qemu security issue in xen

Hi,
I've already said here that NetBSD/dom0 isn't affected by
the pygrub security
issue in Xen (at last if the xen tools have been installed
from pkgsrc).
Today I've been aware of 3 new issues, in the qemu part of
the
HVM support:
http://secunia.c
om/advisories/26986/
this affects NetBSD too, if the xentools3*-hvm package is
installed.
I just updated the pkg-vulnerabilities file to reflect
this.
AFAIK no patches have been released yet.

The issue is that a compromised HVM guest could cause
arbitrary code execution
in dom0, as root. 2 of the 3 issues can be worked around by
choosing
another emulation than ne2000 for the network interface (by
default the
realtek 8139 emulation is used), but I can't see how to
workaround
the issue in cirrus_invalidate_region().

-- 
Manuel Bouyer <bouyerantioche.eu.org>
     NetBSD: 26 ans d'experience feront toujours la
difference
--

On Monday 08 October 2007 21:18:26 Manuel Bouyer wrote:
> Hi,
> I've already said here that NetBSD/dom0 isn't affected
by the pygrub
> security issue in Xen (at last if the xen tools have
been installed from
> pkgsrc). Today I've been aware of 3 new issues, in the
qemu part of the
> HVM support:
> http://secunia.c
om/advisories/26986/
> this affects NetBSD too, if the xentools3*-hvm package
is installed.
> I just updated the pkg-vulnerabilities file to reflect
this.
> AFAIK no patches have been released yet.

There are patches. You will need to upgrade to Xen 3.1.1
once this is out. A third release candidate is already
available.

The security issue 2) is fixed in xen changeset 14914,
security issues 3) and 3) are fixed by changeset 15447.
They all are in Xen 3.1.1-rc3.

Christoph