drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in Xen
Name: |
Mehrere Probleme in Xen |
|
ID: |
DSA-3663-1 |
|
Distribution: |
Debian |
|
Plattformen: |
Debian jessie |
|
Datum: |
Fr, 9. September 2016, 11:21 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7154
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7092
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7094 |
|
Applikationen: |
Xen |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
- ------------------------------------------------------------------------- Debian Security Advisory DSA-3663-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso September 09, 2016 https://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : xen CVE ID : CVE-2016-7092 CVE-2016-7094 CVE-2016-7154
Multiple vulnerabilities have been discovered in the Xen hypervisor. The Common Vulnerabilities and Exposures project identifies the following problems:
CVE-2016-7092 (XSA-185)
Jeremie Boutoille of Quarkslab and Shangcong Luan of Alibaba discovered a flaw in the handling of L3 pagetable entries, allowing a malicious 32-bit PV guest administrator can escalate their privilege to that of the host.
CVE-2016-7094 (XSA-187)
x86 HVM guests running with shadow paging use a subset of the x86 emulator to handle the guest writing to its own pagetables. Andrew Cooper of Citrix discovered that there are situations a guest can provoke which result in exceeding the space allocated for internal state. A malicious HVM guest administrator can cause Xen to fail a bug check, causing a denial of service to the host.
CVE-2016-7154 (XSA-188)
Mikhail Gorobets of Advanced Threat Research, Intel Security discovered a use after free flaw in the FIFO event channel code. A malicious guest administrator can crash the host, leading to a denial of service. Arbitrary code execution (and therefore privilege escalation), and information leaks, cannot be excluded.
For the stable distribution (jessie), these problems have been fixed in version 4.4.1-9+deb8u7.
We recommend that you upgrade your xen packages.
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJX0kg2AAoJEAVMuPMTQ89EAG0P/0fZID2dOBod15r0GoN28Y7L qFx1Yx3+ZJi/SEq1IVZQQczXCSz19EVe0s+nzcFzsaS5RStoHtUy2DZygjSV+lHU asmfwZgrWeaQejDfo6F8rihXbLCU+cD+R5YUWUODiA6z0NClYHxWu6IgZPPVPRJm vgoPUlSgZRBn/4P5WaLk3rjflMynxbmuLpPOiBxue1ZNzRy4N5rr2w8mGI5Wf0vq MdLkIROy5F3GJvZ30uO4ca4U6fUN49pJ3CE+YefQDsav7MyD9o3wA+94bQ7oFXgj +65QZLtKPhPYX0m3pFwmfuiQCupzog1B9o33eYyBAUV6i2JRS4FQ4ciKujBj+tNC KD1agKNRgXFKgr2itDKlmMgajrACKS1vVnVJrRwlWyX0kegeH61UQFKu7oiWtzl+ WO853HRFaIQFOwrFEPv0KWKzA4zrmz7FXjqSG/yvJAeDenLbODclJlgn4Sei68oI G4nZNPc9Lkfq2xK2UY0FsNKmf1cg92423raKzDhXZbSXl4BVa83d3ZaFCehKrQVO MCDytLw0OudR0aa1kT4O11mwPVLtz2GzxtNv+GVzcsBDoyBvZSyWt8RO6bBDSfiA FYvRvd19L7GQmRoQGdwS2v+2AdU+P4LvZe7NXBXXaW6KWkXccWlk4zd60a2b+FyO GqVKO5POhzy86ToQ5Nho =rOCc -----END PGP SIGNATURE-----
|
|
|
|