[SECURITY] [DLA 964-1] xen security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 964-1] xen security update
From: Felix Geyer <felix.geyer@credativ.de>
Date: Thu, 01 Jun 2017 10:54:26 +0200
Message-id: <[🔎] E1dGLsA-0002xj-KF@naiad>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : xen
Version        : 4.1.6.lts1-8
CVE ID         : CVE-2016-9932 CVE-2017-7995 CVE-2017-8903 CVE-2017-8904 
                 CVE-2017-8905


Multiple vulnerabilities have been discovered in the Xen hypervisor. The
Common Vulnerabilities and Exposures project identifies the following
problems:

CVE-2016-9932 (XSA-200)

    CMPXCHG8B emulation allows local HVM guest OS users to obtain sensitive
    information from host stack memory.

CVE-2017-7995

    Description
    Xen checks access permissions to MMIO ranges only after accessing them,
    allowing host PCI device space memory reads.

CVE-2017-8903 (XSA-213)

    Xen mishandles page tables after an IRET hypercall which can lead to
    arbitrary code execution on the host OS. The vulnerability is only exposed
    to 64-bit PV guests.

CVE-2017-8904 (XSA-214)

    Xen mishandles the "contains segment descriptors" property during
    GNTTABOP_transfer. This might allow PV guest OS users to execute arbitrary
    code on the host OS.

CVE-2017-8905 (XSA-215)

    Xen mishandles a failsafe callback which might allow PV guest OS users to
    execute arbitrary code on the host OS.

For Debian 7 "Wheezy", these problems have been fixed in version
4.1.6.lts1-8.

We recommend that you upgrade your xen packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEFkxwUS95KUdnZKtW/iLG/YMTXUUFAlkv1MoACgkQ/iLG/YMT
XUULTg/+OEFXWio+fsYbgoka1ledWE/O9uNrXEW1tfS+OiM22cAUfiDhxZtOGzFE
Ju7bQkvDAQPllD0Yx5Ni7Q2cz8IsMEEk4s7cJajwaURcSvTdMORcVbzEXYDvqOZg
tN3qbK+/n5TQZ/jDC6TUkFjRrYHEQb2IBds02rWyhE2paQhUXmPMcz+AXgbvc9o3
ZNojI8HgMZM1cjlAFVyKU9yl0XjxUFKr91Ud/4SAHiGl1bUEWpwKQZFRKyJ4h6Lp
uavwRC/lkI7weQGGpgZgQzcYRMbg2ZVKYgGd8aYw5bi4GaysWmuY+QIncVCR5NEZ
K34idY5dNtOzoXek3RAQ3L64CqRc4NlTgJxDxKfJLyj94FGahFifII/SPsbKpjRK
yuV9PHzdOhpmcFFNNXpV93BRGizy1QFEVEPJH00+Bnuod18L9cj8srhQBzIbFNNP
rUArxc09Za4ys6xJ+jBdvWEm3g4cPpIWiGcxy+zuCQoSBipItj1KqNxr/J1dWTSe
LOYDKnWOn/L6IF0qngHxHeIthJaXJoif0ORAbvoeI3mVUr/Sos2U3QXURNv1FP+8
qB0pY8B1JAeEU7JBeJTwcw09b1O9JkS5yGntuJ1ZEFIcdzqhnDpbdADAjMgSwGLz
TClDKSb9v6XVXfPyLKMKdgLwI0uj5WhgHRxOrEhtLz8h7wER0/w=
=Aczg
-----END PGP SIGNATURE-----

Reply to:

Next by Date: [SECURITY] [DLA 973-1] strongswan security update
Next by thread: [SECURITY] [DLA 973-1] strongswan security update
Index(es):
- Date
- Thread