1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 2337-1] xen security update

    From Thijs Kinkhorst@1:229/2 to All on Sun Nov 6 09:30:01 2011
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-2337-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst November 6, 2011 http://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : xen
    Vulnerability : several vulnerabilities
    Problem type : local
    Debian-specific: no
    CVE ID : CVE-2011-1166 CVE-2011-1583 CVE-2011-1898 CVE-2011-3262

    Several vulnerabilities were discovered in the Xen virtual machine
    hypervisor.

    CVE-2011-1166

    A 64-bit guest can get one of its vCPU'ss into non-kernel
    mode without first providing a valid non-kernel pagetable,
    thereby locking up the host system.

    CVE-2011-1583, CVE-2011-3262

    Local users can cause a denial of service and possibly execute
    arbitrary code via a crafted paravirtualised guest kernel image.

    CVE-2011-1898

    When using PCI passthrough on Intel VT-d chipsets that do not
    have interrupt remapping, guest OS can users to gain host OS
    privileges by writing to the interrupt injection registers.

    The oldstable distribution (lenny) contains a different version of Xen
    not affected by these problems.

    For the stable distribution (squeeze), this problem has been fixed in
    version 4.0.1-4.

    For the testing (wheezy) and unstable distribution (sid), this problem
    has been fixed in version 4.1.1-1.

    We recommend that you upgrade your xen packages.

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: http://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.10 (GNU/Linux)

    iQEcBAEBAgAGBQJOtkMgAAoJEOxfUAG2iX57YfsH/i3q1DpaRYJUKc+HZDWe1dub b2r1XeB/BU7qEHMDHVz74+Htp+//8Pj1nDt58qAskk+bP7l9EQJyu1x97Fiox1lH xFZgMlRfrytpoGNmwA9qDsjmyDihukr2lTiG8xrTXynmqIGYcLJa2p9rCsmyY0YJ 04U9mbW4qzkR7Tcd+XSoyHhQWP93fXX0pf4DqNKvvi5Mj3CqXMUEzy2tQ/SSNQPM Kkj3WwRn7Qf+Ffk/dA9Mg00fv396kuyam+Jf5TiRd1vCy+kJo4ZxxYDdXQf2NRYc y3gFIKYL4DG5sRD+dsEdL6NlxcuWTAq9KnV0ETEZKEXdU2hg1ESJ7KEwsT9hAWg=
    =vnx3
    -----END PGP SIGNATURE-----


    --
    To UNSUBSCRIBE, email to [email protected]
    with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)