Debian: DSA-3633-1 Critical: Xen Denial Of Service And Escalation
debian
July 27, 2016
Multiple vulnerabilities have been discovered in the Xen hypervisor
Topics Covered
Summary
Multiple vulnerabilities have been discovered in the Xen hypervisor. The
Common Vulnerabilities and Exposures project identifies the following
problems:
CVE-2015-8338
Julien Grall discovered that Xen on ARM was susceptible to denial
of service via long running memory operations.
CVE-2016-4480
Jan Beulich discovered that incorrect page table handling could
result in privilege escalation inside a Xen guest instance.
CVE-2016-4962
Wei Liu discovered multiple cases of missing input sanitising in
libxl which could result in denial of service.
CVE-2016-5242
Aaron Cornelius discovered that incorrect resource handling on
ARM systems could result in denial of service.
CVE-2016-6258
Jeremie Boutoille discovered that incorrect pagetable handling in
PV instances could result in guest to host privilege escalation.
For the stable distribution (jessie), these problems have been fixed in
version 4.4.1-9+deb8u6.
For the unstable distribution (sid), these problems will be fixed soon.
...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: xen
CVE ID: CVE-2015-8338 CVE-2016-4480 CVE-2016-4962 CVE-2016-5242
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!