[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DSA 2337-1] xen security update



*** NOTE: ***

    Your message was sent from an address which is not on the list
    of people who are authorized to post to this mailing list.
    Therefore, your message has been forwarded to the list maintainer
    for manual processing.

    If you do not see your message appear on the list or in the
    mailing list archives within a few business days, you may wish
    to contact the mailing list maintainer to investigate the delay.

    -- W3C Postmaster
       http://www.w3.org/Mail/

your message follows:
----------------------------------------------------------------------------

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2337-1                   security@debian.org
http://www.debian.org/security/                           Thijs Kinkhorst
November 6, 2011                       http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : xen
Vulnerability  : several vulnerabilities
Problem type   : local
Debian-specific: no
CVE ID         : CVE-2011-1166 CVE-2011-1583 CVE-2011-1898 CVE-2011-3262

Several vulnerabilities were discovered in the Xen virtual machine
hypervisor. 

CVE-2011-1166

  A 64-bit guest can get one of its vCPU'ss into non-kernel
  mode without first providing a valid non-kernel pagetable,
  thereby locking up the host system.

CVE-2011-1583, CVE-2011-3262

  Local users can cause a denial of service and possibly execute
  arbitrary code via a crafted paravirtualised guest kernel image.

CVE-2011-1898

  When using PCI passthrough on Intel VT-d chipsets that do not
  have interrupt remapping, guest OS can users to gain host OS
  privileges by writing to the interrupt injection registers.

The oldstable distribution (lenny) contains a different version of Xen
not affected by these problems.

For the stable distribution (squeeze), this problem has been fixed in
version 4.0.1-4.

For the testing (wheezy) and unstable distribution (sid), this problem
has been fixed in version 4.1.1-1.

We recommend that you upgrade your xen packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBAgAGBQJOtkMgAAoJEOxfUAG2iX57YfsH/i3q1DpaRYJUKc+HZDWe1dub
b2r1XeB/BU7qEHMDHVz74+Htp+//8Pj1nDt58qAskk+bP7l9EQJyu1x97Fiox1lH
xFZgMlRfrytpoGNmwA9qDsjmyDihukr2lTiG8xrTXynmqIGYcLJa2p9rCsmyY0YJ
04U9mbW4qzkR7Tcd+XSoyHhQWP93fXX0pf4DqNKvvi5Mj3CqXMUEzy2tQ/SSNQPM
Kkj3WwRn7Qf+Ffk/dA9Mg00fv396kuyam+Jf5TiRd1vCy+kJo4ZxxYDdXQf2NRYc
y3gFIKYL4DG5sRD+dsEdL6NlxcuWTAq9KnV0ETEZKEXdU2hg1ESJ7KEwsT9hAWg=
=vnx3
-----END PGP SIGNATURE-----


-- 
To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: http://lists.debian.org/20111106082143.5914C59F99@kinkhorst.com


Reply to: