2015 m. birželio 18 d., ketvirtadienis

[SECURITY] [DSA 3286-1] xen security update

- ------------------------------------------------------------
-------------
Debian Security Advisory DSA-3286-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
June 13, 2015                         https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : xen
CVE ID         : CVE-2015-3209 CVE-2015-4103 CVE-2015-4104 CVE-2015-4105
                 CVE-2015-4106 CVE-2015-4163 CVE-2015-4164

Multiple security issues have been found in the Xen virtualisation
solution:

CVE-2015-3209

    Matt Tait discovered a flaw in the way QEMU's AMD PCnet Ethernet
    emulation handles multi-TMD packets with a length above 4096 bytes.
    A privileged guest user in a guest with an AMD PCNet ethernet card
    enabled can potentially use this flaw to execute arbitrary code on
    the host with the privileges of the hosting QEMU process.

CVE-2015-4103

    Jan Beulich discovered that the QEMU Xen code does not properly
    restrict write access to the host MSI message data field, allowing
    a malicious guest to cause a denial of service.

CVE-2015-4104

    Jan Beulich discovered that the QEMU Xen code does not properly
    restrict access to PCI MSI mask bits, allowing a malicious guest to
    cause a denial of service.

CVE-2015-4105

    Jan Beulich reported that the QEMU Xen code enables logging for PCI
    MSI-X pass-through error messages, allowing a malicious guest to
    cause a denial of service.

CVE-2015-4106

    Jan Beulich discovered that the QEMU Xen code does not properly restrict
    write access to the PCI config space for certain PCI pass-through devices,
    allowing a malicious guest to cause a denial of service, obtain sensitive
    information or potentially execute arbitrary code.

CVE-2015-4163

    Jan Beulich discovered that a missing version check in the
    GNTTABOP_swap_grant_ref hypercall handler may result in denial of service.
    This only applies to Debian stable/jessie.

CVE-2015-4164

    Andrew Cooper discovered a vulnerability in the iret hypercall handler,
    which may result in denial of service.

For the oldstable distribution (wheezy), these problems have been fixed
in version 4.1.4-3+deb7u8.

For the stable distribution (jessie), these problems have been fixed in
version 4.4.1-9+deb8u1. CVE-2015-3209, CVE-2015-4103, CVE-2015-4104,
CVE-2015-4105 and CVE-2015-4106 don't affect the Xen package in stable
jessie, it uses the standard qemu package and has already been fixed in
DSA-3284-1.

For the unstable distribution (sid), these problems will be fixed soon.

We recommend that you upgrade your xen packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org

Komentarų nėra:

Rašyti komentarą