Difference between revisions of "Security Announcements (Historical)"

From Xen
(Add XSA-52 through 56)
(Warning: list not updated in real-time. Update some links)
Line 1: Line 1:
The following security advisories have been made in accordance with the [http://www.xen.org/projects/security_vulnerability_process.html xen.org security problem response process].
+
The following security advisories have been made in accordance with the [http://www.xenproject.org/security-policy.html Xen security problem response process].
   
 
Please contact [mailto:security@xen.org security@xen.org] if you wish to disclose a security vulnerability.
 
Please contact [mailto:security@xen.org security@xen.org] if you wish to disclose a security vulnerability.
   
 
See [[Xen Maintenance Releases]] for information relating to stable branch maintenance.
 
See [[Xen Maintenance Releases]] for information relating to stable branch maintenance.
  +
  +
{{Warning|This list is not updated in real-time as advisories are released. In order to get timely notification of security vulnerabilities you should subscribe to the (low volume) [http://lists.xenproject.org/mailman/listinfo/xen-announce Xen Announce] mailing list or, if you are eligible, request access to the Pre-disclosure list (see the [http://www.xenproject.org/security-policy.html Xen security problem response process] for more information).}}
   
 
= XSA-1 Host crash due to failure to correctly validate PV kernel execution state. =
 
= XSA-1 Host crash due to failure to correctly validate PV kernel execution state. =

Revision as of 08:04, 13 June 2013

The following security advisories have been made in accordance with the Xen security problem response process.

Please contact security@xen.org if you wish to disclose a security vulnerability.

See Xen Maintenance Releases for information relating to stable branch maintenance.

Icon Ambox.png This list is not updated in real-time as advisories are released. In order to get timely notification of security vulnerabilities you should subscribe to the (low volume) Xen Announce mailing list or, if you are eligible, request access to the Pre-disclosure list (see the Xen security problem response process for more information).


Contents

XSA-1 Host crash due to failure to correctly validate PV kernel execution state.

Date
14 March 2011
References
CVE-2011-1166
Advisory
Cannot specify user mode execution without specifying user-mode pagetables. Failure to validate this allows a malicious or buggy 64 bit PV guest to crash the host.
nb: predates vulnerability handling process and therefore no formal announcement
Fixes
xen-unstable.hg: 23034:c79aae866ad8
xen-4.1-testing.hg: 22993:842aed720b84
xen-4.0-testing.hg: 21461:ee088a0b5cb8

XSA-2 PV kernel validation vulnerabilities

Date
9 May 2011
References
CVE-2011-1583
Advisory
http://lists.xen.org/archives/html/xen-devel/2011-05/msg00483.html
Fixes
xen-unstable.hg: 23322:d9982136d8fa
xen-4.1-testing.hg: 23042:e2e575f8b5d9
xen-4.0-testing.hg: 21482:c2adc059e931

XSA-3 VT-d (PCI passthrough) MSI

Date
12 May 2011
References
CVE-2011-1898
Advisory
http://lists.xen.org/archives/html/xen-devel/2011-05/msg00687.html
Fixes
xen-unstable.hg: 23337:cc91832a02c7
xen-4.1-testing.hg: 23046:ed630a821de1
xen-4.0-testing.hg: 21485:b85a9e58ec3a

XSA-4 Xen 3.3 vaddr validation

Date
2 September 2011
References
CVE-2011-2901
Advisory
http://lists.xen.org/archives/html/xen-devel/2011-09/msg00119.html
Fixes
xen-unstable.hg: 23800:72edc40e2942
nb: although the off-by-one error was fixed in the above changeset only Xen version 3.3 and earlier were vulnerable due to this error.

XSA-5 IOMMU Fault Live lock

Date
12 August 2011
References
CVE-2011-3131
Advisory
http://lists.xen.org/archives/html/xen-devel/2011-08/msg00450.html
Fixes
xen-unstable.hg: 23762:537ed3b74b3f
xen-4.1-testing.hg: 23112:84e3706df07a
xen-4.0-testing.hg: 21535:789ff1a462b8

XSA-6 HVM e1000, buffer overflow

Date
2 February 2012
References
CVE-2012-0029
Advisory
http://lists.xen.org/archives/html/xen-devel/2012-02/msg00212.html
Fixes
qemu-xen-unstable.git: ebe37b2a3f844bad02dcc30d081f39eda06118f8
qemu-xen-4.1-testing.git: 3cf61880403b4e484539596a95937cc066243388
qemu-xen-4.0-testing.git: 36984c285a765541b04f378bfa84d2c850c167d3

In each case the QEMU_TAG in the corresponding xen.hg repository has been updated so that a completely fresh build will pick up the fix:

xen-unstable.hg: 24673:fcc071c31e3a
xen-4.1-testing.hg: 23224:cccd6c68e1b9
xen-4.0-testing.hg: 21563:3feb83eed6bd

