Debian alert DSA-2337-1 (xen)
| From: | Thijs Kinkhorst <thijs@debian.org> | |
| To: | debian-security-announce@lists.debian.org | |
| Subject: | [SECURITY] [DSA 2337-1] xen security update | |
| Date: | Sun, 6 Nov 2011 09:21:43 +0100 (CET) | |
| Message-ID: | <20111106082143.5914C59F99@kinkhorst.com> | |
| Archive‑link: | Article |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2337-1 security@debian.org http://www.debian.org/security/ Thijs Kinkhorst November 6, 2011 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : xen Vulnerability : several vulnerabilities Problem type : local Debian-specific: no CVE ID : CVE-2011-1166 CVE-2011-1583 CVE-2011-1898 CVE-2011-3262 Several vulnerabilities were discovered in the Xen virtual machine hypervisor. CVE-2011-1166 A 64-bit guest can get one of its vCPU'ss into non-kernel mode without first providing a valid non-kernel pagetable, thereby locking up the host system. CVE-2011-1583, CVE-2011-3262 Local users can cause a denial of service and possibly execute arbitrary code via a crafted paravirtualised guest kernel image. CVE-2011-1898 When using PCI passthrough on Intel VT-d chipsets that do not have interrupt remapping, guest OS can users to gain host OS privileges by writing to the interrupt injection registers. The oldstable distribution (lenny) contains a different version of Xen not affected by these problems. For the stable distribution (squeeze), this problem has been fixed in version 4.0.1-4. For the testing (wheezy) and unstable distribution (sid), this problem has been fixed in version 4.1.1-1. We recommend that you upgrade your xen packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJOtkMgAAoJEOxfUAG2iX57YfsH/i3q1DpaRYJUKc+HZDWe1dub b2r1XeB/BU7qEHMDHVz74+Htp+//8Pj1nDt58qAskk+bP7l9EQJyu1x97Fiox1lH xFZgMlRfrytpoGNmwA9qDsjmyDihukr2lTiG8xrTXynmqIGYcLJa2p9rCsmyY0YJ 04U9mbW4qzkR7Tcd+XSoyHhQWP93fXX0pf4DqNKvvi5Mj3CqXMUEzy2tQ/SSNQPM Kkj3WwRn7Qf+Ffk/dA9Mg00fv396kuyam+Jf5TiRd1vCy+kJo4ZxxYDdXQf2NRYc y3gFIKYL4DG5sRD+dsEdL6NlxcuWTAq9KnV0ETEZKEXdU2hg1ESJ7KEwsT9hAWg= =vnx3 -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org Archive: http://lists.debian.org/20111106082143.5914C59F99@kinkhor...