Debian: DSA-3390-1: xen security update

Date 02 Nov 2015

Category Debian Linux Distribution - Security Advisories

187

Posted By LinuxSecurity Advisories

It was discovered that the code to validate level 2 page table entries is bypassed when certain conditions are satisfied. A malicious PV guest administrator can take advantage of this flaw to gain privileges via a crafted superpage mapping.


- -------------------------------------------------------------------------
Debian Security Advisory DSA-3390-1                   This email address is being protected from spambots. You need JavaScript enabled to view it.
https://www.debian.org/security/                     Salvatore Bonaccorso
November 02, 2015                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : xen
CVE ID         : CVE-2015-7835

It was discovered that the code to validate level 2 page table entries
is bypassed when certain conditions are satisfied. A malicious PV guest
administrator can take advantage of this flaw to gain privileges via a
crafted superpage mapping.

For the oldstable distribution (wheezy), this problem has been fixed
in version 4.1.4-3+deb7u9.

For the stable distribution (jessie), this problem has been fixed in
version 4.4.1-9+deb8u2.

We recommend that you upgrade your xen packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.