Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2015.3092 xen security update 10 December 2015 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: xen Publisher: Debian Operating System: Debian GNU/Linux 8 Impact/Access: Increased Privileges -- Existing Account Modify Arbitrary Files -- Existing Account Denial of Service -- Existing Account Access Confidential Data -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2015-8104 CVE-2015-7972 CVE-2015-7971 CVE-2015-7970 CVE-2015-7969 CVE-2015-7814 CVE-2015-7813 CVE-2015-7812 CVE-2015-7311 CVE-2015-6654 CVE-2015-5307 CVE-2015-3340 CVE-2015-3259 Reference: ESB-2015.2825 ESB-2015.2482 ESB-2015.2305 ESB-2015.1845 ESB-2015.1106.2 Original Bulletin: http://www.debian.org/security/2015/dsa-3414 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-3414-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff December 09, 2015 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : xen CVE ID : CVE-2015-3259 CVE-2015-3340 CVE-2015-5307 CVE-2015-6654 CVE-2015-7311 CVE-2015-7812 CVE-2015-7813 CVE-2015-7814 CVE-2015-7969 CVE-2015-7970 CVE-2015-7971 CVE-2015-7972 CVE-2015-8104 Multiple security issues have been found in the Xen virtualisation solution, which may result in denial of service or information disclosure. For the oldstable distribution (wheezy), an update will be provided later. For the stable distribution (jessie), these problems have been fixed in version 4.4.1-9+deb8u3. For the unstable distribution (sid), these problems will be fixed soon. We recommend that you upgrade your xen packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJWaJIXAAoJEBDCk7bDfE42S90P/3px90Ze6eFrTI6CT6a5q7rh /RV36XemP9n0I7BIo+QLeLnUVBSwFuOuqqIv7zeo+l3zkb40c+ledwdwMsQ/bchY 7g+ugwHI677qMJ5U29Xsl4DANqBHv1YUpMrraRxejHHKJLP8D5qt2vvG7jCTJj3S rWQyqKhvr6ngMSmORLZ9buwVVsaQuiBr8Ngz7TI9V1EiirIv1vAQ88YTBoYICxv2 z1KSEvJCPSba4g7RYir2Dr6hQCBSXt8q7jZLa8tBlmkhJv3d+BEf3TR53Gpvlnn3 4I+Vl4+zxzO84cos4t3po5FXSIKsSFQnjFNQ9b7Uym4T/KdTP8b3FViRww/d0w7r PtVldqDFMIeUp9goguCynCRspduoFPHYqGlPwdolurNZ+5FhO3nrzYv1kIwXY4oj nk/wv5hEpWXiZseO92jXX2LydVDMURCBDRkyANB4sISb8y3kOUjnWYa48pzKHIl2 +go5lQjeJswlY/OQxLJ74Kk+XIOubIJyh2vN26SqbOkELS67EGXNJfLW/uGsvMqP buhsvYJLhM9SxAXwtbf9ld7/58/XlKPyGMY8M/BFpVdii5JT9AgORMzl06/Vxk2M mvuUmJW8jyLvi0pB8bYGcByFrfxY58/wAEgiw/Y+71QjBVAqi6Lu1pOzxW0o8hz4 qm62jLluGkmq/dkmKDKz =xwRJ - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBVmkYhn6ZAP0PgtI9AQKXmRAAxSv4kkLf57xBlz0B+RUvpBTy1HK/rant 8KPJk6UMyhL9YSItH06uE6i4fRFzmXxFYTUz8PTVuVKXWaAKOuCxLF6DTbCPBTHu /NVadBs8p4oypwHPz1V9LbVbbq+AU8JCoguNmDffT1rRUVKE1wdnalr0u0otqest 9wDqvr59LyiLbRRWLTlVUXlBibLccRVIw9UdMwlAu8iuh8hFGV8Oo7RggFZKWmAN 8F0f8AGdvOm9DXHENkBVsvLLs4AzQgOs7qtVa2DlxzezXgyrDPsuZIND4pgOMpOc ZwK/mfVDU7E9xNUqQRPPD45aHin04Xz9MKn8u7eiddTi1mvSPkXAKQd+81IA7RgV 65Nm5sFnCHhnAioVpZQcNps+7w3OZrttlKYpnpxxD98kUcnFygc6YBZMHL6M+PNy sjgGJtwDNTY7KVXn1QCivXTzKdR1tgcRV21EcjPG79MK4tj9UMEfCEL7//YokDq2 ChFI4L/s53PDiYjokfZy3fXTyzzie80bTUZV5+Gs5X6BVUxVKBSw7XwjLWrMM4zQ iFUIxg0vYbBTKSow42otI0vkFsLZ8FaM/cN1iikJ5TmZg5QumysaC1wv1PI43jYa oil6TwhsTslqGv9AIsiD89ONAPw8aWZgbXYyAtwwsvy8P5feom+TaNXY4be89CQP xRScdK9TJ1Y= =Etvt -----END PGP SIGNATURE-----