Re: [SECURITY] [DSA 2337-1] xen security update
*** NOTE: ***
Your message was sent from an address which is not on the list
of people who are authorized to post to this mailing list.
Therefore, your message has been forwarded to the list maintainer
for manual processing.
If you do not see your message appear on the list or in the
mailing list archives within a few business days, you may wish
to contact the mailing list maintainer to investigate the delay.
-- W3C Postmaster
http://www.w3.org/Mail/
your message follows:
----------------------------------------------------------------------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- -------------------------------------------------------------------------
Debian Security Advisory DSA-2337-1 security@debian.org
http://www.debian.org/security/ Thijs Kinkhorst
November 6, 2011 http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : xen
Vulnerability : several vulnerabilities
Problem type : local
Debian-specific: no
CVE ID : CVE-2011-1166 CVE-2011-1583 CVE-2011-1898 CVE-2011-3262
Several vulnerabilities were discovered in the Xen virtual machine
hypervisor.
CVE-2011-1166
A 64-bit guest can get one of its vCPU'ss into non-kernel
mode without first providing a valid non-kernel pagetable,
thereby locking up the host system.
CVE-2011-1583, CVE-2011-3262
Local users can cause a denial of service and possibly execute
arbitrary code via a crafted paravirtualised guest kernel image.
CVE-2011-1898
When using PCI passthrough on Intel VT-d chipsets that do not
have interrupt remapping, guest OS can users to gain host OS
privileges by writing to the interrupt injection registers.
The oldstable distribution (lenny) contains a different version of Xen
not affected by these problems.
For the stable distribution (squeeze), this problem has been fixed in
version 4.0.1-4.
For the testing (wheezy) and unstable distribution (sid), this problem
has been fixed in version 4.1.1-1.
We recommend that you upgrade your xen packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQEcBAEBAgAGBQJOtkMgAAoJEOxfUAG2iX57YfsH/i3q1DpaRYJUKc+HZDWe1dub
b2r1XeB/BU7qEHMDHVz74+Htp+//8Pj1nDt58qAskk+bP7l9EQJyu1x97Fiox1lH
xFZgMlRfrytpoGNmwA9qDsjmyDihukr2lTiG8xrTXynmqIGYcLJa2p9rCsmyY0YJ
04U9mbW4qzkR7Tcd+XSoyHhQWP93fXX0pf4DqNKvvi5Mj3CqXMUEzy2tQ/SSNQPM
Kkj3WwRn7Qf+Ffk/dA9Mg00fv396kuyam+Jf5TiRd1vCy+kJo4ZxxYDdXQf2NRYc
y3gFIKYL4DG5sRD+dsEdL6NlxcuWTAq9KnV0ETEZKEXdU2hg1ESJ7KEwsT9hAWg=
=vnx3
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: http://lists.debian.org/20111106082143.5914C59F99@kinkhorst.com
Reply to: