Those CVEs were announced here: https://www.openwall.com/lists/oss-security/2024/04/09/14 https://www.openwall.com/lists/oss-security/2024/04/09/15 For Cauldron, version 4.18.2 solves those problems. For Mageia 9, version 4.17.4 solves those problems.
Whiteboard: (none) => MGA9TOOCVE: (none) => CVE-2024-31142, CVE-2024-2201Status comment: (none) => Fixed upstream in 4.18.2 and 4.17.4Source RPM: (none) => xen-4.18.0-5.mga10.src.rpm
We only just have version 4.18.1 in Cauldron! Different packagers handle xen, so assigning this globally.
Assignee: bugsquad => pkg-bugs
xen-4.18.2-1.mga10 failed to build with: """ checking ABI=64 checking compiler gcc -mno-red-zone -O1 -fno-omit-frame-pointer -O1 -fno-omit-frame-pointer -m64 -mno-red-zone -fno-reorder-blocks -fno-asynchronous-unwind-tables -m64 -DBUILD_ID -fno-strict-aliasing -std=gnu99 -Wall -Wstrict-prototypes -Wno-unused-but-set-variable -Wno-unused-local-typedefs -Wno-error=array-bounds -fno-pie -fno-stack-protector -fno-exceptions -fno-asynchronous-unwind-tables -isystem /home/iurt/rpmbuild/BUILD/xen-4.18.2/stubdom/cross-root-x86_64/x86_64-xen-elf/include -isystem /home/iurt/rpmbuild/BUILD/xen-4.18.2/stubdom/../extras/mini-os/include -D__MINIOS__ -DHAVE_LIBC -isystem /home/iurt/rpmbuild/BUILD/xen-4.18.2/stubdom/../extras/mini-os/include/posix -isystem /home/iurt/rpmbuild/BUILD/xen-4.18.2/stubdom/../tools/include -isystem /home/iurt/rpmbuild/BUILD/xen-4.18.2/stubdom/../extras/mini-os/include/x86 -isystem /home/iurt/rpmbuild/BUILD/xen-4.18.2/stubdom/../extras/mini-os/include/x86/x86_64 -U __linux__ -U __FreeBSD__ -U __sun__ -nostdinc -isystem /home/iurt/rpmbuild/BUILD/xen-4.18.2/stubdom/../extras/mini-os/include/posix -isystem /home/iurt/rpmbuild/BUILD/xen-4.18.2/stubdom/cross-root-x86_64/x86_64-xen-elf/include -isystem /usr/lib/gcc/x86_64-mageia-linux/14/include -isystem /home/iurt/rpmbuild/BUILD/xen-4.18.2/stubdom/lwip-x86_64/src/include -isystem /home/iurt/rpmbuild/BUILD/xen-4.18.2/stubdom/lwip-x86_64/src/include/ipv4 -I/home/iurt/rpmbuild/BUILD/xen-4.18.2/stubdom/include -I/home/iurt/rpmbuild/BUILD/xen-4.18.2/stubdom/../xen/include... no, long long reliability test 1 checking ABI=32 checking compiler gcc -mno-red-zone -O1 -fno-omit-frame-pointer -O1 -fno-omit-frame-pointer -m64 -mno-red-zone -fno-reorder-blocks -fno-asynchronous-unwind-tables -m64 -DBUILD_ID -fno-strict-aliasing -std=gnu99 -Wall -Wstrict-prototypes -Wno-unused-but-set-variable -Wno-unused-local-typedefs -Wno-error=array-bounds -fno-pie -fno-stack-protector -fno-exceptions -fno-asynchronous-unwind-tables -isystem /home/iurt/rpmbuild/BUILD/xen-4.18.2/stubdom/cross-root-x86_64/x86_64-xen-elf/include -isystem /home/iurt/rpmbuild/BUILD/xen-4.18.2/stubdom/../extras/mini-os/include -D__MINIOS__ -DHAVE_LIBC -isystem /home/iurt/rpmbuild/BUILD/xen-4.18.2/stubdom/../extras/mini-os/include/posix -isystem /home/iurt/rpmbuild/BUILD/xen-4.18.2/stubdom/../tools/include -isystem /home/iurt/rpmbuild/BUILD/xen-4.18.2/stubdom/../extras/mini-os/include/x86 -isystem /home/iurt/rpmbuild/BUILD/xen-4.18.2/stubdom/../extras/mini-os/include/x86/x86_64 -U __linux__ -U __FreeBSD__ -U __sun__ -nostdinc -isystem /home/iurt/rpmbuild/BUILD/xen-4.18.2/stubdom/../extras/mini-os/include/posix -isystem /home/iurt/rpmbuild/BUILD/xen-4.18.2/stubdom/cross-root-x86_64/x86_64-xen-elf/include -isystem /usr/lib/gcc/x86_64-mageia-linux/14/include -isystem /home/iurt/rpmbuild/BUILD/xen-4.18.2/stubdom/lwip-x86_64/src/include -isystem /home/iurt/rpmbuild/BUILD/xen-4.18.2/stubdom/lwip-x86_64/src/include/ipv4 -I/home/iurt/rpmbuild/BUILD/xen-4.18.2/stubdom/include -I/home/iurt/rpmbuild/BUILD/xen-4.18.2/stubdom/../xen/include... no, long long reliability test 1 configure: error: could not find a working compiler, see config.log for details make: *** [Makefile:192: gmp-x86_64] Error 1 make: Leaving directory '/home/iurt/rpmbuild/BUILD/xen-4.18.2/stubdom' """ See: http://pkgsubmit.mageia.org/uploads/failure/cauldron/core/release/20240411130648.ns80.duvel.3501848/xen-4.18.2-1.mga10/build.x86_64.0.20240411132546.log
Suggested advisory: ======================== The updated packages fix security vulnerabilities: Incorrect logic for BTC/SRSO mitigations. (CVE-2024-31142) Native Branch History Injection. (CVE-2024-2201) References: https://www.openwall.com/lists/oss-security/2024/04/09/14 https://www.openwall.com/lists/oss-security/2024/04/09/15 ======================== Updated packages in core/updates_testing: ======================== lib(64)xen3.0-4.17.4-1.mga9 lib(64)xen-devel-4.17.4-1.mga9 ocaml-xen-4.17.4-1.mga9 ocaml-xen-devel-4.17.4-1.mga9 xen-4.17.4-1.mga9 xen-hypervisor-4.17.4-1.mga9 xen-licenses-4.17.4-1.mga9 xen-runtime-4.17.4-1.mga9 from SRPM: xen-4.17.4-1.mga9.src.rpm
Version: Cauldron => 9Whiteboard: MGA9TOO => (none)Assignee: pkg-bugs => qa-bugsKeywords: (none) => advisory
RH mageia 9 x86_64 LC_ALL=C urpmi /home/katnatek/qa-testing/x86_64/*.rpm To satisfy dependencies, the following packages are going to be installed: Package Version Release Arch (medium "Core Release (distrib1)") edk2-ovmf-xen 20221117git> 7.mga9 noarch (recommended) python3-lxml 4.9.2 1.mga9 x86_64 (medium "Core Updates (distrib3)") kernel-server 6.6.22 1.mga9 x86_64 (command line) lib64xen-devel 4.17.4 1.mga9 x86_64 lib64xen3.0 4.17.4 1.mga9 x86_64 ocaml-xen 4.17.4 1.mga9 x86_64 ocaml-xen-devel 4.17.4 1.mga9 x86_64 xen 4.17.4 1.mga9 x86_64 xen-hypervisor 4.17.4 1.mga9 x86_64 xen-licenses 4.17.4 1.mga9 x86_64 xen-runtime 4.17.4 1.mga9 x86_64 193MB of additional disk space will be used. 115MB of packages will be retrieved. Proceed with the installation of the 11 packages? (Y/n) y https://mirror.math.princeton.edu/pub/mageia/distrib/9/x86_64/media/core/release/python3-lxml-4.9.2-1.mga9.x86_64.rpm https://mirror.math.princeton.edu/pub/mageia/distrib/9/x86_64/media/core/release/edk2-ovmf-xen-20221117gitfff6d81270b5-7.mga9.noarch.rpm https://mirror.math.princeton.edu/pub/mageia/distrib/9/x86_64/media/core/updates/kernel-server-6.6.22-1.mga9.x86_64.rpm installing /var/cache/urpmi/rpms/kernel-server-6.6.22-1.mga9.x86_64.rpm /home/katnatek/qa-testing/x86_64/xen-hypervisor-4.17.4-1.mga9.x86_64.rpm /home/katnatek/qa-testing/x86_64/xen-licenses-4.17.4-1.mga9.x86_64.rpm /home/katnatek/qa-testing/x86_64/xen-4.17.4-1.mga9.x86_64.rpm /var/cache/urpmi/rpms/python3-lxml-4.9.2-1.mga9.x86_64.rpm /home/katnatek/qa-testing/x86_64/ocaml-xen-devel-4.17.4-1.mga9.x86_64.rpm /home/katnatek/qa-testing/x86_64/lib64xen3.0-4.17.4-1.mga9.x86_64.rpm /home/katnatek/qa-testing/x86_64/xen-runtime-4.17.4-1.mga9.x86_64.rpm /home/katnatek/qa-testing/x86_64/lib64xen-devel-4.17.4-1.mga9.x86_64.rpm /home/katnatek/qa-testing/x86_64/ocaml-xen-4.17.4-1.mga9.x86_64.rpm /var/cache/urpmi/rpms/edk2-ovmf-xen-20221117gitfff6d81270b5-7.mga9.noarch.rpm