJ2aXNv
cl9tb2RlX2tlcm5lbCApCisgICAgICAgICAgICB3cm1zcihNU1JfSUEzMl9T
WVNFTlRFUl9FU1AsICZ0aGlzX2NwdShpbml0X3RzcykuZXNwMSwgMCk7Cisg
ICAgfQogI2VuZGlmCiAKICAgICAvKiBNYXliZSBsb2FkIHRoZSBkZWJ1ZyBy
ZWdpc3RlcnMuICovCmRpZmYgLS1naXQgYS94ZW4vYXJjaC94ODYvY3B1L2Nv
bW1vbi5jIGIveGVuL2FyY2gveDg2L2NwdS9jb21tb24uYwppbmRleCBlZGE3
NTM0Li5jYjNhN2MyIDEwMDY0NAotLS0gYS94ZW4vYXJjaC94ODYvY3B1L2Nv
bW1vbi5jCisrKyBiL3hlbi9hcmNoL3g4Ni9jcHUvY29tbW9uLmMKQEAgLTYy
Myw4ICs2MjMsMTEgQEAgdm9pZCBfX2NwdWluaXQgY3B1X2luaXQodm9pZCkK
ICNpZiBkZWZpbmVkKENPTkZJR19YODZfMzIpCiAJdC0+c3MwICA9IF9fSFlQ
RVJWSVNPUl9EUzsKIAl0LT5lc3AwID0gZ2V0X3N0YWNrX2JvdHRvbSgpOwot
CWlmICggc3VwZXJ2aXNvcl9tb2RlX2tlcm5lbCAmJiBjcHVfaGFzX3NlcCAp
CisJaWYgKCBjcHVfaGFzX3NlcCApIHsKKwkgICAgd3Jtc3IoTVNSX0lBMzJf
U1lTRU5URVJfQ1MsIDAsIDApOworCSAgICBpZiAoIHN1cGVydmlzb3JfbW9k
ZV9rZXJuZWwgKQogCQl3cm1zcihNU1JfSUEzMl9TWVNFTlRFUl9FU1AsICZ0
LT5lc3AxLCAwKTsKKwl9CiAjZWxpZiBkZWZpbmVkKENPTkZJR19YODZfNjQp
CiAJLyogQm90dG9tLW9mLXN0YWNrIG11c3QgYmUgMTYtYnl0ZSBhbGlnbmVk
ISAqLwogCUJVR19PTigoZ2V0X3N0YWNrX2JvdHRvbSgpICYgMTUpICE9IDAp
OwpkaWZmIC0tZ2l0IGEveGVuL2FyY2gveDg2L3g4Nl82NC9lbnRyeS5TIGIv
eGVuL2FyY2gveDg2L3g4Nl82NC9lbnRyeS5TCmluZGV4IDllOWRiMzMuLmU0
YzBmZGUgMTAwNjQ0Ci0tLSBhL3hlbi9hcmNoL3g4Ni94ODZfNjQvZW50cnku
UworKysgYi94ZW4vYXJjaC94ODYveDg2XzY0L2VudHJ5LlMKQEAgLTMwMCw3
ICszMDAsMTQgQEAgc3lzZW50ZXJfZWZsYWdzX3NhdmVkOgogICAgICAgICBt
b3ZsICAkMyxVUkVHU19jcyglcnNwKSAgLyogcmluZyAzIG51bGwgY3MgKi8K
ICAgICAgICAgbW92cSAgVkNQVV9zeXNlbnRlcl9hZGRyKCVyYngpLCVyYXgK
ICAgICAgICAgc2V0bmUgJWNsCisgICAgICAgIHRlc3RsICRYODZfRUZMQUdT
X05ULFVSRUdTX2VmbGFncyglcnNwKQogICAgICAgICBsZWFxICBWQ1BVX3Ry
YXBfYm91bmNlKCVyYngpLCVyZHgKKwlqeiAgICBzeXNlbnRlcl9udF9ub3Rf
c2V0CisgICAgICAgIHB1c2hmcQorICAgICAgICBhbmRsICAkflg4Nl9FRkxB
R1NfTlQsKCVyc3ApCisgICAgICAgIHBvcGZxCisgICAgICAgIHhvcmwgICVl
YXgsJWVheAorc3lzZW50ZXJfbnRfbm90X3NldDoKICAgICAgICAgdGVzdHEg
JXJheCwlcmF4CiAgICAgICAgIGxlYWwgICgsJXJjeCxUQkZfSU5URVJSVVBU
KSwlZWN4CiAgICAgICAgIGp6ICAgIDJmCg==

--=separator
Content-Type: application/octet-stream; name="xsa44-4.1.patch"
Content-Disposition: attachment; filename="xsa44-4.1.patch"
Content-Transfer-Encoding: base64

eDg2OiBjbGVhciBFRkxBR1MuTlQgaW4gU1lTRU5URVIgZW50cnkgcGF0aAoK
Li4uIGFzIGl0IGNhdXNlcyBwcm9ibGVtcyBpZiB3ZSBoYXBwZW4gdG8gZXhp
dCBiYWNrIHZpYSBJUkVUOiBJbiB0aGUKY291cnNlIG9mIHRyeWluZyB0byBo
YW5kbGUgdGhlIGZhdWx0LCB0aGUgaHlwZXJ2aXNvciBjcmVhdGVzIGEgc3Rh
Y2sKZnJhbWUgYnkgaGFuZCwgYW5kIHVzZXMgUFVTSEZRIHRvIHNldCB0aGUg
cmVzcGVjdGl2ZSBFRkxBR1MgZmllbGQsIGJ1dApleHBlY3RzIHRvIGJlIGFi
bGUgdG8gSVJFVCB0aHJvdWdoIHRoYXQgc3RhY2sgZnJhbWUgdG8gdGhlIHNl
Y29uZApwb3J0aW9uIG9mIHRoZSBmaXh1cCBjb2RlICh3aGljaCBjYXVzZXMg
YSAjR1AgZHVlIHRvIHRoZSBzdG9yZWQgRUZMQUdTCmhhdmluZyBOVCBzZXQp
LgoKQW5kIGV2ZW4gaWYgdGhpcyB3b3JrZWQgKGUuZyBpZiB3ZSBjbGVhcmVk
IE5UIGluIHRoYXQgcGF0aCksIGl0IHdvdWxkCnRoZW4gKHRocm91Z2ggdGhl
IGZhaWwgc2FmZSBjYWxsYmFjaykgY2F1c2UgYSAjR1AgaW4gdGhlIGd1ZXN0
IHdpdGggdGhlClNZU0VOVEVSIGhhbmRsZXIncyBmaXJzdCBpbnN0cnVjdGlv
biBhcyB0aGUgc291cmNlLCB3aGljaCBpbiB0dXJuIHdvdWxkCmFsbG93IGd1
ZXN0IHVzZXIgbW9kZSBjb2RlIHRvIGNyYXNoIHRoZSBndWVzdCBrZXJuZWwu
CgpJbmplY3QgYSAjR1Agb24gdGhlIGZha2UgKE5VTEwpIGFkZHJlc3Mgb2Yg
dGhlIFNZU0VOVEVSIGluc3RydWN0aW9uCmluc3RlYWQsIGp1c3QgbGlrZSBp
biB0aGUgY2FzZSB3aGVyZSB0aGUgZ3Vlc3Qga2VybmVsIGRpZG4ndCByZWdp
c3RlcgphIGNvcnJlc3BvbmRpbmcgZW50cnkgcG9pbnQuCgpPbiAzMi1iaXQg
d2UgYWxzbyBuZWVkIHRvIG1ha2Ugc3VyZSB3ZSBjbGVhciBTWVNFTlRFUl9D
UyBmb3IgYWxsIENQVXMKKG5laXRoZXIgI1JFU0VUIG5vciAjSU5JVCBndWFy
YW50ZWUgdGhpcykuCgpUaGlzIGlzIENWRS0yMDEzLTE5MTcgLyBYU0EtNDQu
CgpSZXBvcnRlZC1ieTogQW5kcmV3IENvb3BlciA8YW5kcmV3LmNvb3BlcjNA
Y2l0aXJ4LmNvbT4KU2lnbmVkLW9mZi1ieTogSmFuIEJldWxpY2ggPGpiZXVs
aWNoQHN1c2UuY29tPgpUZXN0ZWQtYnk6IEFuZHJldyBDb29wZXIgPGFuZHJl
dy5jb29wZXIzQGNpdHJpeC5jb20+CkFja2VkLWJ5OiBBbmRyZXcgQ29vcGVy
IDxhbmRyZXcuY29vcGVyM0BjaXRyaXguY29tPgoKLS0tIGEveGVuL2FyY2gv
eDg2L2FjcGkvc3VzcGVuZC5jCisrKyBiL3hlbi9hcmNoL3g4Ni9hY3BpL3N1
c3BlbmQuYwpAQCAtODEsOCArODEsMTIgQEAgdm9pZCByZXN0b3JlX3Jlc3Rf
cHJvY2Vzc29yX3N0YXRlKHZvaWQpCiAgICAgfQogCiAjZWxzZSAvKiAhZGVm
aW5lZChDT05GSUdfWDg2XzY0KSAqLwotICAgIGlmICggc3VwZXJ2aXNvcl9t
b2RlX2tlcm5lbCAmJiBjcHVfaGFzX3NlcCApCi0gICAgICAgIHdybXNyKE1T
Ul9JQTMyX1NZU0VOVEVSX0VTUCwgJnRoaXNfY3B1KGluaXRfdHNzKS5lc3Ax
LCAwKTsKKyAgICBpZiAoIGNwdV9oYXNfc2VwICkKKyAgICB7CisgICAgICAg
IHdybXNyKE1TUl9JQTMyX1NZU0VOVEVSX0NTLCAwLCAwKTsKKyAgICAgICAg
aWYgKCBzdXBlcnZpc29yX21vZGVfa2VybmVsICkKKyAgICAgICAgICAgIHdy
bXNyKE1TUl9JQTMyX1NZU0VOVEVSX0VTUCwgJnRoaXNfY3B1KGluaXRfdHNz
KS5lc3AxLCAwKTsKKyAgICB9CiAjZW5kaWYKIAogICAgIC8qIE1heWJlIGxv
YWQgdGhlIGRlYnVnIHJlZ2lzdGVycy4gKi8KLS0tIGEveGVuL2FyY2gveDg2
L2NwdS9jb21tb24uYworKysgYi94ZW4vYXJjaC94ODYvY3B1L2NvbW1vbi5j
CkBAIC03MTUsOCArNzE1LDExIEBAIHZvaWQgX19jcHVpbml0IGNwdV9pbml0
KHZvaWQpCiAjaWYgZGVmaW5lZChDT05GSUdfWDg2XzMyKQogCXQtPnNzMCAg
PSBfX0hZUEVSVklTT1JfRFM7CiAJdC0+ZXNwMCA9IGdldF9zdGFja19ib3R0
b20oKTsKLQlpZiAoIHN1cGVydmlzb3JfbW9kZV9rZXJuZWwgJiYgY3B1X2hh
c19zZXAgKQorCWlmICggY3B1X2hhc19zZXAgKSB7CisJICAgIHdybXNyKE1T
Ul9JQTMyX1NZU0VOVEVSX0NTLCAwLCAwKTsKKwkgICAgaWYgKCBzdXBlcnZp
c29yX21vZGVfa2VybmVsICkKIAkJd3Jtc3IoTVNSX0lBMzJfU1lTRU5URVJf
RVNQLCAmdC0+ZXNwMSwgMCk7CisJfQogI2VsaWYgZGVmaW5lZChDT05GSUdf
WDg2XzY0KQogCS8qIEJvdHRvbS1vZi1zdGFjayBtdXN0IGJlIDE2LWJ5dGUg
YWxpZ25lZCEgKi8KIAlCVUdfT04oKGdldF9zdGFja19ib3R0b20oKSAmIDE1
KSAhPSAwKTsKLS0tIGEveGVuL2FyY2gveDg2L3g4Nl82NC9lbnRyeS5TCisr
KyBiL3hlbi9hcmNoL3g4Ni94ODZfNjQvZW50cnkuUwpAQCAtMjg3LDcgKzI4
NywxNCBAQCBzeXNlbnRlcl9lZmxhZ3Nfc2F2ZWQ6CiAgICAgICAgIG1vdmwg
ICQzLFVSRUdTX2NzKCVyc3ApICAvKiByaW5nIDMgbnVsbCBjcyAqLwogICAg
