Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2015.1543.2
xen security update
15 June 2015
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: xen
Publisher: Debian
Operating System: Debian GNU/Linux 7
Debian GNU/Linux 8
Impact/Access: Execute Arbitrary Code/Commands -- Existing Account
Denial of Service -- Existing Account
Access Confidential Data -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2015-4164 CVE-2015-4163 CVE-2015-4106
CVE-2015-4105 CVE-2015-4104 CVE-2015-4103
CVE-2015-3209
Reference: ESB-2015.1530
ESB-2015.1507
ESB-2015.1474
Original Bulletin:
http://www.debian.org/security/2015/dsa-3286
Revision History: June 15 2015: Minor revision
June 15 2015: Initial Release
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - -------------------------------------------------------------------------
Debian Security Advisory DSA-3286-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
June 13, 2015 https://www.debian.org/security/faq
- - -------------------------------------------------------------------------
Package : xen
CVE ID : CVE-2015-3209 CVE-2015-4103 CVE-2015-4104 CVE-2015-4105
CVE-2015-4106 CVE-2015-4163 CVE-2015-4164
Multiple security issues have been found in the Xen virtualisation
solution:
CVE-2015-3209
Matt Tait discovered a flaw in the way QEMU's AMD PCnet Ethernet
emulation handles multi-TMD packets with a length above 4096 bytes.
A privileged guest user in a guest with an AMD PCNet ethernet card
enabled can potentially use this flaw to execute arbitrary code on
the host with the privileges of the hosting QEMU process.
CVE-2015-4103
Jan Beulich discovered that the QEMU Xen code does not properly
restrict write access to the host MSI message data field, allowing
a malicious guest to cause a denial of service.
CVE-2015-4104
Jan Beulich discovered that the QEMU Xen code does not properly
restrict access to PCI MSI mask bits, allowing a malicious guest to
cause a denial of service.
CVE-2015-4105
Jan Beulich reported that the QEMU Xen code enables logging for PCI
MSI-X pass-through error messages, allowing a malicious guest to
cause a denial of service.
CVE-2015-4106
Jan Beulich discovered that the QEMU Xen code does not properly restrict
write access to the PCI config space for certain PCI pass-through devices,
allowing a malicious guest to cause a denial of service, obtain sensitive
information or potentially execute arbitrary code.
CVE-2015-4163
Jan Beulich discovered that a missing version check in the
GNTTABOP_swap_grant_ref hypercall handler may result in denial of service.
This only applies to Debian stable/jessie.
CVE-2015-4164
Andrew Cooper discovered a vulnerability in the iret hypercall handler,
which may result in denial of service.
For the oldstable distribution (wheezy), these problems have been fixed
in version 4.1.4-3+deb7u8.
For the stable distribution (jessie), these problems have been fixed in
version 4.4.1-9+deb8u1. CVE-2015-3209, CVE-2015-4103, CVE-2015-4104,
CVE-2015-4105 and CVE-2015-4106 don't affect the Xen package in stable
jessie, it uses the standard qemu package and has already been fixed in
DSA-3284-1.
For the unstable distribution (sid), these problems will be fixed soon.
We recommend that you upgrade your xen packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBAgAGBQJVfDmzAAoJEBDCk7bDfE42W3AP+QGuXuhGJ5FFSHK7UmCFPbrn
xsujh8hQKJHb7WFc7k/xdimHWRT2K6MJ6v29Zl+MNR2oLcO0ty28Xuyb+EIWwTbV
avuP2igg56delwp73P5ts3ZX4YFBCsonqCjIhSd3QCQkAIGL63x78n26OrDAVvba
2piJ2lJPAMhm4gBJvkWbKnQaIDaDN5qzckZwXfHgCYKhu/d0C2ZrD+RcMg+UTq6j
CFqWB/xaGMT6WILfiKPOMlKkNxH1rqaJ3Kou5q8i9T4QvZq9vU0KHhYWWecFo/KP
S1AH7Vp1UZPQbxVAYHq2mITvIr6RRRMZxJEpzG6wnlPV5G8cM6ZqR1a7nBQ9mhoB
lRWNs8zHvMpS2XxfXzgt/pV3jH1Pj+ELPWP+m4Kjy8g2xFaiW8y4LYq4AUv5+oDa
IBuJW+UNkEWIyrWqhzu0laT8EwTmS1JFt4est4bbNMU0O2Xdo6qB432XNwM804lo
lsii1eEXe0FKpFZVYKho1gLCHVxdWz3EPhZ5qHb8Gi5tnbElVY7aqtACBFXvKd6K
81+qOpiqGk8EMHkdmGBXpwJoMTIczBXxXD9RZazq1Ynr3yNcgtnsz7CVqJTUAb2a
Ot4yIf0E5kYAau+tyVQ+Y0ZRbUN3A1u+6gpJqLvTqF80pj1M8kt7DuXC/2lQXl4q
ngY7U6RlmLRNSaXd+xvR
=gL/x
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBVX4z036ZAP0PgtI9AQLxkxAAwJgJ4tBvZPuSMfH6dURvENi7ndWmQ23J
k8iT0twgHb1mPfiEdvH+5mdzmW/9FMvFVkD61Ft7jST+L/QdAceonaboiZDB7OI8
RnSF4UQBU+Vh0T2SMO3KCWfKp5VIFEi9faJiDLm99v8YGTlAHZHBHKtFb9lr0kMa
52EHSGCbE8A0cBq3HbnsziCUCAwUhDhQ3WNOTfSSNvfq7cVB0lS2WfWqy2Ehl7+J
ulroFjURAiwtZPrZpuK3S5sjLAeRQZLATRy89ZNlqaI7DfS6zEe028fwyHp/1n0c
MHl1SeYpJ7CbLjaOQvKcd7I8FP0jeey3coqXhH77uezvUc9MSAmfHChwPTy9tTWS
Tn2gC0Ve4y3WMUJ8Soz1Py5tjVkh9sCJ8tqdSKkDuu/Ljyb1V6c+LP4AqDGvHPtH
iUnPP8bImkOZEk9yRF6MoutSQfiOjAxY4OMW4J9FTx694FojypiVnYbSbIJrxZ8i
7Ad4TCBqlh4YUtjEC6x+cKsjx5l9wO/iTa07vDgVr3/OdTvsFADvIkZTcXR3gJcc
bIZoS3b3NykbMzh2U6yq10pwHvu4p1fcSZUVikbtzZeDspY2tSZafs05HueoxNlZ
xsfSfVzFpkR2G/01pAyEh6gEsJ3U6MiAkX8MK0pZQ6ImovW8HaNnfELtS8WGgYt+
PuUEQn8DUYc=
=Fg/e
-----END PGP SIGNATURE-----