Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2015.1343 xen security update 19 May 2015 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: xen Publisher: Debian Operating System: Debian GNU/Linux 7 Debian GNU/Linux 8 Xen Impact/Access: Execute Arbitrary Code/Commands -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2015-3456 Reference: ASB-2015.0051 ESB-2015.1326 ESB-2015.1319 ESB-2015.1308 ESB-2015.1307 ESB-2015.1306 ESB-2015.1304 Original Bulletin: http://www.debian.org/security/2015/dsa-3262 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-3262-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff May 18, 2015 http://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : xen CVE ID : CVE-2015-3456 Jason Geffner discovered a buffer overflow in the emulated floppy disk drive, resulting in the potential execution of arbitrary code. This only affects HVM guests. For the oldstable distribution (wheezy), this problem has been fixed in version 4.1.4-3+deb7u6. The stable distribution (jessie) is already fixed through the qemu update provided as DSA-3259-1. We recommend that you upgrade your xen packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJVWlmFAAoJEBDCk7bDfE42kJ8P/19JKf/RGTVTSso/DG4kuc0D weEDWC+6NEya0IsJ99EDfPoela9pTRnJOzbzyD9ifeSwy8L4W3jKueEJV36Cna5a F+AMJ4vbxQE8FHr/IQc60xEgYlPgXuXi7rp16VkPuntdouZ5YDMrO7fky42jvikE IFu0FKvIMMuviGJdW1lsQQCC50+QyRy+mvEg2FPE+r6fdP52PGbDUzhR2mL9xQfN a3zV7iWRc5CeE6gqvl4qBOczrnQqU+ew5H5AkrwMinp5JM/plcLvd9zpLs+qylKj xEiez51vbvao1nFpae1nBeNsVNTE0oEW8JzNep0zGf65Hli8RACpbM/CEvTSZ6GX fYw7Xd0aAn8g5CX4dHr95GoNVOBub6WjeVRIu3S6e5LSbDOnfxxucHDJPDRKov5u umTgCc9xigcb0Ia9SZj4tlqS6AwOM+E6ohtzvoyjjTohcY9GYNfmilTJyVm0XalM qo2RAhwo8ASTQ5g3uMGapAvJ1tDYUjg++Mri6G3KFDgVWyFXRj/z7kg0yhTfj6Xf zIFnoeZ4+yakOw+qwEZz48E2FH7SlsCUsP8UPqSIgmF/vm2/VrK48DDiSylcWUD8 9aS0jFKTxvOmHpJwZClY/RXK46yYwNgK2GeKmlkJhzWJd5XnHBSqWHeFj9oat6Ap x1GH2l1Duos6ppg2Z0BB =DW5p - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBVVqA8BLndAQH1ShLAQI6wA//XpTxXL2eedcRMj93azly1I7uiwIJbRBN L/HOg3ojLGD/sly+RjfYVkcww4lMUT5OWYMmZWkV19YIliJ/ZsMra6MPG9NntMPR eRonX3yflfRcsWATTOtBde7Z/4OWh6rMx7+1hunkuQlMOr1HpihKVYKXvL4wVLkg gQwUabZ9+RQjIarYnK5WlxqCL11t8ZapBVx38IXsGNG1kB0SbomR8ZiY+8N8F9Y5 1kouso0msopGS5bU//gcP7ZUBDnTt1niJqiD9HOj00QaPqiAximhXa4WB4PSXKLl h0JLJ/EaHPQTSC17M6i9o27lsGHj48jvk9cxTPtf+b55mW+WEafSUUWZsKa5vPQN ZyOVZ8vbu04b/Q8MeNisNvdHsWaLC+IDOll2P9VWw9SJ1QjRV9L9hGsjb5UQrRJH MWCATGUTx8qS0fTxHcS5gnCMi2Zdv6qrPgKqAyn2KIKGe2uIFwMhAQVfmDwPeqtD UVVMkVVAwumSMcaZUJay3j6mJds9+Tb2Sw/hS+10C+8wN82TXW08m63GrB6c2SzR MzMzVDTDYDcOxlhcGpmd1nAGzF4mOxO3jVM/z/ALiFfBcVY0/LqwGg69tlwb+5wf 8nWmqUAA+or93Xyjh4fhQRaLL9HUP5bM23wAQABbW7yWofVuRMJX2wnIfNLi7U70 u5a0r0mVdC8= =dseF -----END PGP SIGNATURE-----