Debian Security Advisory
DSA-3286-1 xen -- security update
- Date Reported:
- 13 Jun 2015
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2015-3209, CVE-2015-4103, CVE-2015-4104, CVE-2015-4105, CVE-2015-4106, CVE-2015-4163, CVE-2015-4164.
- More information:
Multiple security issues have been found in the Xen virtualisation solution:
Matt Tait discovered a flaw in the way QEMU's AMD PCnet Ethernet emulation handles multi-TMD packets with a length above 4096 bytes. A privileged guest user in a guest with an AMD PCNet ethernet card enabled can potentially use this flaw to execute arbitrary code on the host with the privileges of the hosting QEMU process.
Jan Beulich discovered that the QEMU Xen code does not properly restrict write access to the host MSI message data field, allowing a malicious guest to cause a denial of service.
Jan Beulich discovered that the QEMU Xen code does not properly restrict access to PCI MSI mask bits, allowing a malicious guest to cause a denial of service.
Jan Beulich reported that the QEMU Xen code enables logging for PCI MSI-X pass-through error messages, allowing a malicious guest to cause a denial of service.
Jan Beulich discovered that the QEMU Xen code does not properly restrict write access to the PCI config space for certain PCI pass-through devices, allowing a malicious guest to cause a denial of service, obtain sensitive information or potentially execute arbitrary code.
Jan Beulich discovered that a missing version check in the GNTTABOP_swap_grant_ref hypercall handler may result in denial of service. This only applies to Debian stable/jessie.
Andrew Cooper discovered a vulnerability in the iret hypercall handler, which may result in denial of service.
For the oldstable distribution (wheezy), these problems have been fixed in version 4.1.4-3+deb7u8.
For the stable distribution (jessie), these problems have been fixed in version 4.4.1-9+deb8u1. CVE-2015-3209, CVE-2015-4103, CVE-2015-4104, CVE-2015-4105 and CVE-2015-4106 don't affect the Xen package in stable jessie, it uses the standard qemu package and has already been fixed in DSA-3284-1.
For the unstable distribution (sid), these problems will be fixed soon.
We recommend that you upgrade your xen packages.