Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2014.1408 xen security update 19 August 2014 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: xen Publisher: Debian Operating System: Debian GNU/Linux 7 Impact/Access: Access Privileged Data -- Existing Account Denial of Service -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2014-4021 CVE-2014-3124 CVE-2014-2599 CVE-2014-1950 CVE-2013-4553 CVE-2013-4494 CVE-2013-4368 CVE-2013-4361 CVE-2013-4355 CVE-2013-4329 CVE-2013-2211 CVE-2013-2196 CVE-2013-2195 CVE-2013-2194 CVE-2013-2078 CVE-2013-2077 CVE-2013-2076 CVE-2013-1442 CVE-2013-1432 Reference: ESB-2014.1219 ESB-2014.1187 ESB-2014.0672 ESB-2014.0119 ESB-2013.1740 ESB-2013.1708 ESB-2013.1570 ESB-2013.1505 ESB-2013.1497 ESB-2013.1440 ESB-2013.1375 ESB-2013.1370 ESB-2013.1278 ESB-2013.1277 ESB-2013.0931 ESB-2013.0884 ESB-2013.0786 ESB-2014.1002.2 Original Bulletin: http://www.debian.org/security/2014/dsa-3006 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-3006-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff August 18, 2014 http://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : xen CVE ID : CVE-2013-1432 CVE-2013-1442 CVE-2013-2076 CVE-2013-2077 CVE-2013-2078 CVE-2013-2194 CVE-2013-2195 CVE-2013-2196 CVE-2013-2211 CVE-2013-4329 CVE-2013-4355 CVE-2013-4361 CVE-2013-4368 CVE-2013-4494 CVE-2013-4553 CVE-2014-1950 CVE-2014-2599 CVE-2014-3124 CVE-2014-4021 Multiple security issues have been discovered in the Xen virtualisation solution which may result in information leaks or denial of service. For the stable distribution (wheezy), these problems have been fixed in version 4.1.4-3+deb7u2. For the unstable distribution (sid), these problems will be fixed soon. We recommend that you upgrade your xen packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJT8fRZAAoJEBDCk7bDfE42yNAP/3WWK0mfdKw0SKpT6FgyaIjS gC9PH9LoZcgCfU2ib45MpT08sexN0JdSgIxXRl3Z6TdCPnR8uKl6BoVTo+djeneq u1vTcQtycKLAw1lkcgNlOtMXE9s5F8TLBL9F9PPvdAd/6ZSpg3x1JxAJQkaevwxu elped08ehJiecSJAMAu33n644kmH8ebxVa+Vp8daiD715IM49lb8UzEbhq602iIQ kOMsOJnL/s/EacN5a42dAAQKRNfAmsgVqUkoiMfT9NTpl5WiSnG/DbPpRlhd+MR7 e66lg0V6P5Pvn8y5mXLXP+WnfcwFwGijKjLkfvmfBmeihytiSnqQMmTqJN5KqJNv 0NFr0a1MAWyM8wmrurRVhDCkDcKfPUufJAbbRI88M97eQl0av29eVzaTTRqfOyA6 mLT23dE7E+FrwkUtiRGSQXywFLsjhcd5RNd6wp4aSb8iFxpw/37G48V1Mmx1+bb/ DrrBYiYCjtcUv9DVUd5CVNVaakvqimpfGaFNddiAVnwp4sQdF3Jvmp35X0MzJW0n p0t//T1g4QtV0jkdWe16qQ4oIRaU+ohu8TOWkDsWh5Va11nVrG5zf1VO31qix4Lj dQ4y4oeygdpfaK6psYYvTC/W7L/J4HXOUDawMlIYXOj+X6Cq6JZLsGk1WCTPpnuG kTT8EXBZOvYUPaIi9M9f =qbMx - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBU/Km/hLndAQH1ShLAQLkUQ//QhnrmwUoLaXsrGMeOOsQRKUyDPl/XrwJ sbRp93jZpx4Y+2PAfUII36PFUiUrvjOt8bUru+jbeJkMWNhQqgD6TVrcZq96Wonr TuxXykLWw6cCIee9rIOhb5O5fyehgwC6V4axymGUP+TpKwC850pHThfsV39G8FYR 4UxxWLCKlUa3ZsdC3mqpClt9WVcBDO3kGHxjUbjWzqU1tPkY8SW+7WUMA8uIR3az 4ttKlF5MnvHOG8x4BCUywY+dljUow9oYeHDAD5btzFEtebzgiuqy9npdUEf+Ah7A dH7K4phGIWKEgSAZmOp6nFy33vQJnt42+LYNSPb6nKAfgGevlmJa1VqrxEA5DxWO Rs7ArGQJVdRwifw7y0F8U9p18f70G+GGv1bcd4DIaC9J1xnllHYg7uRoves3BzBu P04eCwFS83QpLwb8ob/JDBI+EV8SgoH1fnM+WfEX69mdcDvh3yCWDODLRaFQEf/A 4lZ94nFbFHudvOjy4jGUMriUTRH3IV/1C7b20vxQg99rf/araMEzUpCUTvpVAW9I Fcma5/JN/i/6i8pDm3v/nSwOxzp6lpormg8v16fmTNrAWTfBxaKgGcn8uWRccRik KbpwxyxHFjd0mHcQq90sWi/Aa6eT5uw2nbfS+UkrI4KtC5zALil8JPivrMG7803Z UV/I3Z+Xy6U= =tVc3 -----END PGP SIGNATURE-----