Preparing... ###################################################################################### 1/11: xen-licenses ###################################################################################### 2/11: lib64xen3.0 ###################################################################################### 3/11: lib64xen-devel ###################################################################################### 4/11: ocaml-xen ###################################################################################### 5/11: edk2-ovmf-xen ###################################################################################### 6/11: xen-hypervisor ###################################################################################### Generating grub configuration file ... Found theme: /boot/grub2/themes/maggy/theme.txt Found linux image: /boot/vmlinuz-6.6.22-desktop-1.mga9 Found initrd image: /boot/initrd-6.6.22-desktop-1.mga9.img Found linux image: /boot/vmlinuz-6.6.22-desktop-1.mga9 Found initrd image: /boot/initrd-6.6.22-desktop-1.mga9.img Found memtest image: /boot/memtest Adding boot menu entry for UEFI Firmware Settings ... done 7/11: python3-lxml ###################################################################################### 8/11: kernel-server ###################################################################################### 9/11: xen-runtime ###################################################################################### Created symlink /etc/systemd/system/multi-user.target.wants/xenstored.service -> /usr/lib/systemd/system/xenstored.service. Created symlink /etc/systemd/system/multi-user.target.wants/xenconsoled.service -> /usr/lib/systemd/system/xenconsoled.service. 10/11: xen ###################################################################################### Created symlink /etc/systemd/system/multi-user.target.wants/xendomains.service -> /usr/lib/systemd/system/xendomains.service. 11/11: ocaml-xen-devel ###################################################################################### 1/5: removing ocaml-xen-devel-4.17.3-1.1.mga9.x86_64 ###################################################################################### 2/5: removing lib64xen-devel-4.17.3-1.1.mga9.x86_64 ###################################################################################### 3/5: removing ocaml-xen-4.17.3-1.1.mga9.x86_64 ###################################################################################### 4/5: removing lib64xen3.0-4.17.3-1.1.mga9.x86_64 ###################################################################################### 5/5: removing xen-licenses-4.17.3-1.1.mga9.x86_64 ###################################################################################### remove-boot-splash: Format of /boot/initrd-6.6.22-server-1.mga9.img not recognized You should restart your computer for kernel-server Tomorrow the rest of the test
Created attachment 14498 [details] Commands testing xen RH mageia 9 x86_64 Boot Mageia with Xen HyoerVisor Still see the warning at boot time reported https://bugs.mageia.org/show_bug.cgi?id=32905#c10 Run the same commands as in https://bugs.mageia.org/show_bug.cgi?id=32905#c11 Looks good
CC: (none) => andrewsfarm
Whiteboard: (none) => MGA9-64-OK
Validating.
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGAA-2024-0128.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED