ESB-2017.2303 - [Debian] xen: Multiple vulnerabilities 2017-09-13

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2017.2303
                            xen security update
                             13 September 2017

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           xen
Publisher:         Debian
Operating System:  Debian GNU/Linux 8
                   Debian GNU/Linux 9
Impact/Access:     Increased Privileges     -- Existing Account
                   Denial of Service        -- Existing Account
                   Access Confidential Data -- Existing Account
                   Reduced Security         -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2017-12855 CVE-2017-12137 CVE-2017-12136
                   CVE-2017-12135 CVE-2017-10922 CVE-2017-10921
                   CVE-2017-10920 CVE-2017-10919 CVE-2017-10918
                   CVE-2017-10917 CVE-2017-10916 CVE-2017-10915
                   CVE-2017-10914 CVE-2017-10913 CVE-2017-10912

Reference:         ESB-2017.2203
                   ESB-2017.2213
                   ESB-2017.2213

Original Bulletin: 
   http://www.debian.org/security/2017/dsa-3969

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- - -------------------------------------------------------------------------
Debian Security Advisory DSA-3969-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
September 12, 2017                    https://www.debian.org/security/faq
- - -------------------------------------------------------------------------

Package        : xen
CVE ID         : CVE-2017-10912 CVE-2017-10913 CVE-2017-10914
                 CVE-2017-10915 CVE-2017-10916 CVE-2017-10917
		 CVE-2017-10918 CVE-2017-10919 CVE-2017-10920
		 CVE-2017-10921 CVE-2017-10922 CVE-2017-12135 
                 CVE-2017-12136 CVE-2017-12137 CVE-2017-12855

Multiple vulnerabilities have been discovered in the Xen hypervisor:

CVE-2017-10912

    Jann Horn discovered that incorrectly handling of page transfers might
    result in privilege escalation.

CVE-2017-10913 / CVE-2017-10914

    Jann Horn discovered that race conditions in grant handling might
    result in information leaks or privilege escalation.

CVE-2017-10915

    Andrew Cooper discovered that incorrect reference counting with
    shadow paging might result in privilege escalation.

CVE-2017-10916

    Andrew Cooper discovered an information leak in the handling
    of the the Memory Protection Extensions (MPX) and Protection
    Key (PKU) CPU features. This only affects Debian stretch.

CVE-2017-10917

    Ankur Arora discovered a NULL pointer dereference in event
    polling, resulting in denial of service.

CVE-2017-10918

    Julien Grall discovered that incorrect error handling in
    physical-to-machine memory mappings may result in privilege
    escalation, denial of service or an information leak.

CVE-2017-10919

    Julien Grall discovered that that incorrect handling of
    virtual interrupt injection on ARM systems may result in
    denial of service.

CVE-2017-10920 / CVE-2017-10921 / CVE-2017-10922

    Jan Beulich discovered multiple places where reference
    counting on grant table operations was incorrect, resulting
    in potential privilege escalation

CVE-2017-12135

    Jan Beulich found multiple problems in the handling of
    transitive grants which could result in denial of service
    and potentially privilege escalation.

CVE-2017-12136

    Ian Jackson discovered that race conditions in the allocator
    for grant mappings may result in denial of service or privilege
    escalation. This only affects Debian stretch.

CVE-2017-12137

    Andrew Cooper discovered that incorrect validation of
    grants may result in privilege escalation.

CVE-2017-12855

    Jan Beulich discovered that incorrect grant status handling, thus
    incorrectly informing the guest that the grant is no longer in use.

XSA-235 (no CVE yet)

    Wei Liu discovered that incorrect locking of add-to-physmap
    operations on ARM may result in denial of service.

For the oldstable distribution (jessie), these problems have been fixed
in version 4.4.1-9+deb8u10.

For the stable distribution (stretch), these problems have been fixed in
version 4.8.1-1+deb9u3.

We recommend that you upgrade your xen packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlm4TAgACgkQEMKTtsN8
TjY0fg/+M9abYbzVprbp5JfvELlm0tgfOcgqqbLAzh4j5Fk+KpuOjqCPoGTP9wux
fiuQgej7Vr3REScjSZWZL0kfAIBN/Em79GcNhBEhsXefbEeDbGR4XNkk6RAhie4W
JVkzsq2J0xV1gSiug71G6ujRiiAnuHO6EV5NHqa1Oi9mVQY8BrXl0Vyx4ZLcOI/X
HIajFwrIY5cCm+vyAng1YER31ApHTPUxJ+6oDyCwyCs7pm3Ep2GmyYJQ6mkYZ5JU
remFj8x59/Pt6FDX+Kk4KDb6LPJc5f0hchrYNyrL+Jv/hT0gVdSlqxF40CuAtXUv
qlzI18cdtCSNEJV2K82eDd9iF0UA/L5+SRnxg5zpbaa5pGLGneQQPGfrDqOLXTnM
T0BmVY2QvTp68858dUy7F8uZRt6gRLiZ2heGplt1xYfAeSKhrXhkBAyCBuuryCiT
rjwyHcRKjLd1RPIyeRMYjA8JTrPmwbkhYCTta+WyVA9CdAKBXOeISyKn4bix0jJg
KWYyJhUpmG5fCjKeTEruTmYlnrAX+/BqJPKUt1SFoCDJJ0SYQqCIFudcgcznkRgW
2yfgo3n1lS8gyP4J8Q5aSF5AkpjIoUTe4lYUER9UK9+nKyfT55+HliNkeZy2GIOi
vUSfPoRSFL2hge863SUxZ/fu6or9SttRVIlGqK5Q/BgoGXzNbQg=
=iDjs
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWbiiMYx+lLeg9Ub1AQhn0w//RCugY3g75IqO6Q3r9r7qSk+M/B7ONwwj
burJ21gdWyaj6dkOQ6GZrOJOZ2efqNXZpQC3W6FSMNB/em8E0xkWgSVONaUaq6Ny
mx8fLlxhj8ivy49KmEVJxWpv1dzLO9PaiXh9HeruCP/rZcWoNikV622uJSMf6kOu
Isc+H77x+SXPnV29XMlu7VJYHrhDfkpv3Ma7Gj31q9mpHS5M774w69Vae+Jq0DuU
KunFH7T9MB30R0OVbKHVcssaMG+oasZTSf8D/soiz/tbXQzXy2nmNOFcXJfbqAJi
wKrnShOI9XAqxpC2S3AI4x6cvRx1VMXSI6pjZgHBJTN+RJv+HmYIlutUn0LWqXca
HaXcgDsqiEXeLfmK/P602LLt86MpRCdC4206J+b6uHLp77tZYD1ACZTsGemyOuer
qEd//PMmEEMtoNzKPRDk1X/5yS/ocPUSThsyd16lEMMvDm6c73AEaVP4GdN8bLjn
pHI/waVmBZzx7pcGH+yJplNyN6xwEJMYL6m/Z/PqXrBfEtE68Jftneqbms6ZQcwp
/+R6Z7xR4wtxAy+LwJlu8+SdNC2OlpWNIIFzhbB5ZFFfn92BMf4Jya+OFugZRqdg
aX9CdQjqXRmrtt/pBP8ZPy088qFIdMsmjESR7tgYY/lenrQufSdSY9lt2SPfPVUv
2cmzyD+h6DM=
=Swbx
-----END PGP SIGNATURE-----

« Back to bulletins