Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2013.0570 A number of vulnerabilities have been identified in Xen 23 April 2013 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Xen Publisher: Xen.org security team Operating System: UNIX variants (UNIX, Linux, OSX) Impact/Access: Increased Privileges -- Existing Account Denial of Service -- Existing Account Access Confidential Data -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2013-1964 Original Bulletin: http://lists.xen.org/archives/html/xen-announce/2013-04/msg00006.html - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2013-1964 / XSA-50 grant table hypercall acquire/release imbalance ISSUE DESCRIPTION ================= When releasing a non-v1 non-transitive grant after doing a grant copy operation, Xen incorrectly recurses (as if for a transitive grant) and releases an unrelated grant reference. IMPACT ====== A malicious guest administrator can cause undefined behaviour; depending on the dom0 kernel a host crash is possible, but information leakage or privilege escalation cannot be ruled out. VULNERABLE SYSTEMS ================== Xen 4.0 and 4.1 are vulnerable. Any kind of guest can trigger the vulnerability. Xen 4.2 and xen-unstable, as well as Xen 3.x and earlier, are not vulnerable. MITIGATION ========== Using only trustworthy guest kernels will avoid the vulnerability. Using a debug build of Xen will eliminate the possible information leak or privilege violation; instead, if the vulnerability is attacked, Xen will crash. NOTE REGARDING EMBARGO ====================== A crash resulting from this bug has been reported by a user on the public xen-devel mailing list. There is therefore no embargo. RESOLUTION ========== Applying the attached patch resolves this issue. xsa50-4.1.patch $ sha256sum xsa50-*.patch 29f76073311a372dd30dd4788447850465d2575d5ff7b2c10912a69e4941fb21 xsa50-4.1.patch $ - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJRcA4pAAoJEIP+FMlX6CvZHhsIAK2RYhWr4CQ2ziTh3o1cbkXe HfDcWHjLTe1+zoULCKbptUHcoH6/oPxwZBklAfNSECFT47a4FKZu/ARCP1IBtot2 o6cuTTlYgLMMpSfVW//aDJQ59YivhcwN5omLEp4G8N/YHw0IA1W58/IpNKXVbNNy pmMEqus/QUH8EzGaxLfwIfSrJR96x96QKOlG94lohY5P5aipx/5vXzUPyRFXLbOZ jr8Ve+woNuYAeBx3zue7TNfhePVuDUl8b7ufhsuYdwkODzEXCNLcJM93Z3eaKfPp CVDBE38GUO9hr5CpBh5QgGeCCeMhxwI8jXTXUb6N8KFrwgbq04HP7BOmVI4O8Xs= =jiz6 - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBUXYVD+4yVqjM2NGpAQJHyQ/9EFViXccoJXUAN3S9qGLtex83fcfthCzL GW02vaciDuUkfgiVHcKGwNXde205ZLFXyM/Xl5EAMq8zbVfYBSaSzfUgZPZaigUV d4nJSmRq4PtezIbfwDxiDUMcoq8ZDp6CD033TI328jdKKhk/FAF5S6cFPnp4gJNW PmG8CJsq8qwpNY5axCLharOE8aX+DA+clArWTHDuBxNysKpJlthpQnyPXKr7jI5w tGKKjFPUBu6cuV7EXeY4ANiVPbeudSbgr0LQw4N2828RW6VwlB1ah/CQyPJwZxMh ubrm6lmU1Vnlh5+ARIJN04w5yVoK5xr3FXX0oJaE1q8gC99ja90GTp95prGTJkxm qYmKg38zAgRtX0euGEvKYHPcFOTdZXdjPaEDuEr+OwLzCHvlf+1T3HGvF6I/mq17 cFvOk91WsRLJcvm+CKk9CTf12MaCn4/6nCRh8GY3J8eaWsm9dikPIgol1Tb3ZM0A 8nJ/lQ2fWSL3kfP2BryB4+xnbYLj7w51+pM1SNijEkfpVRD55CdVEK8qFBZPno+N 8y3Hf408GyiXIzu18ct9XRgwEAUYKxNMj9w9ntnZE0ZSvTJHJoKmW3X8GZu+f9Xw UA0RsiuckIvX8l/tmORlBWAk1hC5Sq78DlEqf+OqRxLbuGamqpajV/V3I/oxd3g6 FZMWmiAIr6Y= =QME3 -----END PGP SIGNATURE-----