XSA-7 64-bit PV guest privilege escalation vulnerability

Date
12 June 2012 (public disclosure)
References
CVE-2012-0217
Advisory
http://lists.xen.org/archives/html/xen-announce/2012-06/msg00001.html
Fixes
xen-unstable.hg: 25480:76eaf5966c05
xen-4.1-testing.hg: 23299:f08e61b9b33f
xen-4.0-testing.hg: 21590:dd367837e089

XSA-8 guest denial of service on syscall/sysenter exception generation

Date
12 June 2012 (public disclosure)
References
CVE-2012-0218
Advisory
http://lists.xen.org/archives/html/xen-announce/2012-06/msg00003.html
Fixes
xen-unstable.hg: 25200:80f4113be500 & 25204:569d6f05e1ef
xen-4.1-testing.hg: 23300:0fec1afa4638
xen-4.0-testing.hg: 21591:adb943a387c8

XSA-9 PV guest host Denial of Service (AMD erratum #121)

Date
12 June 2012 (public disclosure)
References
CVE-2012-2934
Advisory
http://lists.xen.org/archives/html/xen-announce/2012-06/msg00002.html
Fixes
xen-unstable.hg: 25481:bc2f3a848f9a
xen-4.1-testing.hg: 23301:a9c0a89c08f2
xen-4.0-testing.hg: 21592:e35c8bb53255

XSA-10 HVM guest user mode MMIO emulation DoS vulnerability

Date
26 July 2012 (public disclosure)
References
CVE-2012-3432
Advisory
http://lists.xen.org/archives/html/xen-devel/2012-07/msg01649.html
Fixes
xen-unstable.hg: 25682:ffcb24876b4f
xen-4.1-testing.hg: 23325:a43f5b4b0331
xen-4.0-testing.hg: 21604:82fcf3a5dc3a

XSA-11 HVM guest destroy p2m teardown host DoS vulnerability

Date
8 August 2012 (public disclosure)
References
CVE-2012-3433
Advisory
http://lists.xen.org/archives/html/xen-devel/2012-08/msg00855.html
Fixes
xen-unstable.hg: Not vulnerable
xen-4.1-testing.hg: 23332:859205b36fe9
xen-4.0-testing.hg: 21608:a51c86b407d7

XSA-12 hypercall set_debugreg vulnerability

Date
5 September 2012 (public disclosure)
References
CVE-2012-3494
Advisory
http://lists.xen.org/archives/html/xen-announce/2012-09/msg00000.html
Fixes
xen-unstable.hg: 25814:4f1c69648201
xen-4.1-testing.hg: 23349:bcc340292731
xen-4.0-testing.hg: 21613:92334c7f577e

XSA-13 hypercall physdev_get_free_pirq vulnerability

Date
5 September 2012 (public disclosure)
References
CVE-2012-3495
Advisory
http://lists.xen.org/archives/html/xen-announce/2012-09/msg00001.html
Fixes
xen-unstable.hg: Not vulnerable
xen-4.1-testing.hg: 23350:6779ddca8593

XSA-14 XENMEM_populate_physmap DoS vulnerability

Date
5 September 2012 (public disclosure)
References
CVE-2012-3496
Advisory
http://lists.xen.org/archives/html/xen-announce/2012-09/msg00002.html
Fixes
xen-unstable.hg: 25815:bcf58ef63b7c
xen-4.1-testing.hg: 23351:8ebda5388e4e
xen-4.0-testing.hg: 21614:96b08706a0ed

XSA-15 multiple TMEM hypercall vulnerabilities

Date
5 September 2012 (public disclosure)
References
CVE-2012-3497
Advisory
http://lists.xen.org/archives/html/xen-announce/2012-09/msg00006.html
Fixes
None at this time. See advisory for details.

XSA-16 PHYSDEVOP_map_pirq index vulnerability

Date
5 September 2012 (public disclosure)
References
CVE-2012-3498
Advisory
http://lists.xen.org/archives/html/xen-announce/2012-09/msg00005.html
Fixes
xen-unstable.hg: 25816:2750340a347d
xen-4.1-testing.hg: 23352:936f63ee4dad

XSA-17 Qemu VT100 emulation vulnerability

Date
5 September 2012 (public disclosure)
References
CVE-2012-3515
Advisory
http://lists.xen.org/archives/html/xen-announce/2012-09/msg00003.html
Fixes
qemu-upstream-unstable.git: 87650d262dea07c955a683dcac75db86477c7ee3 (qemu-xen tree)
qemu-xen-unstable.git: a56ae4b5069c7b23ee657b15f08443a9b14a8e7b (qemu-xen-traditional tree)
qemu-xen-4.1-testing.git: 3220480734832a148d26f7a81f90af61c2ecfdd9 (qemu-xen-traditional tree)
qemu-xen-4.0-testing.git: 091149d364e893e643a5da3175c3f84d2163cb3e (qemu-xen-traditional tree)

