Operating System:

[Debian]

Published:

10 December 2015

Protect yourself against future threats.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2015.3092
                            xen security update
                             10 December 2015

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           xen
Publisher:         Debian
Operating System:  Debian GNU/Linux 8
Impact/Access:     Increased Privileges     -- Existing Account
                   Modify Arbitrary Files   -- Existing Account
                   Denial of Service        -- Existing Account
                   Access Confidential Data -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2015-8104 CVE-2015-7972 CVE-2015-7971
                   CVE-2015-7970 CVE-2015-7969 CVE-2015-7814
                   CVE-2015-7813 CVE-2015-7812 CVE-2015-7311
                   CVE-2015-6654 CVE-2015-5307 CVE-2015-3340
                   CVE-2015-3259  

Reference:         ESB-2015.2825
                   ESB-2015.2482
                   ESB-2015.2305
                   ESB-2015.1845
                   ESB-2015.1106.2

Original Bulletin: 
   http://www.debian.org/security/2015/dsa-3414

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- - -------------------------------------------------------------------------
Debian Security Advisory DSA-3414-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
December 09, 2015                     https://www.debian.org/security/faq
- - -------------------------------------------------------------------------

Package        : xen
CVE ID         : CVE-2015-3259 CVE-2015-3340 CVE-2015-5307 CVE-2015-6654 
                 CVE-2015-7311 CVE-2015-7812 CVE-2015-7813 CVE-2015-7814
                 CVE-2015-7969 CVE-2015-7970 CVE-2015-7971 CVE-2015-7972
                 CVE-2015-8104

Multiple security issues have been found in the Xen virtualisation
solution, which may result in denial of service or information
disclosure.

For the oldstable distribution (wheezy), an update will be provided
later.

For the stable distribution (jessie), these problems have been fixed in
version 4.4.1-9+deb8u3.

For the unstable distribution (sid), these problems will be fixed soon.

We recommend that you upgrade your xen packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJWaJIXAAoJEBDCk7bDfE42S90P/3px90Ze6eFrTI6CT6a5q7rh
/RV36XemP9n0I7BIo+QLeLnUVBSwFuOuqqIv7zeo+l3zkb40c+ledwdwMsQ/bchY
7g+ugwHI677qMJ5U29Xsl4DANqBHv1YUpMrraRxejHHKJLP8D5qt2vvG7jCTJj3S
rWQyqKhvr6ngMSmORLZ9buwVVsaQuiBr8Ngz7TI9V1EiirIv1vAQ88YTBoYICxv2
z1KSEvJCPSba4g7RYir2Dr6hQCBSXt8q7jZLa8tBlmkhJv3d+BEf3TR53Gpvlnn3
4I+Vl4+zxzO84cos4t3po5FXSIKsSFQnjFNQ9b7Uym4T/KdTP8b3FViRww/d0w7r
PtVldqDFMIeUp9goguCynCRspduoFPHYqGlPwdolurNZ+5FhO3nrzYv1kIwXY4oj
nk/wv5hEpWXiZseO92jXX2LydVDMURCBDRkyANB4sISb8y3kOUjnWYa48pzKHIl2
+go5lQjeJswlY/OQxLJ74Kk+XIOubIJyh2vN26SqbOkELS67EGXNJfLW/uGsvMqP
buhsvYJLhM9SxAXwtbf9ld7/58/XlKPyGMY8M/BFpVdii5JT9AgORMzl06/Vxk2M
mvuUmJW8jyLvi0pB8bYGcByFrfxY58/wAEgiw/Y+71QjBVAqi6Lu1pOzxW0o8hz4
qm62jLluGkmq/dkmKDKz
=xwRJ
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBVmkYhn6ZAP0PgtI9AQKXmRAAxSv4kkLf57xBlz0B+RUvpBTy1HK/rant
8KPJk6UMyhL9YSItH06uE6i4fRFzmXxFYTUz8PTVuVKXWaAKOuCxLF6DTbCPBTHu
/NVadBs8p4oypwHPz1V9LbVbbq+AU8JCoguNmDffT1rRUVKE1wdnalr0u0otqest
9wDqvr59LyiLbRRWLTlVUXlBibLccRVIw9UdMwlAu8iuh8hFGV8Oo7RggFZKWmAN
8F0f8AGdvOm9DXHENkBVsvLLs4AzQgOs7qtVa2DlxzezXgyrDPsuZIND4pgOMpOc
ZwK/mfVDU7E9xNUqQRPPD45aHin04Xz9MKn8u7eiddTi1mvSPkXAKQd+81IA7RgV
65Nm5sFnCHhnAioVpZQcNps+7w3OZrttlKYpnpxxD98kUcnFygc6YBZMHL6M+PNy
sjgGJtwDNTY7KVXn1QCivXTzKdR1tgcRV21EcjPG79MK4tj9UMEfCEL7//YokDq2
ChFI4L/s53PDiYjokfZy3fXTyzzie80bTUZV5+Gs5X6BVUxVKBSw7XwjLWrMM4zQ
iFUIxg0vYbBTKSow42otI0vkFsLZ8FaM/cN1iikJ5TmZg5QumysaC1wv1PI43jYa
oil6TwhsTslqGv9AIsiD89ONAPw8aWZgbXYyAtwwsvy8P5feom+TaNXY4be89CQP
xRScdK9TJ1Y=
=Etvt
-----END PGP SIGNATURE-----