1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 3140-1] xen security update

    From Moritz Muehlenhoff@1:229/2 to All on Tue Jan 27 12:00:03 2015
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-3140-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff January 27, 2015 http://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : xen
    CVE ID : CVE-2014-8594 CVE-2014-8595 CVE-2014-8866 CVE-2014-8867
    CVE-2014-9030

    Multiple security issues have been discovered in the Xen virtualisation solution which may result in denial of service, information disclosure
    or privilege escalation.

    CVE-2014-8594

    Roger Pau Monne and Jan Beulich discovered that incomplete
    restrictions on MMU update hypercalls may result in privilege
    escalation.

    CVE-2014-8595

    Jan Beulich discovered that missing privilege level checks in the
    x86 emulation of far branches may result in privilege escalation.

    CVE-2014-8866

    Jan Beulich discovered that an error in compatibility mode hypercall
    argument translation may result in denial of service.

    CVE-2014-8867

    Jan Beulich discovered that an insufficient restriction in
    acceleration support for the "REP MOVS" instruction may result in
    denial of service.

    CVE-2014-9030

    Andrew Cooper discovered a page reference leak in MMU_MACHPHYS_UPDATE
    handling, resulting in denial of service.

    For the stable distribution (wheezy), these problems have been fixed in
    version 4.1.4-3+deb7u4.

    For the upcoming stable distribution (jessie), these problems have been
    fixed in version 4.4.1-4.

    For the unstable distribution (sid), these problems have been fixed in
    version 4.4.1-4.

    We recommend that you upgrade your xen packages.

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1

    iQIcBAEBAgAGBQJUx233AAoJEBDCk7bDfE427SwP/0vk4BEClNotQKKEEJduVMP2 zb8b++/f4ZocQgezJ9/oew8UGgd9Klq6XcIh5BVaQi6PD70sw4uWX03820PCs88X ywRCrTHSXPfPlwOG6dY8nZ1oOUItP64N03j+nugI27GNPgmJpu7xgewmY+c8vZpF r5sEjhINwgDmHMCgb8bCFKQ/7UDUcE2MZJVF++oWuKusvCFo57cG/pakRwF9XFsw Aw24obp7vySzOs5mThid3asOHcNqUYZml1YTI6E3nxL+bL9K11KFZzl98a75Q4YI HJJuqJk3H5CO+GCSq2Dl6NzHBWA7hCFepaKilhj/Ao6vnAoqbkFjklwczofXM6fq wQ1586wFp6ZTFtawn66DKoeT3CQp+OhOce5N4X3num6Ev32yaK8Rox7CF9xena6Q ubEEW2pKKblwFJRVm9wyBo1RQvPUyMUsvbq+DNX2GBJ1+wOzIMqm0K9G7+nFlGI8 Z7u3RIgLTolzgFN0NR6B4A03/0kOYKNlrFuJB8wXerkwFsK/X4wX/f2dRJRleiNX JzDvWYCfcjWTrRjcvGdotNELdDoz+eePFuRzp7Os4SdJE2dxdWBsmvqU/NXc8pBL d1FtjPArM8IndL0Mf6+oPz3uAAFPjbaeTRQk/uhX7HPVN9gLDqyLWGuCsaf+seMu 9IwVAOzHz+HymOHT02af
    =5heI
    -----END PGP SIGNATURE-----


    --
    To UNSUBSCRIBE, email to [email protected]
    with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)
  • From Pim van den Berg@1:229/2 to Moritz Muehlenhoff on Wed Jan 28 14:40:02 2015
    XPost: linux.debian.security
    From: [email protected]

    Running only PV guests will avoid this issue.

    No upgrade needed.


    On Tue, Jan 27, 2015 at 11:53:46AM +0100, Moritz Muehlenhoff wrote:
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-3140-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff January 27, 2015 http://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : xen
    CVE ID : CVE-2014-8594 CVE-2014-8595 CVE-2014-8866 CVE-2014-8867
    CVE-2014-9030

    Multiple security issues have been discovered in the Xen virtualisation solution which may result in denial of service, information disclosure
    or privilege escalation.

    CVE-2014-8594

    Roger Pau Monne and Jan Beulich discovered that incomplete
    restrictions on MMU update hypercalls may result in privilege
    escalation.

    CVE-2014-8595

    Jan Beulich discovered that missing privilege level checks in the
    x86 emulation of far branches may result in privilege escalation.

    CVE-2014-8866

    Jan Beulich discovered that an error in compatibility mode hypercall
    argument translation may result in denial of service.

    CVE-2014-8867

    Jan Beulich discovered that an insufficient restriction in
    acceleration support for the "REP MOVS" instruction may result in
    denial of service.

    CVE-2014-9030

    Andrew Cooper discovered a page reference leak in MMU_MACHPHYS_UPDATE
    handling, resulting in denial of service.

    For the stable distribution (wheezy), these problems have been fixed in version 4.1.4-3+deb7u4.

    For the upcoming stable distribution (jessie), these problems have been
    fixed in version 4.4.1-4.

    For the unstable distribution (sid), these problems have been fixed in version 4.4.1-4.

    We recommend that you upgrade your xen packages.

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1

    iQIcBAEBAgAGBQJUx233AAoJEBDCk7bDfE427SwP/0vk4BEClNotQKKEEJduVMP2 zb8b++/f4ZocQgezJ9/oew8UGgd9Klq6XcIh5BVaQi6PD70sw4uWX03820PCs88X ywRCrTHSXPfPlwOG6dY8nZ1oOUItP64N03j+nugI27GNPgmJpu7xgewmY+c8vZpF r5sEjhINwgDmHMCgb8bCFKQ/7UDUcE2MZJVF++oWuKusvCFo57cG/pakRwF9XFsw Aw24obp7vySzOs5mThid3asOHcNqUYZml1YTI6E3nxL+bL9K11KFZzl98a75Q4YI HJJuqJk3H5CO+GCSq2Dl6NzHBWA7hCFepaKilhj/Ao6vnAoqbkFjklwczofXM6fq wQ1586wFp6ZTFtawn66DKoeT3CQp+OhOce5N4X3num6Ev32yaK8Rox7CF9xena6Q ubEEW2pKKblwFJRVm9wyBo1RQvPUyMUsvbq+DNX2GBJ1+wOzIMqm0K9G7+nFlGI8 Z7u3RIgLTolzgFN0NR6B4A03/0kOYKNlrFuJB8wXerkwFsK/X4wX/f2dRJRleiNX JzDvWYCfcjWTrRjcvGdotNELdDoz+eePFuRzp7Os4SdJE2dxdWBsmvqU/NXc8pBL d1FtjPArM8IndL0Mf6+oPz3uAAFPjbaeTRQk/uhX7HPVN9gLDqyLWGuCsaf+seMu 9IwVAOzHz+HymOHT02af
    =5heI
    -----END PGP SIGNATURE-----


    --
    To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]

    --
    Regards,
    Pim van den Berg - Cloud Infrastructure Engineer
    GPG: 0x50A8EDDA - [email protected] - www.mendix.com


    --
    To UNSUBSCRIBE, email to [email protected]
    with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)