Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2017.2303 xen security update 13 September 2017 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: xen Publisher: Debian Operating System: Debian GNU/Linux 8 Debian GNU/Linux 9 Impact/Access: Increased Privileges -- Existing Account Denial of Service -- Existing Account Access Confidential Data -- Existing Account Reduced Security -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2017-12855 CVE-2017-12137 CVE-2017-12136 CVE-2017-12135 CVE-2017-10922 CVE-2017-10921 CVE-2017-10920 CVE-2017-10919 CVE-2017-10918 CVE-2017-10917 CVE-2017-10916 CVE-2017-10915 CVE-2017-10914 CVE-2017-10913 CVE-2017-10912 Reference: ESB-2017.2203 ESB-2017.2213 ESB-2017.2213 Original Bulletin: http://www.debian.org/security/2017/dsa-3969 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-3969-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff September 12, 2017 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : xen CVE ID : CVE-2017-10912 CVE-2017-10913 CVE-2017-10914 CVE-2017-10915 CVE-2017-10916 CVE-2017-10917 CVE-2017-10918 CVE-2017-10919 CVE-2017-10920 CVE-2017-10921 CVE-2017-10922 CVE-2017-12135 CVE-2017-12136 CVE-2017-12137 CVE-2017-12855 Multiple vulnerabilities have been discovered in the Xen hypervisor: CVE-2017-10912 Jann Horn discovered that incorrectly handling of page transfers might result in privilege escalation. CVE-2017-10913 / CVE-2017-10914 Jann Horn discovered that race conditions in grant handling might result in information leaks or privilege escalation. CVE-2017-10915 Andrew Cooper discovered that incorrect reference counting with shadow paging might result in privilege escalation. CVE-2017-10916 Andrew Cooper discovered an information leak in the handling of the the Memory Protection Extensions (MPX) and Protection Key (PKU) CPU features. This only affects Debian stretch. CVE-2017-10917 Ankur Arora discovered a NULL pointer dereference in event polling, resulting in denial of service. CVE-2017-10918 Julien Grall discovered that incorrect error handling in physical-to-machine memory mappings may result in privilege escalation, denial of service or an information leak. CVE-2017-10919 Julien Grall discovered that that incorrect handling of virtual interrupt injection on ARM systems may result in denial of service. CVE-2017-10920 / CVE-2017-10921 / CVE-2017-10922 Jan Beulich discovered multiple places where reference counting on grant table operations was incorrect, resulting in potential privilege escalation CVE-2017-12135 Jan Beulich found multiple problems in the handling of transitive grants which could result in denial of service and potentially privilege escalation. CVE-2017-12136 Ian Jackson discovered that race conditions in the allocator for grant mappings may result in denial of service or privilege escalation. This only affects Debian stretch. CVE-2017-12137 Andrew Cooper discovered that incorrect validation of grants may result in privilege escalation. CVE-2017-12855 Jan Beulich discovered that incorrect grant status handling, thus incorrectly informing the guest that the grant is no longer in use. XSA-235 (no CVE yet) Wei Liu discovered that incorrect locking of add-to-physmap operations on ARM may result in denial of service. For the oldstable distribution (jessie), these problems have been fixed in version 4.4.1-9+deb8u10. For the stable distribution (stretch), these problems have been fixed in version 4.8.1-1+deb9u3. We recommend that you upgrade your xen packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlm4TAgACgkQEMKTtsN8 TjY0fg/+M9abYbzVprbp5JfvELlm0tgfOcgqqbLAzh4j5Fk+KpuOjqCPoGTP9wux fiuQgej7Vr3REScjSZWZL0kfAIBN/Em79GcNhBEhsXefbEeDbGR4XNkk6RAhie4W JVkzsq2J0xV1gSiug71G6ujRiiAnuHO6EV5NHqa1Oi9mVQY8BrXl0Vyx4ZLcOI/X HIajFwrIY5cCm+vyAng1YER31ApHTPUxJ+6oDyCwyCs7pm3Ep2GmyYJQ6mkYZ5JU remFj8x59/Pt6FDX+Kk4KDb6LPJc5f0hchrYNyrL+Jv/hT0gVdSlqxF40CuAtXUv qlzI18cdtCSNEJV2K82eDd9iF0UA/L5+SRnxg5zpbaa5pGLGneQQPGfrDqOLXTnM T0BmVY2QvTp68858dUy7F8uZRt6gRLiZ2heGplt1xYfAeSKhrXhkBAyCBuuryCiT rjwyHcRKjLd1RPIyeRMYjA8JTrPmwbkhYCTta+WyVA9CdAKBXOeISyKn4bix0jJg KWYyJhUpmG5fCjKeTEruTmYlnrAX+/BqJPKUt1SFoCDJJ0SYQqCIFudcgcznkRgW 2yfgo3n1lS8gyP4J8Q5aSF5AkpjIoUTe4lYUER9UK9+nKyfT55+HliNkeZy2GIOi vUSfPoRSFL2hge863SUxZ/fu6or9SttRVIlGqK5Q/BgoGXzNbQg= =iDjs - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWbiiMYx+lLeg9Ub1AQhn0w//RCugY3g75IqO6Q3r9r7qSk+M/B7ONwwj burJ21gdWyaj6dkOQ6GZrOJOZ2efqNXZpQC3W6FSMNB/em8E0xkWgSVONaUaq6Ny mx8fLlxhj8ivy49KmEVJxWpv1dzLO9PaiXh9HeruCP/rZcWoNikV622uJSMf6kOu Isc+H77x+SXPnV29XMlu7VJYHrhDfkpv3Ma7Gj31q9mpHS5M774w69Vae+Jq0DuU KunFH7T9MB30R0OVbKHVcssaMG+oasZTSf8D/soiz/tbXQzXy2nmNOFcXJfbqAJi wKrnShOI9XAqxpC2S3AI4x6cvRx1VMXSI6pjZgHBJTN+RJv+HmYIlutUn0LWqXca HaXcgDsqiEXeLfmK/P602LLt86MpRCdC4206J+b6uHLp77tZYD1ACZTsGemyOuer qEd//PMmEEMtoNzKPRDk1X/5yS/ocPUSThsyd16lEMMvDm6c73AEaVP4GdN8bLjn pHI/waVmBZzx7pcGH+yJplNyN6xwEJMYL6m/Z/PqXrBfEtE68Jftneqbms6ZQcwp /+R6Z7xR4wtxAy+LwJlu8+SdNC2OlpWNIIFzhbB5ZFFfn92BMf4Jya+OFugZRqdg aX9CdQjqXRmrtt/pBP8ZPy088qFIdMsmjESR7tgYY/lenrQufSdSY9lt2SPfPVUv 2cmzyD+h6DM= =Swbx -----END PGP SIGNATURE-----