Re: [#29463] [SECURITY] [DSA 2337-1] xen security update

To: debian-security@lists.debian.org
Subject: Re: [#29463] [SECURITY] [DSA 2337-1] xen security update
From: Cadre Web Hosting Support <support@getcadre.com>
Date: Mon, 7 Nov 2011 13:00:27 -0500
Message-id: <[🔎] 0d9a4642ca4cdd02515a6f4f66923c24@billing.advomatic.com>
Reply-to: Cadre Web Hosting Support <support@getcadre.com>

Ok,

Looks like we're running 4.0.1-2 everywhere, from what I can see (or will be soon, once squeeze is on all VPS's).

All the issues in the notice are addressed in 4.0.1-4 (squeeze (security)):
"squeeze (security)	4.0.1-4	fixed"

CVE-2011-1166 references the following:

DSA-2337-1 - which references the following (all that where listed in the notice we where sent): 


CVE-2011-1898 (ref DSA-2337-1)
NVD severity	high (attack range: remote)
"...when using PCI passthrough on Intel VT-d chipsets that do not have interrupt remapping, allows guest OS users to gain host OS privileges by "using DMA to generate MSI interrupts by writing to the interrupt injection registers.""

CVE-2011-1583 (ref DSA-2337-1)
NVD severity	medium (attack range: local)

CVE-2011-3262 (ref DSA-2337-1)
NVD severity	low (attack range: local)

As far as patching is concerned, I can't seem to find any discernible way to tell if the program and associated libraries have had a patch applied on Debian? Is there and easy way in Debian to tell this?

Thanks,
Wrex


-- 
Wrex Allen
Cadre Web Hosting
Systems Administration & Support

Reply to:

Follow-Ups:
- Re: [#29463] [SECURITY] [DSA 2337-1] xen security update
  - From: Dan Wallis <dan@e2digital.co.nz>

Prev by Date: Re: [SECURITY] [DSA 2337-1] xen security update
Next by Date: Odp.: [SECURITY] [DSA 2336-1] ffmpeg security update
Previous by thread: Re: [SECURITY] [DSA 2337-1] xen security update
Next by thread: Re: [#29463] [SECURITY] [DSA 2337-1] xen security update
Index(es):
- Date
- Thread