Getting Ready › Release Notes › Hotfixes › Hotfix hf9184

Hotfix hf9184

Release date: 2013-8-14

Applicability:

hf9184 is a mandatory hotfix for CA AppLogic 3.5.19 and 3.7.14 (and may not be used with any other CA AppLogic® version).

hf9184 resolves SCR 9184, SCR 8354, SCR 8017, SCR 7611, and SCR 7759 and the following Xen Security Vulnerabilities:

• XSA-6 HVM e1000, buffer overflow.
• XSA-7 64-bit PV guest privilege escalation vulnerability.
• XSA-8 Guest denial of service on syscall/sysenter exception generation.
• XSA-9 PV guest host Denial of Service.
• XSA-11 HVM guest destroy p2m teardown host DoS vulnerability.
• XSA-12 Hypercall set_debugreg vulnerability.
• XSA-13 Hypercall physdev_get_free_pirq vulnerability.
• XSA-14 XENMEM_populate_physmap DoS vulnerability.
• XSA-16 PHYSDEVOP_map_pirq index vulnerability.
• XSA-17 Qemu VT100 emulation vulnerability.
• XSA-19 Guest administrator can access qemu monitor console.
• XSA-20 Timer overflow DoS vulnerability.
• XSA-21 pirq range check DoS vulnerability.
• XSA-22 Memory mapping failure DoS vulnerability.
• XSA-23 Unhooking empty PAE entries DoS vulnerability.
• XSA-24 Grant table hypercall infinite loop DoS vulnerability.
• XSA-25 Xen domain builder Out-of-memory due to malicious kernel/ramdisk.
• XSA-26 Grant table version switch list corruption vulnerability.
• XSA-27 several HVM operations do not validate the range of their inputs.
• XSA-28 HVMOP_get_mem_access crash / HVMOP_set_mem_access information leak.
• XSA-29 XENMEM_exchange may overwrite hypervisor memory.
• XSA-30 Broken error handling in guest_physmap_mark_populate_on_demand().
• XSA-31 Several memory hypercall operations allow invalid extent order values.
• XSA-33 VT-d interrupt remapping source validation flaw.
• XSA 36 interrupt remap entries shared and old ones not cleared on AMD IOMMUs.
• XSA 38 oxenstored incorrect handling of certain Xenbus ring states.
• XSA 39 Linux netback DoS via malicious guest ring.
• XSA 40 Linux stack corruption in xen_failsafe_callback for 32bit PVOPS guests.
• XSA 41 qemu (e1000 device driver): Buffer overflow when processing large packets .
• XSA 42 Linux kernel hits general protection if %ds is corrupt for 32-bit PVOPS.
• XSA 43 Linux pciback DoS via not rate limited log messages.
• XSA 44 Xen PV DoS vulnerability with SYSENTER.
• XSA 46 Several access permission issues with IRQs for unprivileged guests.
• XSA 47 Potential use of freed memory in event channel operations.
• XSA 50 grant table hypercall acquire/release imbalance.
• XSA 54 Hypervisor crash due to missing exception recovery on XSETBV.
• XSA 55 Multiple vulnerabilities in libelf PV kernel handling.
• XSA 56 Buffer overflow in xencontrol Python bindings affecting xend.

Note: For CA AppLogic® 3.5.19, hf9184 includes and obsoletes hf8017, hf7759, and hf7611.

This hotfix replaces files on the Xen-based servers of the grid. Therefore, a grid reboot is required after applying this hotfix.

If this hotfix is installed on a grid and afterwards a new server is added to the grid, this hotfix is automatically installed on the newly added server, however the newly added server must be rebooted for the hotfix to take effect. If a grid is created and hf9184 is installed during the grid creation process, the grid needs to be rebooted after the grid creation has completed in order for the hotfix to take effect.