Security Information / 2012 / Security Information -- DSA-2501-1 xen

Debian Security Advisory

DSA-2501-1 xen -- several vulnerabilities

Date Reported:

24 Jun 2012

Affected Packages:

xen

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2012-0217, CVE-2012-0218, CVE-2012-2934.

More information:

Several vulnerabilities were discovered in Xen, a hypervisor.

• CVE-2012-0217

  Xen does not properly handle uncanonical return addresses on Intel amd64 CPUs, allowing amd64 PV guests to elevate to hypervisor privileges. AMD processors, HVM and i386 guests are not affected.

• CVE-2012-0218

  Xen does not properly handle SYSCALL and SYSENTER instructions in PV guests, allowing unprivileged users inside a guest system to crash the guest system.

• CVE-2012-2934

  Xen does not detect old AMD CPUs affected by AMD Erratum #121.

For CVE-2012-2934, Xen refuses to start domUs on affected systems unless the allow_unsafe option is passed.

For the stable distribution (squeeze), these problems have been fixed in version 4.0.1-5.2.

For the testing distribution (wheezy) and the unstable distribution (sid), these problems have been fixed in version 4.1.3~rc1+hg-20120614.a9c0a89c08f2-1.

We recommend that you upgrade your xen packages.