Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2013.0488 Xen Security Advisory 47 (CVE-2013-1920) - Potential use of freed memory in event channel operations 8 April 2013 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Xen Hypervisor Publisher: Xen Operating System: UNIX variants (UNIX, Linux, OSX) Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Denial of Service -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2013-1920 Original Bulletin: http://lists.xen.org/archives/html/xen-announce/2013-04/msg00000.html - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2013-1920 / XSA-47 Potential use of freed memory in event channel operations ISSUE DESCRIPTION ================= Wrong ordering of operations upon extending the per-domain event channel tracking table can cause a pointer to freed memory to be left in place, when the hypervisor is under memory pressure and XSM (Xen Security Module) is enabled. IMPACT ====== Malicious guest kernels could inject arbitrary events or corrupt other hypervisor state, possibly leading to code execution. VULNERABLE SYSTEMS ================== All Xen versions from 3.2 onwards are vulnerable when making use of XSM. Configurations without XSM or with a dummy module are not affected. MITIGATION ========== Running without XSM (which is the default) will avoid this vulnerability, albeit doing so will likely lower overall security of systems that would otherwise have XSM enabled. RESOLUTION ========== Applying the appropriate attached patch resolves this issue. xsa47-4.1.patch Xen 4.1.x xsa47-4.2-unstable.patch Xen 4.2.x and xen-unstable $ sha256sum xsa47*.patch e49a03e0693de07ec1418eb16191854458e72088febd6948ea5bc1f900a1853a xsa47-4.1.patch c29b59492f9d7e3f74bfc41877a2c5cff70436d3738fd91066f396f969aab0a7 xsa47-4.2-unstable.patch $ - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJRXb5fAAoJEIP+FMlX6CvZ0RwH/AtcVQFvERB+16wSjN3GTguk LnakHD3NCVeaDNbkF0G4b4ibR5oOCAGO/9CQwcB1QKj67mvYJm2kglDnGWUmZUQC TKWZR5vA9D9YAQvll8mSwd3OdLBoN0IGYPp9AIVUi9zl34zF+ZzbtsC57dvmjQD6 /E0tMDgOoCsA8ARnuknjbgk+CbfsGi/dbxYGDla4/wMC9wbUhG1wcA9lqNa37azT 1lRIj8qI3TfWC4aMh1kZKPsljrHZLkfA2VxgkrTCjr7u2Usr7vgUsNT4F0rYouRI h5mo1JszJOnM2EHuzVbQrvBmaXlPIFF/S5cRvD6RIavEsOUet5au49Hnhb/ENG4= =/g6f - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBUWI+WO4yVqjM2NGpAQLlww//RevIDR3XLO/N+fWY18L0P6+Cg2CBE1Dh 3Cc2LMedo07To+fkevunfSuXIvjKi03n+2bcLi23qWFUtl0DABRAORIF/VCHwHVf yVO7GltUCxvkDJC/1UauTEyzyWYFkwLkvdCL13JLMbOWK79fRkG92m6PFxjoidys xNUkw3UADf54XTTtQSArX8rl8pptqvP6Mol20nczMJJF4MLCbeYQ/aKkpdHeFXza d4Sn+si5ajzAgnbYTSXgoojv2DmqFoYK7nawCXUt9ErHhxB3OPSXu+QM1ui+EajG hrOtDiIXZ2XSuKUC5v2AR3MebelrRhuovIF3pZ7bxQ1nrsWgciOwIjR6x29rjeDA scbsZ6QnRH55r319jMw6H+glP+vjjP/T3PJ/+OIlStiuFCz5kv6eVrfhNnBDvXkS N8K+N4f1QrYMs4NyppgkVbkqx6OtmEWfMhSn7IDOfRESWrjDkGVPQGlI9eDbPel8 fwI9UsBZawVo9RWUkqnt+dIhHzvq43rm9OnIj1TdS2Eb0yuSjCrhawfJH953Nz28 IuOvxuRha12zIaqw2o4CIazvLWBnvOYT4G5TJvIoLX3QYXSAu6fAYkxslpbeJMmH wetJjVedsj8MRnlfYJbBrrteEOiaLWmber8HjvUM946NP4mwgIM5DLaaMdk9nQC1 hYOQMXwbivk= =0rtL -----END PGP SIGNATURE-----