[SECURITY] [DLA 964-1] xen security update

2017-06-01T09:15:38
ID DEBIAN:DLA-964-1:19E02
Type debian
Reporter Debian
Modified 2017-06-01T09:15:38

Description

Package : xen Version : 4.1.6.lts1-8 CVE ID : CVE-2016-9932 CVE-2017-7995 CVE-2017-8903 CVE-2017-8904 CVE-2017-8905

Multiple vulnerabilities have been discovered in the Xen hypervisor. The Common Vulnerabilities and Exposures project identifies the following problems:

CVE-2016-9932 (XSA-200)

CMPXCHG8B emulation allows local HVM guest OS users to obtain sensitive
information from host stack memory.

CVE-2017-7995

Description
Xen checks access permissions to MMIO ranges only after accessing them,
allowing host PCI device space memory reads.

CVE-2017-8903 (XSA-213)

Xen mishandles page tables after an IRET hypercall which can lead to
arbitrary code execution on the host OS. The vulnerability is only exposed
to 64-bit PV guests.

CVE-2017-8904 (XSA-214)

Xen mishandles the "contains segment descriptors" property during
GNTTABOP_transfer. This might allow PV guest OS users to execute arbitrary
code on the host OS.

CVE-2017-8905 (XSA-215)

Xen mishandles a failsafe callback which might allow PV guest OS users to
execute arbitrary code on the host OS.

For Debian 7 "Wheezy", these problems have been fixed in version 4.1.6.lts1-8.

We recommend that you upgrade your xen packages.

Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS