Ubuntu: Security Notice USN-2636-1 for Xen DoS Vulnerabilities
debian
March 1, 2013
Multiple vulnerabilities have been discovered in the Xen hypervisor
Topics Covered
Summary
Multiple vulnerabilities have been discovered in the Xen hypervisor. The
Common Vulnerabilities and Exposures project identifies the following
problems:
CVE-2012-4544
Insufficient validation of kernel or ramdisk sizes in the Xen PV
domain builder could result in denial of service.
CVE-2012-5511
Several HVM control operations performed insufficient validation of
input, which could result in denial of service through resource
exhaustion.
CVE-2012-5634
Incorrect interrupt handling when using VT-d hardware could result
in denial of service.
CVE-2013-0153
Insufficient restriction of interrupt access could result in denial
of service.
For the stable distribution (squeeze), these problems have been fixed in
version 4.0.1-5.7.
For the testing distribution (wheezy), these problems have been fixed in
version 4.1.4-2.
For the unstable distribution (sid), these problems have been fixed in
version 4.1.4-2.
We recommend that you upgrade your xen packages.
Further information about...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: xen
CVE ID: CVE-2012-4544 CVE-2012-5511 CVE-2012-5634 CVE-2013-0153
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!