24 Jun 2012 17:22
[SECURITY] [DSA 2501-1] xen security update
Florian Weimer <fw <at> deneb.enyo.de>
2012-06-24 15:22:35 GMT
2012-06-24 15:22:35 GMT
------------------------------------------------------------------------- Debian Security Advisory DSA-2501-1 security <at> debian.org http://www.debian.org/security/ Florian Weimer June 24, 2012 http://www.debian.org/security/faq ------------------------------------------------------------------------- Package : xen Vulnerability : several Problem type : local Debian-specific: no CVE ID : CVE-2012-0217 CVE-2012-0218 CVE-2012-2934 Several vulnerabilities were discovered in Xen, a hypervisor. CVE-2012-0217 Xen does not properly handle uncanonical return addresses on Intel amd64 CPUs, allowing amd64 PV guests to elevate to hypervisor privileges. AMD processors, HVM and i386 guests are not affected. CVE-2012-0218 Xen does not properly handle SYSCALL and SYSENTER instructions in PV guests, allowing unprivileged users inside a guest system to crash the guest system. CVE-2012-2934 Xen does not detect old AMD CPUs affected by AMD Erratum #121. For CVE-2012-2934, Xen refuses to start domUs on affected systems(Continue reading)
RSS Feed