ICAgICBtb3ZxICBWQ1BVX3N5c2VudGVyX2FkZHIoJXJieCksJXJheAogICAg
ICAgICBzZXRuZSAlY2wKKyAgICAgICAgdGVzdGwgJFg4Nl9FRkxBR1NfTlQs
VVJFR1NfZWZsYWdzKCVyc3ApCiAgICAgICAgIGxlYXEgIFZDUFVfdHJhcF9i
b3VuY2UoJXJieCksJXJkeAorVU5MSUtFTFlfU1RBUlQobnosIHN5c2VudGVy
X250X3NldCkKKyAgICAgICAgcHVzaGZxCisgICAgICAgIGFuZGwgICR+WDg2
X0VGTEFHU19OVCwoJXJzcCkKKyAgICAgICAgcG9wZnEKKyAgICAgICAgeG9y
bCAgJWVheCwlZWF4CitVTkxJS0VMWV9FTkQoc3lzZW50ZXJfbnRfc2V0KQog
ICAgICAgICB0ZXN0cSAlcmF4LCVyYXgKICAgICAgICAgbGVhbCAgKCwlcmN4
LFRCRl9JTlRFUlJVUFQpLCVlY3gKIFVOTElLRUxZX1NUQVJUKHosIHN5c2Vu
dGVyX2dwZikK

--=separator
Content-Type: application/octet-stream; name="xsa44-4.2.patch"
Content-Disposition: attachment; filename="xsa44-4.2.patch"
Content-Transfer-Encoding: base64

eDg2OiBjbGVhciBFRkxBR1MuTlQgaW4gU1lTRU5URVIgZW50cnkgcGF0aAoK
Li4uIGFzIGl0IGNhdXNlcyBwcm9ibGVtcyBpZiB3ZSBoYXBwZW4gdG8gZXhp
dCBiYWNrIHZpYSBJUkVUOiBJbiB0aGUKY291cnNlIG9mIHRyeWluZyB0byBo
YW5kbGUgdGhlIGZhdWx0LCB0aGUgaHlwZXJ2aXNvciBjcmVhdGVzIGEgc3Rh
Y2sKZnJhbWUgYnkgaGFuZCwgYW5kIHVzZXMgUFVTSEZRIHRvIHNldCB0aGUg
cmVzcGVjdGl2ZSBFRkxBR1MgZmllbGQsIGJ1dApleHBlY3RzIHRvIGJlIGFi
bGUgdG8gSVJFVCB0aHJvdWdoIHRoYXQgc3RhY2sgZnJhbWUgdG8gdGhlIHNl
Y29uZApwb3J0aW9uIG9mIHRoZSBmaXh1cCBjb2RlICh3aGljaCBjYXVzZXMg
YSAjR1AgZHVlIHRvIHRoZSBzdG9yZWQgRUZMQUdTCmhhdmluZyBOVCBzZXQp
LgoKQW5kIGV2ZW4gaWYgdGhpcyB3b3JrZWQgKGUuZyBpZiB3ZSBjbGVhcmVk
IE5UIGluIHRoYXQgcGF0aCksIGl0IHdvdWxkCnRoZW4gKHRocm91Z2ggdGhl
IGZhaWwgc2FmZSBjYWxsYmFjaykgY2F1c2UgYSAjR1AgaW4gdGhlIGd1ZXN0
IHdpdGggdGhlClNZU0VOVEVSIGhhbmRsZXIncyBmaXJzdCBpbnN0cnVjdGlv
biBhcyB0aGUgc291cmNlLCB3aGljaCBpbiB0dXJuIHdvdWxkCmFsbG93IGd1
ZXN0IHVzZXIgbW9kZSBjb2RlIHRvIGNyYXNoIHRoZSBndWVzdCBrZXJuZWwu
CgpJbmplY3QgYSAjR1Agb24gdGhlIGZha2UgKE5VTEwpIGFkZHJlc3Mgb2Yg
dGhlIFNZU0VOVEVSIGluc3RydWN0aW9uCmluc3RlYWQsIGp1c3QgbGlrZSBp
