Debian: DSA-3286-1: xen security update

    Date13 Jun 2015
    CategoryDebian
    82
    Posted ByLinuxSecurity Advisories
    Multiple security issues have been found in the Xen virtualisation solution: CVE-2015-3209
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1
    
    - -------------------------------------------------------------------------
    Debian Security Advisory DSA-3286-1                   This email address is being protected from spambots. You need JavaScript enabled to view it.
    	
    https://www.debian.org/security/                       Moritz Muehlenhoff
    June 13, 2015                         https://www.debian.org/security/faq
    - -------------------------------------------------------------------------
    
    Package        : xen
    CVE ID         : CVE-2015-3209 CVE-2015-4103 CVE-2015-4104 CVE-2015-4105
                     CVE-2015-4106 CVE-2015-4163 CVE-2015-4164
    
    Multiple security issues have been found in the Xen virtualisation
    solution:
               
    CVE-2015-3209
    
        Matt Tait discovered a flaw in the way QEMU's AMD PCnet Ethernet
        emulation handles multi-TMD packets with a length above 4096 bytes.
        A privileged guest user in a guest with an AMD PCNet ethernet card
        enabled can potentially use this flaw to execute arbitrary code on
        the host with the privileges of the hosting QEMU process.
    
    CVE-2015-4103
    
        Jan Beulich discovered that the QEMU Xen code does not properly
        restrict write access to the host MSI message data field, allowing
        a malicious guest to cause a denial of service.
    
    CVE-2015-4104
    
        Jan Beulich discovered that the QEMU Xen code does not properly
        restrict access to PCI MSI mask bits, allowing a malicious guest to
        cause a denial of service.
    
    CVE-2015-4105
    
        Jan Beulich reported that the QEMU Xen code enables logging for PCI
        MSI-X pass-through error messages, allowing a malicious guest to
        cause a denial of service.
    
    CVE-2015-4106
    
        Jan Beulich discovered that the QEMU Xen code does not properly restrict
        write access to the PCI config space for certain PCI pass-through devices,
        allowing a malicious guest to cause a denial of service, obtain sensitive
        information or potentially execute arbitrary code.
    
    CVE-2015-4163
    
        Jan Beulich discovered that a missing version check in the
        GNTTABOP_swap_grant_ref hypercall handler may result in denial of service.
        This only applies to Debian stable/jessie.
    
    CVE-2015-4164
    
        Andrew Cooper discovered a vulnerability in the iret hypercall handler,
        which may result in denial of service.
    
    For the oldstable distribution (wheezy), these problems have been fixed
    in version 4.1.4-3+deb7u8. 
    
    For the stable distribution (jessie), these problems have been fixed in
    version 4.4.1-9+deb8u1. CVE-2015-3209, CVE-2015-4103, CVE-2015-4104,
    CVE-2015-4105 and CVE-2015-4106 don't affect the Xen package in stable
    jessie, it uses the standard qemu package and has already been fixed in
    DSA-3284-1.
    
    For the unstable distribution (sid), these problems will be fixed soon.
    
    We recommend that you upgrade your xen packages.
    
    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/
    
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"37","type":"x","order":"1","pct":51.39,"resources":[]},{"id":"88","title":"Should be more technical","votes":"10","type":"x","order":"2","pct":13.89,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"25","type":"x","order":"3","pct":34.72,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.