drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in Xen
Name: |
Mehrere Probleme in Xen |
|
ID: |
DSA-3969-1 |
|
Distribution: |
Debian |
|
Plattformen: |
Debian jessie, Debian stretch |
|
Datum: |
Di, 12. September 2017, 23:56 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10916
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10918
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12137
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10912
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12135
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10920
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10917
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10921
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10913
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12136
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10915
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10919
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12855
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10914
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10922 |
|
Applikationen: |
Xen |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
- ------------------------------------------------------------------------- Debian Security Advisory DSA-3969-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff September 12, 2017 https://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : xen CVE ID : CVE-2017-10912 CVE-2017-10913 CVE-2017-10914 CVE-2017-10915 CVE-2017-10916 CVE-2017-10917 CVE-2017-10918 CVE-2017-10919 CVE-2017-10920 CVE-2017-10921 CVE-2017-10922 CVE-2017-12135 CVE-2017-12136 CVE-2017-12137 CVE-2017-12855
Multiple vulnerabilities have been discovered in the Xen hypervisor:
CVE-2017-10912
Jann Horn discovered that incorrectly handling of page transfers might result in privilege escalation.
CVE-2017-10913 / CVE-2017-10914
Jann Horn discovered that race conditions in grant handling might result in information leaks or privilege escalation.
CVE-2017-10915
Andrew Cooper discovered that incorrect reference counting with shadow paging might result in privilege escalation.
CVE-2017-10916
Andrew Cooper discovered an information leak in the handling of the the Memory Protection Extensions (MPX) and Protection Key (PKU) CPU features. This only affects Debian stretch.
CVE-2017-10917
Ankur Arora discovered a NULL pointer dereference in event polling, resulting in denial of service.
CVE-2017-10918
Julien Grall discovered that incorrect error handling in physical-to-machine memory mappings may result in privilege escalation, denial of service or an information leak.
CVE-2017-10919
Julien Grall discovered that that incorrect handling of virtual interrupt injection on ARM systems may result in denial of service.
CVE-2017-10920 / CVE-2017-10921 / CVE-2017-10922
Jan Beulich discovered multiple places where reference counting on grant table operations was incorrect, resulting in potential privilege escalation
CVE-2017-12135
Jan Beulich found multiple problems in the handling of transitive grants which could result in denial of service and potentially privilege escalation.
CVE-2017-12136
Ian Jackson discovered that race conditions in the allocator for grant mappings may result in denial of service or privilege escalation. This only affects Debian stretch.
CVE-2017-12137
Andrew Cooper discovered that incorrect validation of grants may result in privilege escalation.
CVE-2017-12855
Jan Beulich discovered that incorrect grant status handling, thus incorrectly informing the guest that the grant is no longer in use.
XSA-235 (no CVE yet)
Wei Liu discovered that incorrect locking of add-to-physmap operations on ARM may result in denial of service.
For the oldstable distribution (jessie), these problems have been fixed in version 4.4.1-9+deb8u10.
For the stable distribution (stretch), these problems have been fixed in version 4.8.1-1+deb9u3.
We recommend that you upgrade your xen packages.
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlm4TAgACgkQEMKTtsN8 TjY0fg/+M9abYbzVprbp5JfvELlm0tgfOcgqqbLAzh4j5Fk+KpuOjqCPoGTP9wux fiuQgej7Vr3REScjSZWZL0kfAIBN/Em79GcNhBEhsXefbEeDbGR4XNkk6RAhie4W JVkzsq2J0xV1gSiug71G6ujRiiAnuHO6EV5NHqa1Oi9mVQY8BrXl0Vyx4ZLcOI/X HIajFwrIY5cCm+vyAng1YER31ApHTPUxJ+6oDyCwyCs7pm3Ep2GmyYJQ6mkYZ5JU remFj8x59/Pt6FDX+Kk4KDb6LPJc5f0hchrYNyrL+Jv/hT0gVdSlqxF40CuAtXUv qlzI18cdtCSNEJV2K82eDd9iF0UA/L5+SRnxg5zpbaa5pGLGneQQPGfrDqOLXTnM T0BmVY2QvTp68858dUy7F8uZRt6gRLiZ2heGplt1xYfAeSKhrXhkBAyCBuuryCiT rjwyHcRKjLd1RPIyeRMYjA8JTrPmwbkhYCTta+WyVA9CdAKBXOeISyKn4bix0jJg KWYyJhUpmG5fCjKeTEruTmYlnrAX+/BqJPKUt1SFoCDJJ0SYQqCIFudcgcznkRgW 2yfgo3n1lS8gyP4J8Q5aSF5AkpjIoUTe4lYUER9UK9+nKyfT55+HliNkeZy2GIOi vUSfPoRSFL2hge863SUxZ/fu6or9SttRVIlGqK5Q/BgoGXzNbQg= =iDjs -----END PGP SIGNATURE-----
|
|
|
|