ESB-2018.0467 - [Debian] xen: Multiple vulnerabilities 2018-02-16

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2018.0467
                            xen security update
                             16 February 2018

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           xen
Publisher:         Debian
Operating System:  Debian GNU/Linux 9
Impact/Access:     Increased Privileges -- Existing Account
                   Denial of Service    -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2017-17566 CVE-2017-17565 CVE-2017-17564
                   CVE-2017-17563  

Reference:         ESB-2018.0462

Original Bulletin: 
   http://www.debian.org/security/2018/dsa-4112

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- - -------------------------------------------------------------------------
Debian Security Advisory DSA-4112-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
February 14, 2018                     https://www.debian.org/security/faq
- - -------------------------------------------------------------------------

Package        : xen
CVE ID         : CVE-2017-17563 CVE-2017-17564 CVE-2017-17565
                 CVE-2017-17566

Multiple vulnerabilities have been discovered in the Xen hypervisor:

CVE-2017-17563

    Jan Beulich discovered that an incorrect reference count overflow
    check in x86 shadow mode may result in denial of service or
    privilege escalation.

CVE-2017-17564

    Jan Beulich discovered that improper x86 shadow mode reference count
    error handling may result in denial of service or privilege
    escalation.

CVE-2017-17565

    Jan Beulich discovered that an incomplete bug check in x86 log-dirty
    handling may result in denial of service.

CVE-2017-17566

    Jan Beulich discovered that x86 PV guests may gain access to
    internally used pages which could result in denial of service or
    potential privilege escalation.

In addition this update ships the "Comet" shim to address the Meltdown
class of vulnerabilities for guests with legacy PV kernels. In addition,
the package provides the "Xen PTI stage 1" mitigation which is built-in
and enabled by default on Intel systems, but can be disabled with
`xpti=false' on the hypervisor command line (It does not make sense to
use both xpti and the Comet shim.)

Please refer to the following URL for more details on how to configure
individual mitigation strategies:
https://xenbits.xen.org/xsa/advisory-254.html

Additional information can also be found in README.pti and README.comet.

For the stable distribution (stretch), these problems have been fixed in
version 4.8.3+comet2+shim4.10.0+comet3-1+deb9u4.1.

We recommend that you upgrade your xen packages.

For the detailed security status of xen please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/xen

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlqErBcACgkQEMKTtsN8
TjaR6BAAlxX93JKrd2klt5IlZ7+0FGw7Ml5lg81+ZDsMqAkOox9ynRzzN87nzmRX
HhSQWU5fU8RQUSvMKOgTGLE6tZ3aOX/5vTsCFrxqr6M01X4yYONXe6n2+M/Cnm00
IwVxeVudZVv7ue1bxbBa6YBXxa0Z5+5m19qtU33EHUwIh6W/pHMTKcU9cw57mhiI
Qxojsi3/9M4rdwh2BGLVpHQ8qW4wyMvf8HOXn4SVqWGBK3LZCmyGuOKgj4gYuk13
3qg+i8WOCZsubvximYb41eu8XfW0oihajgmB/SkWBtScs/q09wn1gRh/kwEBmPzs
3s5d/Z47VAEP5O8lJHJmHX1+ULKczgsFHWb6vDeUgrrvWqGZ2hdZUkeo5mVLF2iB
h2NlSSm734Lxb0jGLcpDWiYitpzv3vGvm8tf14r8Vt4mfEb+6+pD8T7tD5pK4Gb0
weFE+PoakMbzmTKjkyets6kKOLh9rwoO5pk+Epg8ancVYG7wkCenpb/GIID94yly
nitfKQMr9uuFP1tp04aCVcXfsDVnCKkTwfRx6Ie4LS9m38MiNosxJogWS6ywOFj2
os/DcYMtn/J5w+9YPOHqLod7yJVXBBA0rb1etN8r/I76RjX/d085rjN4UQ17wdrU
kRFdAPmsyZ6XEgmACfppczEXS+3adLp6GGfMiunzR0Ruxvq2AHA=
=o99Q
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWoYrlox+lLeg9Ub1AQhivQ/6A05DF1PKotTUt3qD1VMJOO7Y01rruKGd
M9tyPJcixvuPP6agND3gmsGzk9vvBBrEkZlgYQcb/h0V4Aep5vq/ghFEvj/hWTV8
zLuqWbieZshfCvwMlowldT/ip4AH6bk45h4opsk4m0j7tciyyfgQY1zcr3W43PXg
ZazhImcPqH239grsfNzCXbifQg7MZBMY+7w4SSUrWBM3/yy26c/9nY8k3Zh8I3AC
aV3TbpGjcEGmvWTvP9sT9QFU+2moaLJ3LELiAvPn4EO5na9dsaq3EUidB/kmG0+5
8egoTXrsuPT0Aod++iP9zL7dvH3CKbztLeWhvWv60RPTF8yPMKJMFgrOLPrzHkie
mBviaNtGsIwn42TUMZ2TGLtzej05EcvdzJOT3+V8zzHwocXNPD8Fd00GeiWX/GhA
PRLRyTxjEKm3pMlElWZM8nU79zZvMfOpXOz3NXNpeI8iRsCPuh5p8R/lUCxIndL9
ONBVoDr+ENmZ4O3jSKnG15DYXs8+ZBwNXsLGyzt1Pd/ST37di1eO1tDDW/yNVVBb
rJ3U/4XtbeJBjCQ9kJLGI3rVR9iRMrFdAIc+qLaZMTmbKEAda4LE2NH0eovL1Zmo
BD55hGaIHkGvUzk/QXuDcyqls2qiVRE8OSQb+VwWLeZPadNAirnbXIdoVmb4f41N
Kn6pZDq6pqQ=
=kRUq
-----END PGP SIGNATURE-----

« Back to bulletins