Debian Security Advisory
DSA-2501-1 xen -- several vulnerabilities
- Date Reported:
- 24 Jun 2012
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2012-0217, CVE-2012-0218, CVE-2012-2934.
- More information:
Several vulnerabilities were discovered in Xen, a hypervisor.
Xen does not properly handle uncanonical return addresses on Intel amd64 CPUs, allowing amd64 PV guests to elevate to hypervisor privileges. AMD processors, HVM and i386 guests are not affected.
Xen does not properly handle SYSCALL and SYSENTER instructions in PV guests, allowing unprivileged users inside a guest system to crash the guest system.
Xen does not detect old AMD CPUs affected by AMD Erratum #121.
For CVE-2012-2934, Xen refuses to start domUs on affected systems unless the
allow_unsafeoption is passed.
For the stable distribution (squeeze), these problems have been fixed in version 4.0.1-5.2.
For the testing distribution (wheezy) and the unstable distribution (sid), these problems have been fixed in version 4.1.3~rc1+hg-20120614.a9c0a89c08f2-1.
We recommend that you upgrade your xen packages.