Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2013.0570
A number of vulnerabilities have been identified in Xen
23 April 2013
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Xen
Publisher: Xen.org security team
Operating System: UNIX variants (UNIX, Linux, OSX)
Impact/Access: Increased Privileges -- Existing Account
Denial of Service -- Existing Account
Access Confidential Data -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2013-1964
Original Bulletin:
http://lists.xen.org/archives/html/xen-announce/2013-04/msg00006.html
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Xen Security Advisory CVE-2013-1964 / XSA-50
grant table hypercall acquire/release imbalance
ISSUE DESCRIPTION
=================
When releasing a non-v1 non-transitive grant after doing a grant copy
operation, Xen incorrectly recurses (as if for a transitive grant) and
releases an unrelated grant reference.
IMPACT
======
A malicious guest administrator can cause undefined behaviour;
depending on the dom0 kernel a host crash is possible, but information
leakage or privilege escalation cannot be ruled out.
VULNERABLE SYSTEMS
==================
Xen 4.0 and 4.1 are vulnerable. Any kind of guest can trigger the
vulnerability.
Xen 4.2 and xen-unstable, as well as Xen 3.x and earlier, are not
vulnerable.
MITIGATION
==========
Using only trustworthy guest kernels will avoid the vulnerability.
Using a debug build of Xen will eliminate the possible information
leak or privilege violation; instead, if the vulnerability is
attacked, Xen will crash.
NOTE REGARDING EMBARGO
======================
A crash resulting from this bug has been reported by a user on the
public xen-devel mailing list. There is therefore no embargo.
RESOLUTION
==========
Applying the attached patch resolves this issue.
xsa50-4.1.patch
$ sha256sum xsa50-*.patch
29f76073311a372dd30dd4788447850465d2575d5ff7b2c10912a69e4941fb21
xsa50-4.1.patch
$
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQEcBAEBAgAGBQJRcA4pAAoJEIP+FMlX6CvZHhsIAK2RYhWr4CQ2ziTh3o1cbkXe
HfDcWHjLTe1+zoULCKbptUHcoH6/oPxwZBklAfNSECFT47a4FKZu/ARCP1IBtot2
o6cuTTlYgLMMpSfVW//aDJQ59YivhcwN5omLEp4G8N/YHw0IA1W58/IpNKXVbNNy
pmMEqus/QUH8EzGaxLfwIfSrJR96x96QKOlG94lohY5P5aipx/5vXzUPyRFXLbOZ
jr8Ve+woNuYAeBx3zue7TNfhePVuDUl8b7ufhsuYdwkODzEXCNLcJM93Z3eaKfPp
CVDBE38GUO9hr5CpBh5QgGeCCeMhxwI8jXTXUb6N8KFrwgbq04HP7BOmVI4O8Xs=
=jiz6
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBUXYVD+4yVqjM2NGpAQJHyQ/9EFViXccoJXUAN3S9qGLtex83fcfthCzL
GW02vaciDuUkfgiVHcKGwNXde205ZLFXyM/Xl5EAMq8zbVfYBSaSzfUgZPZaigUV
d4nJSmRq4PtezIbfwDxiDUMcoq8ZDp6CD033TI328jdKKhk/FAF5S6cFPnp4gJNW
PmG8CJsq8qwpNY5axCLharOE8aX+DA+clArWTHDuBxNysKpJlthpQnyPXKr7jI5w
tGKKjFPUBu6cuV7EXeY4ANiVPbeudSbgr0LQw4N2828RW6VwlB1ah/CQyPJwZxMh
ubrm6lmU1Vnlh5+ARIJN04w5yVoK5xr3FXX0oJaE1q8gC99ja90GTp95prGTJkxm
qYmKg38zAgRtX0euGEvKYHPcFOTdZXdjPaEDuEr+OwLzCHvlf+1T3HGvF6I/mq17
cFvOk91WsRLJcvm+CKk9CTf12MaCn4/6nCRh8GY3J8eaWsm9dikPIgol1Tb3ZM0A
8nJ/lQ2fWSL3kfP2BryB4+xnbYLj7w51+pM1SNijEkfpVRD55CdVEK8qFBZPno+N
8y3Hf408GyiXIzu18ct9XRgwEAUYKxNMj9w9ntnZE0ZSvTJHJoKmW3X8GZu+f9Xw
UA0RsiuckIvX8l/tmORlBWAk1hC5Sq78DlEqf+OqRxLbuGamqpajV/V3I/oxd3g6
FZMWmiAIr6Y=
=QME3
-----END PGP SIGNATURE-----