biB0aGUgY2FzZSB3aGVyZSB0aGUgZ3Vlc3Qga2VybmVsIGRpZG4ndCByZWdp
c3RlcgphIGNvcnJlc3BvbmRpbmcgZW50cnkgcG9pbnQuCgpPbiAzMi1iaXQg
d2UgYWxzbyBuZWVkIHRvIG1ha2Ugc3VyZSB3ZSBjbGVhciBTWVNFTlRFUl9D
UyBmb3IgYWxsIENQVXMKKG5laXRoZXIgI1JFU0VUIG5vciAjSU5JVCBndWFy
YW50ZWUgdGhpcykuCgpUaGlzIGlzIENWRS0yMDEzLTE5MTcgLyBYU0EtNDQu
CgpSZXBvcnRlZC1ieTogQW5kcmV3IENvb3BlciA8YW5kcmV3LmNvb3BlcjNA
Y2l0aXJ4LmNvbT4KU2lnbmVkLW9mZi1ieTogSmFuIEJldWxpY2ggPGpiZXVs
aWNoQHN1c2UuY29tPgpUZXN0ZWQtYnk6IEFuZHJldyBDb29wZXIgPGFuZHJl
dy5jb29wZXIzQGNpdHJpeC5jb20+CkFja2VkLWJ5OiBBbmRyZXcgQ29vcGVy
IDxhbmRyZXcuY29vcGVyM0BjaXRyaXguY29tPgoKLS0tIGEveGVuL2FyY2gv
eDg2L2FjcGkvc3VzcGVuZC5jCisrKyBiL3hlbi9hcmNoL3g4Ni9hY3BpL3N1
c3BlbmQuYwpAQCAtODEsOCArODEsMTIgQEAgdm9pZCByZXN0b3JlX3Jlc3Rf
cHJvY2Vzc29yX3N0YXRlKHZvaWQpCiAgICAgfQogCiAjZWxzZSAvKiAhZGVm
aW5lZChDT05GSUdfWDg2XzY0KSAqLwotICAgIGlmICggc3VwZXJ2aXNvcl9t
b2RlX2tlcm5lbCAmJiBjcHVfaGFzX3NlcCApCi0gICAgICAgIHdybXNyKE1T
Ul9JQTMyX1NZU0VOVEVSX0VTUCwgJnRoaXNfY3B1KGluaXRfdHNzKS5lc3Ax
LCAwKTsKKyAgICBpZiAoIGNwdV9oYXNfc2VwICkKKyAgICB7CisgICAgICAg
IHdybXNyKE1TUl9JQTMyX1NZU0VOVEVSX0NTLCAwLCAwKTsKKyAgICAgICAg
aWYgKCBzdXBlcnZpc29yX21vZGVfa2VybmVsICkKKyAgICAgICAgICAgIHdy
bXNyKE1TUl9JQTMyX1NZU0VOVEVSX0VTUCwgJnRoaXNfY3B1KGluaXRfdHNz
KS5lc3AxLCAwKTsKKyAgICB9CiAjZW5kaWYKIAogICAgIC8qIE1heWJlIGxv
YWQgdGhlIGRlYnVnIHJlZ2lzdGVycy4gKi8KLS0tIGEveGVuL2FyY2gveDg2
L2NwdS9jb21tb24uYworKysgYi94ZW4vYXJjaC94ODYvY3B1L2NvbW1vbi5j
CkBAIC02NTUsOCArNjU1LDExIEBAIHZvaWQgX19jcHVpbml0IGNwdV9pbml0
KHZvaWQpCiAjaWYgZGVmaW5lZChDT05GSUdfWDg2XzMyKQogCXQtPnNzMCAg
PSBfX0hZUEVSVklTT1JfRFM7CiAJdC0+ZXNwMCA9IGdldF9zdGFja19ib3R0
b20oKTsKLQlpZiAoIHN1cGVydmlzb3JfbW9kZV9rZXJuZWwgJiYgY3B1X2hh
c19zZXAgKQorCWlmICggY3B1X2hhc19zZXAgKSB7CisJICAgIHdybXNyKE1T
Ul9JQTMyX1NZU0VOVEVSX0NTLCAwLCAwKTsKKwkgICAgaWYgKCBzdXBlcnZp
