Operating System:

[Virtual][Debian]

Published:

28 January 2015

Protect yourself against future threats.

//Service

Malicious URL Feed

Add this Australian-based feed to your firewall blacklist and SIEM to prevent compromises to your network.

Read more
Resources > Security Bulletins > ESB-2015.0186 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2015.0186
                            xen security update
                              28 January 2015

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           xen
Publisher:         Debian
Operating System:  Debian GNU/Linux 7
                   Xen
Impact/Access:     Increased Privileges     -- Remote/Unauthenticated
                   Denial of Service        -- Remote/Unauthenticated
                   Access Confidential Data -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2014-9030 CVE-2014-8867 CVE-2014-8866
                   CVE-2014-8595 CVE-2014-8594 

Reference:         ESB-2014.2301
                   ESB-2014.2258
                   ESB-2014.2193

Original Bulletin: 
   http://www.debian.org/security/2015/dsa-3140

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - -------------------------------------------------------------------------
Debian Security Advisory DSA-3140-1                   security@debian.org
http://www.debian.org/security/                        Moritz Muehlenhoff
January 27, 2015                       http://www.debian.org/security/faq
- - -------------------------------------------------------------------------

Package        : xen
CVE ID         : CVE-2014-8594 CVE-2014-8595 CVE-2014-8866 CVE-2014-8867 
                 CVE-2014-9030

Multiple security issues have been discovered in the Xen virtualisation
solution which may result in denial of service, information disclosure
or privilege escalation.

CVE-2014-8594

    Roger Pau Monne and Jan Beulich discovered that incomplete
    restrictions on MMU update hypercalls may result in privilege
    escalation.

CVE-2014-8595

    Jan Beulich discovered that missing privilege level checks in the
    x86 emulation of far branches may result in privilege escalation.

CVE-2014-8866

    Jan Beulich discovered that an error in compatibility mode hypercall
    argument translation may result in denial of service.

CVE-2014-8867

    Jan Beulich discovered that an insufficient restriction in
    acceleration support for the "REP MOVS" instruction may result in
    denial of service.

CVE-2014-9030

    Andrew Cooper discovered a page reference leak in MMU_MACHPHYS_UPDATE
    handling, resulting in denial of service.

For the stable distribution (wheezy), these problems have been fixed in
version 4.1.4-3+deb7u4.

For the upcoming stable distribution (jessie), these problems have been
fixed in version 4.4.1-4.

For the unstable distribution (sid), these problems have been fixed in
version 4.4.1-4.

We recommend that you upgrade your xen packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJUx233AAoJEBDCk7bDfE427SwP/0vk4BEClNotQKKEEJduVMP2
zb8b++/f4ZocQgezJ9/oew8UGgd9Klq6XcIh5BVaQi6PD70sw4uWX03820PCs88X
ywRCrTHSXPfPlwOG6dY8nZ1oOUItP64N03j+nugI27GNPgmJpu7xgewmY+c8vZpF
r5sEjhINwgDmHMCgb8bCFKQ/7UDUcE2MZJVF++oWuKusvCFo57cG/pakRwF9XFsw
Aw24obp7vySzOs5mThid3asOHcNqUYZml1YTI6E3nxL+bL9K11KFZzl98a75Q4YI
HJJuqJk3H5CO+GCSq2Dl6NzHBWA7hCFepaKilhj/Ao6vnAoqbkFjklwczofXM6fq
wQ1586wFp6ZTFtawn66DKoeT3CQp+OhOce5N4X3num6Ev32yaK8Rox7CF9xena6Q
ubEEW2pKKblwFJRVm9wyBo1RQvPUyMUsvbq+DNX2GBJ1+wOzIMqm0K9G7+nFlGI8
Z7u3RIgLTolzgFN0NR6B4A03/0kOYKNlrFuJB8wXerkwFsK/X4wX/f2dRJRleiNX
JzDvWYCfcjWTrRjcvGdotNELdDoz+eePFuRzp7Os4SdJE2dxdWBsmvqU/NXc8pBL
d1FtjPArM8IndL0Mf6+oPz3uAAFPjbaeTRQk/uhX7HPVN9gLDqyLWGuCsaf+seMu
9IwVAOzHz+HymOHT02af
=5heI
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBVMgywRLndAQH1ShLAQJUZA//bR/m0ooATKwJnLcK3Tq826JDfTnvD2f1
injg4IQKlvj2SJsJGBjBBOetdQF9njJCM15Ck3GnTIssFr21cXXs86IQbku9f68K
MWTaXf/T4ZNkNserC0O2d0fmptc6NQR0W96BYqslr1FgneEHX2TLrZVmijGU12HV
CL3SDI5VMUewDBGcJAepUZ5ewmz54/Yx0/bYflM66KZPvImQKLPOGKClCVPhaPLE
X/B+bpsWsNBtrJp3uGKBYxFDPyk1raT0ua+YaMNyGyUAT1Qtffvh8ro073IgJmLu
vMDv+aCWniLU3o4kFl5B9GGjk2ychrx0N3/aMSosciIUDYZwPQSqiEo1AvxrDEl3
82Fay9UJEaUuLSYiJVr+bzDlrJuxLn5/TTvZWRqYA+SGhp1iiH/+wsCbgXws6S4r
/gy9XIdJLMaDnLj/lcfkojR/hDyx+LfcRzlHrzzZ0upWF6++2sHKDg+NYA257MWD
MNd+Wqnq0aYozTMeuOVGp2ZJwUwRUR2lnp89ER+KXxJgAVEyEpAohDl91p5tOEpD
CzUQvAxJDNsKlHCEmkWXVuwd5SfJoJ//3In3RSuRTwnhn+QNgMm1UZl3bOu4zI91
EDsnEcOxOkXdakc7S8rpSO0oloUd9H+C50Xbf62gUSLweebWGD6cOv0+rDt87vL2
iSkB9GQk2do=
=33Xm
-----END PGP SIGNATURE-----