Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2013.0488
Xen Security Advisory 47 (CVE-2013-1920) - Potential use of
freed memory in event channel operations
8 April 2013
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Xen Hypervisor
Publisher: Xen
Operating System: UNIX variants (UNIX, Linux, OSX)
Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Denial of Service -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2013-1920
Original Bulletin:
http://lists.xen.org/archives/html/xen-announce/2013-04/msg00000.html
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Xen Security Advisory CVE-2013-1920 / XSA-47
Potential use of freed memory in event channel operations
ISSUE DESCRIPTION
=================
Wrong ordering of operations upon extending the per-domain event
channel tracking table can cause a pointer to freed memory to be left
in place, when the hypervisor is under memory pressure and XSM (Xen
Security Module) is enabled.
IMPACT
======
Malicious guest kernels could inject arbitrary events or corrupt other
hypervisor state, possibly leading to code execution.
VULNERABLE SYSTEMS
==================
All Xen versions from 3.2 onwards are vulnerable when making use of
XSM. Configurations without XSM or with a dummy module are not
affected.
MITIGATION
==========
Running without XSM (which is the default) will avoid this
vulnerability, albeit doing so will likely lower overall security of
systems that would otherwise have XSM enabled.
RESOLUTION
==========
Applying the appropriate attached patch resolves this issue.
xsa47-4.1.patch Xen 4.1.x
xsa47-4.2-unstable.patch Xen 4.2.x and xen-unstable
$ sha256sum xsa47*.patch
e49a03e0693de07ec1418eb16191854458e72088febd6948ea5bc1f900a1853a
xsa47-4.1.patch
c29b59492f9d7e3f74bfc41877a2c5cff70436d3738fd91066f396f969aab0a7
xsa47-4.2-unstable.patch
$
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQEcBAEBAgAGBQJRXb5fAAoJEIP+FMlX6CvZ0RwH/AtcVQFvERB+16wSjN3GTguk
LnakHD3NCVeaDNbkF0G4b4ibR5oOCAGO/9CQwcB1QKj67mvYJm2kglDnGWUmZUQC
TKWZR5vA9D9YAQvll8mSwd3OdLBoN0IGYPp9AIVUi9zl34zF+ZzbtsC57dvmjQD6
/E0tMDgOoCsA8ARnuknjbgk+CbfsGi/dbxYGDla4/wMC9wbUhG1wcA9lqNa37azT
1lRIj8qI3TfWC4aMh1kZKPsljrHZLkfA2VxgkrTCjr7u2Usr7vgUsNT4F0rYouRI
h5mo1JszJOnM2EHuzVbQrvBmaXlPIFF/S5cRvD6RIavEsOUet5au49Hnhb/ENG4=
=/g6f
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBUWI+WO4yVqjM2NGpAQLlww//RevIDR3XLO/N+fWY18L0P6+Cg2CBE1Dh
3Cc2LMedo07To+fkevunfSuXIvjKi03n+2bcLi23qWFUtl0DABRAORIF/VCHwHVf
yVO7GltUCxvkDJC/1UauTEyzyWYFkwLkvdCL13JLMbOWK79fRkG92m6PFxjoidys
xNUkw3UADf54XTTtQSArX8rl8pptqvP6Mol20nczMJJF4MLCbeYQ/aKkpdHeFXza
d4Sn+si5ajzAgnbYTSXgoojv2DmqFoYK7nawCXUt9ErHhxB3OPSXu+QM1ui+EajG
hrOtDiIXZ2XSuKUC5v2AR3MebelrRhuovIF3pZ7bxQ1nrsWgciOwIjR6x29rjeDA
scbsZ6QnRH55r319jMw6H+glP+vjjP/T3PJ/+OIlStiuFCz5kv6eVrfhNnBDvXkS
N8K+N4f1QrYMs4NyppgkVbkqx6OtmEWfMhSn7IDOfRESWrjDkGVPQGlI9eDbPel8
fwI9UsBZawVo9RWUkqnt+dIhHzvq43rm9OnIj1TdS2Eb0yuSjCrhawfJH953Nz28
IuOvxuRha12zIaqw2o4CIazvLWBnvOYT4G5TJvIoLX3QYXSAu6fAYkxslpbeJMmH
wetJjVedsj8MRnlfYJbBrrteEOiaLWmber8HjvUM946NP4mwgIM5DLaaMdk9nQC1
hYOQMXwbivk=
=0rtL
-----END PGP SIGNATURE-----