it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 2337-1] xen security update

From: Thijs Kinkhorst <thijs AT debian.org>
To: debian-security-announce AT lists.debian.org
Subject: [IT-SecNots] [SECURITY] [DSA 2337-1] xen security update
Date: Sun, 6 Nov 2011 09:21:43 +0100 (CET)
List-archive: <https://service.piratenpartei.de/pipermail/it-securitynotifies>
List-id: Sicherheitsankündigungen <it-securitynotifies.lists.piratenpartei.de>
Old-return-path: <thijs AT kinkhorst.com>
Priority: urgent
Resent-date: Sun, 6 Nov 2011 08:22:12 +0000 (UTC)
Resent-from: debian-security-announce AT lists.debian.org
Resent-message-id: <GkFpt_FmVEM.A.-vB.0OktOB@liszt>
Resent-sender: debian-security-announce-request AT lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2337-1 security AT debian.org
http://www.debian.org/security/ Thijs Kinkhorst
November 6, 2011 http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : xen
Vulnerability : several vulnerabilities
Problem type : local
Debian-specific: no
CVE ID : CVE-2011-1166 CVE-2011-1583 CVE-2011-1898 CVE-2011-3262

Several vulnerabilities were discovered in the Xen virtual machine
hypervisor.

CVE-2011-1166

A 64-bit guest can get one of its vCPU'ss into non-kernel
mode without first providing a valid non-kernel pagetable,
thereby locking up the host system.

CVE-2011-1583, CVE-2011-3262

Local users can cause a denial of service and possibly execute
arbitrary code via a crafted paravirtualised guest kernel image.

CVE-2011-1898

When using PCI passthrough on Intel VT-d chipsets that do not
have interrupt remapping, guest OS can users to gain host OS
privileges by writing to the interrupt injection registers.

The oldstable distribution (lenny) contains a different version of Xen
not affected by these problems.

For the stable distribution (squeeze), this problem has been fixed in
version 4.0.1-4.

For the testing (wheezy) and unstable distribution (sid), this problem
has been fixed in version 4.1.1-1.

We recommend that you upgrade your xen packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBAgAGBQJOtkMgAAoJEOxfUAG2iX57YfsH/i3q1DpaRYJUKc+HZDWe1dub
b2r1XeB/BU7qEHMDHVz74+Htp+//8Pj1nDt58qAskk+bP7l9EQJyu1x97Fiox1lH
xFZgMlRfrytpoGNmwA9qDsjmyDihukr2lTiG8xrTXynmqIGYcLJa2p9rCsmyY0YJ
04U9mbW4qzkR7Tcd+XSoyHhQWP93fXX0pf4DqNKvvi5Mj3CqXMUEzy2tQ/SSNQPM
Kkj3WwRn7Qf+Ffk/dA9Mg00fv396kuyam+Jf5TiRd1vCy+kJo4ZxxYDdXQf2NRYc
y3gFIKYL4DG5sRD+dsEdL6NlxcuWTAq9KnV0ETEZKEXdU2hg1ESJ7KEwsT9hAWg=
=vnx3
-----END PGP SIGNATURE-----

--
To UNSUBSCRIBE, email to debian-security-announce-REQUEST AT lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster AT lists.debian.org
Archive: 20111106082143.5914C59F99 AT kinkhorst.com">http://lists.debian.org/20111106082143.5914C59F99 AT kinkhorst.com

[IT-SecNots] [SECURITY] [DSA 2337-1] xen security update, Thijs Kinkhorst, 06.11.2011

Archiv bereitgestellt durch MHonArc 2.6.19.