Security Information / 2015 / Security Information -- DSA-3286-1 xen

Debian Security Advisory

DSA-3286-1 xen -- security update

Date Reported:

13 Jun 2015

Affected Packages:

xen

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2015-3209, CVE-2015-4103, CVE-2015-4104, CVE-2015-4105, CVE-2015-4106, CVE-2015-4163, CVE-2015-4164.

More information:

Multiple security issues have been found in the Xen virtualisation solution:

• CVE-2015-3209

  Matt Tait discovered a flaw in the way QEMU's AMD PCnet Ethernet emulation handles multi-TMD packets with a length above 4096 bytes. A privileged guest user in a guest with an AMD PCNet ethernet card enabled can potentially use this flaw to execute arbitrary code on the host with the privileges of the hosting QEMU process.

• CVE-2015-4103

  Jan Beulich discovered that the QEMU Xen code does not properly restrict write access to the host MSI message data field, allowing a malicious guest to cause a denial of service.

• CVE-2015-4104

  Jan Beulich discovered that the QEMU Xen code does not properly restrict access to PCI MSI mask bits, allowing a malicious guest to cause a denial of service.

• CVE-2015-4105

  Jan Beulich reported that the QEMU Xen code enables logging for PCI MSI-X pass-through error messages, allowing a malicious guest to cause a denial of service.

• CVE-2015-4106

  Jan Beulich discovered that the QEMU Xen code does not properly restrict write access to the PCI config space for certain PCI pass-through devices, allowing a malicious guest to cause a denial of service, obtain sensitive information or potentially execute arbitrary code.

• CVE-2015-4163

  Jan Beulich discovered that a missing version check in the GNTTABOP_swap_grant_ref hypercall handler may result in denial of service. This only applies to Debian stable/jessie.

• CVE-2015-4164

  Andrew Cooper discovered a vulnerability in the iret hypercall handler, which may result in denial of service.

For the oldstable distribution (wheezy), these problems have been fixed in version 4.1.4-3+deb7u8.

For the stable distribution (jessie), these problems have been fixed in version 4.4.1-9+deb8u1. CVE-2015-3209, CVE-2015-4103, CVE-2015-4104, CVE-2015-4105 and CVE-2015-4106 don't affect the Xen package in stable jessie, it uses the standard qemu package and has already been fixed in DSA-3284-1.

For the unstable distribution (sid), these problems will be fixed soon.

We recommend that you upgrade your xen packages.