c29yX21vZGVfa2VybmVsICkKIAkJd3Jtc3IoTVNSX0lBMzJfU1lTRU5URVJf
RVNQLCAmdC0+ZXNwMSwgMCk7CisJfQogI2VsaWYgZGVmaW5lZChDT05GSUdf
WDg2XzY0KQogCS8qIEJvdHRvbS1vZi1zdGFjayBtdXN0IGJlIDE2LWJ5dGUg
YWxpZ25lZCEgKi8KIAlCVUdfT04oKGdldF9zdGFja19ib3R0b20oKSAmIDE1
KSAhPSAwKTsKLS0tIGEveGVuL2FyY2gveDg2L3g4Nl82NC9lbnRyeS5TCisr
KyBiL3hlbi9hcmNoL3g4Ni94ODZfNjQvZW50cnkuUwpAQCAtMjg0LDcgKzI4
NCwxNCBAQCBzeXNlbnRlcl9lZmxhZ3Nfc2F2ZWQ6CiAgICAgICAgIGNtcGIg
ICQwLFZDUFVfc3lzZW50ZXJfZGlzYWJsZXNfZXZlbnRzKCVyYngpCiAgICAg
ICAgIG1vdnEgIFZDUFVfc3lzZW50ZXJfYWRkciglcmJ4KSwlcmF4CiAgICAg
ICAgIHNldG5lICVjbAorICAgICAgICB0ZXN0bCAkWDg2X0VGTEFHU19OVCxV
UkVHU19lZmxhZ3MoJXJzcCkKICAgICAgICAgbGVhcSAgVkNQVV90cmFwX2Jv
dW5jZSglcmJ4KSwlcmR4CitVTkxJS0VMWV9TVEFSVChueiwgc3lzZW50ZXJf
bnRfc2V0KQorICAgICAgICBwdXNoZnEKKyAgICAgICAgYW5kbCAgJH5YODZf
RUZMQUdTX05ULCglcnNwKQorICAgICAgICBwb3BmcQorICAgICAgICB4b3Js
ICAlZWF4LCVlYXgKK1VOTElLRUxZX0VORChzeXNlbnRlcl9udF9zZXQpCiAg
ICAgICAgIHRlc3RxICVyYXgsJXJheAogICAgICAgICBsZWFsICAoLCVyY3gs
VEJGX0lOVEVSUlVQVCksJWVjeAogVU5MSUtFTFlfU1RBUlQoeiwgc3lzZW50
ZXJfZ3BmKQo=

--=separator
Content-Type: application/octet-stream; name="xsa44-unstable.patch"
Content-Disposition: attachment; filename="xsa44-unstable.patch"
Content-Transfer-Encoding: base64

eDg2OiBjbGVhciBFRkxBR1MuTlQgaW4gU1lTRU5URVIgZW50cnkgcGF0aAoK
Li4uIGFzIGl0IGNhdXNlcyBwcm9ibGVtcyBpZiB3ZSBoYXBwZW4gdG8gZXhp
dCBiYWNrIHZpYSBJUkVUOiBJbiB0aGUKY291cnNlIG9mIHRyeWluZyB0byBo
YW5kbGUgdGhlIGZhdWx0LCB0aGUgaHlwZXJ2aXNvciBjcmVhdGVzIGEgc3Rh
Y2sKZnJhbWUgYnkgaGFuZCwgYW5kIHVzZXMgUFVTSEZRIHRvIHNldCB0aGUg
cmVzcGVjdGl2ZSBFRkxBR1MgZmllbGQsIGJ1dApleHBlY3RzIHRvIGJlIGFi
bGUgdG8gSVJFVCB0aHJvdWdoIHRoYXQgc3RhY2sgZnJhbWUgdG8gdGhlIHNl
Y29uZApwb3J0aW9uIG9mIHRoZSBmaXh1cCBjb2RlICh3aGljaCBjYXVzZXMg
YSAjR1AgZHVlIHRvIHRoZSBzdG9yZWQgRUZMQUdTCmhhdmluZyBOVCBzZXQp
LgoKQW5kIGV2ZW4gaWYgdGhpcyB3b3JrZWQgKGUuZyBpZiB3ZSBjbGVhcmVk
