Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2015.1343
xen security update
19 May 2015
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: xen
Publisher: Debian
Operating System: Debian GNU/Linux 7
Debian GNU/Linux 8
Xen
Impact/Access: Execute Arbitrary Code/Commands -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2015-3456
Reference: ASB-2015.0051
ESB-2015.1326
ESB-2015.1319
ESB-2015.1308
ESB-2015.1307
ESB-2015.1306
ESB-2015.1304
Original Bulletin:
http://www.debian.org/security/2015/dsa-3262
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - -------------------------------------------------------------------------
Debian Security Advisory DSA-3262-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
May 18, 2015 http://www.debian.org/security/faq
- - -------------------------------------------------------------------------
Package : xen
CVE ID : CVE-2015-3456
Jason Geffner discovered a buffer overflow in the emulated floppy
disk drive, resulting in the potential execution of arbitrary code.
This only affects HVM guests.
For the oldstable distribution (wheezy), this problem has been fixed
in version 4.1.4-3+deb7u6.
The stable distribution (jessie) is already fixed through the qemu
update provided as DSA-3259-1.
We recommend that you upgrade your xen packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBAgAGBQJVWlmFAAoJEBDCk7bDfE42kJ8P/19JKf/RGTVTSso/DG4kuc0D
weEDWC+6NEya0IsJ99EDfPoela9pTRnJOzbzyD9ifeSwy8L4W3jKueEJV36Cna5a
F+AMJ4vbxQE8FHr/IQc60xEgYlPgXuXi7rp16VkPuntdouZ5YDMrO7fky42jvikE
IFu0FKvIMMuviGJdW1lsQQCC50+QyRy+mvEg2FPE+r6fdP52PGbDUzhR2mL9xQfN
a3zV7iWRc5CeE6gqvl4qBOczrnQqU+ew5H5AkrwMinp5JM/plcLvd9zpLs+qylKj
xEiez51vbvao1nFpae1nBeNsVNTE0oEW8JzNep0zGf65Hli8RACpbM/CEvTSZ6GX
fYw7Xd0aAn8g5CX4dHr95GoNVOBub6WjeVRIu3S6e5LSbDOnfxxucHDJPDRKov5u
umTgCc9xigcb0Ia9SZj4tlqS6AwOM+E6ohtzvoyjjTohcY9GYNfmilTJyVm0XalM
qo2RAhwo8ASTQ5g3uMGapAvJ1tDYUjg++Mri6G3KFDgVWyFXRj/z7kg0yhTfj6Xf
zIFnoeZ4+yakOw+qwEZz48E2FH7SlsCUsP8UPqSIgmF/vm2/VrK48DDiSylcWUD8
9aS0jFKTxvOmHpJwZClY/RXK46yYwNgK2GeKmlkJhzWJd5XnHBSqWHeFj9oat6Ap
x1GH2l1Duos6ppg2Z0BB
=DW5p
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBVVqA8BLndAQH1ShLAQI6wA//XpTxXL2eedcRMj93azly1I7uiwIJbRBN
L/HOg3ojLGD/sly+RjfYVkcww4lMUT5OWYMmZWkV19YIliJ/ZsMra6MPG9NntMPR
eRonX3yflfRcsWATTOtBde7Z/4OWh6rMx7+1hunkuQlMOr1HpihKVYKXvL4wVLkg
gQwUabZ9+RQjIarYnK5WlxqCL11t8ZapBVx38IXsGNG1kB0SbomR8ZiY+8N8F9Y5
1kouso0msopGS5bU//gcP7ZUBDnTt1niJqiD9HOj00QaPqiAximhXa4WB4PSXKLl
h0JLJ/EaHPQTSC17M6i9o27lsGHj48jvk9cxTPtf+b55mW+WEafSUUWZsKa5vPQN
ZyOVZ8vbu04b/Q8MeNisNvdHsWaLC+IDOll2P9VWw9SJ1QjRV9L9hGsjb5UQrRJH
MWCATGUTx8qS0fTxHcS5gnCMi2Zdv6qrPgKqAyn2KIKGe2uIFwMhAQVfmDwPeqtD
UVVMkVVAwumSMcaZUJay3j6mJds9+Tb2Sw/hS+10C+8wN82TXW08m63GrB6c2SzR
MzMzVDTDYDcOxlhcGpmd1nAGzF4mOxO3jVM/z/ALiFfBcVY0/LqwGg69tlwb+5wf
8nWmqUAA+or93Xyjh4fhQRaLL9HUP5bM23wAQABbW7yWofVuRMJX2wnIfNLi7U70
u5a0r0mVdC8=
=dseF
-----END PGP SIGNATURE-----