IE5UIGluIHRoYXQgcGF0aCksIGl0IHdvdWxkCnRoZW4gKHRocm91Z2ggdGhl
IGZhaWwgc2FmZSBjYWxsYmFjaykgY2F1c2UgYSAjR1AgaW4gdGhlIGd1ZXN0
IHdpdGggdGhlClNZU0VOVEVSIGhhbmRsZXIncyBmaXJzdCBpbnN0cnVjdGlv
biBhcyB0aGUgc291cmNlLCB3aGljaCBpbiB0dXJuIHdvdWxkCmFsbG93IGd1
ZXN0IHVzZXIgbW9kZSBjb2RlIHRvIGNyYXNoIHRoZSBndWVzdCBrZXJuZWwu
CgpJbmplY3QgYSAjR1Agb24gdGhlIGZha2UgKE5VTEwpIGFkZHJlc3Mgb2Yg
dGhlIFNZU0VOVEVSIGluc3RydWN0aW9uCmluc3RlYWQsIGp1c3QgbGlrZSBp
biB0aGUgY2FzZSB3aGVyZSB0aGUgZ3Vlc3Qga2VybmVsIGRpZG4ndCByZWdp
c3RlcgphIGNvcnJlc3BvbmRpbmcgZW50cnkgcG9pbnQuCgpUaGlzIGlzIENW
RS0yMDEzLTE5MTcgLyBYU0EtNDQuCgpSZXBvcnRlZC1ieTogQW5kcmV3IENv
b3BlciA8YW5kcmV3LmNvb3BlcjNAY2l0aXJ4LmNvbT4KU2lnbmVkLW9mZi1i
eTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgpUZXN0ZWQtYnk6
IEFuZHJldyBDb29wZXIgPGFuZHJldy5jb29wZXIzQGNpdHJpeC5jb20+CkFj
a2VkLWJ5OiBBbmRyZXcgQ29vcGVyIDxhbmRyZXcuY29vcGVyM0BjaXRyaXgu
Y29tPgoKLS0tIGEveGVuL2FyY2gveDg2L3g4Nl82NC9lbnRyeS5TCisrKyBi
L3hlbi9hcmNoL3g4Ni94ODZfNjQvZW50cnkuUwpAQCAtMjgxLDcgKzI4MSwx
NCBAQCBzeXNlbnRlcl9lZmxhZ3Nfc2F2ZWQ6CiAgICAgICAgIGNtcGIgICQw
LFZDUFVfc3lzZW50ZXJfZGlzYWJsZXNfZXZlbnRzKCVyYngpCiAgICAgICAg
IG1vdnEgIFZDUFVfc3lzZW50ZXJfYWRkciglcmJ4KSwlcmF4CiAgICAgICAg
IHNldG5lICVjbAorICAgICAgICB0ZXN0bCAkWDg2X0VGTEFHU19OVCxVUkVH
U19lZmxhZ3MoJXJzcCkKICAgICAgICAgbGVhcSAgVkNQVV90cmFwX2JvdW5j
ZSglcmJ4KSwlcmR4CitVTkxJS0VMWV9TVEFSVChueiwgc3lzZW50ZXJfbnRf
c2V0KQorICAgICAgICBwdXNoZnEKKyAgICAgICAgYW5kbCAgJH5YODZfRUZM
QUdTX05ULCglcnNwKQorICAgICAgICBwb3BmcQorICAgICAgICB4b3JsICAl
ZWF4LCVlYXgKK1VOTElLRUxZX0VORChzeXNlbnRlcl9udF9zZXQpCiAgICAg
ICAgIHRlc3RxICVyYXgsJXJheAogICAgICAgICBsZWFsICAoLCVyY3gsVEJG
X0lOVEVSUlVQVCksJWVjeAogVU5MSUtFTFlfU1RBUlQoeiwgc3lzZW50ZXJf
Z3BmKQo=

--=separator--
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2014, SecurityGlobal.net LLC