In each case the QEMU_TAG in the corresponding xen.hg repository has been updated so that a completely fresh build will pick up the fix to qemu-xen-traditional:

xen-unstable.hg: 25818:50adc933faaf
xen-4.1-testing.hg: 23353:3e4782f17f5c
xen-4.0-testing.hg: 21615:79444af3258c

XSA-18 grant table entry swaps have inadequate bounds checking

Date
5 September 2012 (public disclosure)
References
CVE-2012-3516
Advisory
http://lists.xen.org/archives/html/xen-announce/2012-09/msg00004.html
Fixes
xen-unstable.hg: 25817:93e5a791d076


XSA-19 guest administrator can access qemu monitor console

Date
6 September 2012 (public disclosure)
References
CVE-2012-4411
Advisory
http://lists.xen.org/archives/html/xen-announce/2012-09/msg00007.html
Fixes
qemu-upstream-unstable.git: Not vulnerable
qemu-xen-unstable.git: bacc0d302445c75f18f4c826750fb5853b60e7ca
qemu-xen-4.1-testing.git: d7d453f51459b591faa96d1c123b5bfff7c5b6b6
qemu-xen-4.0-testing.git: eaa1bd612f50d2f253738ed19e14981e4ede98a5

In each case the QEMU_TAG in the corresponding xen.hg repository has been updated so that a completely fresh build will pick up the fix:

xen-unstable.hg: 25822:ec23c2a11f6f
xen-4.1-testing.hg: 23354:9be1175d2ac3
xen-4.0-testing.hg: 21616:512168f88df9 & 21617:1d1538beeada


XSA 20 Timer overflow DoS vulnerability

Date
13 November 2012
References
CVE-2012-4535
Advisory
http://lists.xen.org/archives/html/xen-announce/2012-11/msg00001.html
Fixes
xen-unstable.hg: 26148:bf58b94b3cef
xen-4.2-testing.hg: 25919:788af5959f69
xen-4.1-testing.hg: 23406:701f5e3321c1
xen-4.0-testing.hg: 21618:6b9809dc1e86

XSA 21 pirq range check DoS vulnerability

Date
13 November 2012
References
CVE-2012-4536
Advisory
http://lists.xen.org/archives/html/xen-announce/2012-11/msg00003.html
Fixes
xen-unstable.hg: Not vulnerable
xen-4.2-testing.hg: Not vulnerable
xen-4.1-testing.hg: 23407:210f16b6509b

XSA 22 Memory mapping failure DoS vulnerability

Date
13 November 2012
References
CVE-2012-4537
Advisory
http://lists.xen.org/archives/html/xen-announce/2012-11/msg00005.html
Fixes
xen-unstable.hg: 26149:6b6a4007a609
xen-4.2-testing.hg: 25920:4cffe28427e0
xen-4.1-testing.hg: 23408:f635b1447d7e
xen-4.0-testing.hg: 21619:04462a8c7966
xen-3.4-testing.hg: 20028:b42c35f6369a

XSA 23 Unhooking empty PAE entries DoS vulnerability

Date
13 November 2012
References
CVE-2012-4538
Advisory
http://lists.xen.org/archives/html/xen-announce/2012-11/msg00004.html
Fixes
xen-unstable.hg: 26150:c7a01b6450e4
xen-4.2-testing.hg: 25921:159080b58dda
xen-4.1-testing.hg: 23409:61eb3d030f52
xen-4.0-testing.hg: 21620:c52d74b254dc

XSA 24 Grant table hypercall infinite loop DoS vulnerability

Date
13 November 2012
References
CVE-2012-4539
Advisory
http://lists.xen.org/archives/html/xen-announce/2012-11/msg00002.html
Fixes
xen-unstable.hg: 26151:b64a7d868f06
xen-4.2-testing.hg: 25922:8ca6372315f8
xen-4.1-testing.hg: 23410:178f63286b02
xen-4.0-testing.hg: 21621:68d7b9cc8259

XSA 25 Xen domain builder Out-of-memory due to malicious kernel/ramdisk

Date
13 November 2012
References
CVE-2012-4544,CVE-2012-2625
Advisory
http://lists.xen.org/archives/html/xen-announce/2012-11/msg00006.html
Fixes
xen-unstable.hg: 25589:60f09d1ab1fe 26115:37a8946eeb9d
xen-4.2-testing.hg: 25589:60f09d1ab1fe 25883:537776f51f79
xen-4.1-testing.hg: 23385:69d1cc78a5bd


XSA 26 Grant table version switch list corruption vulnerability

Date
3 December 2012 (public disclosure)
References
CVE-2012-5510
Advisory
http://lists.xen.org/archives/html/xen-announce/2012-12/msg00000.html
Fixes
xen-unstable.hg: 26229:90a697f3e78c
xen-4.2-testing.hg: 25933:dea7d4e5bfc1
xen-4.1-testing.hg: 23416:7172203aec98

XSA 27 several HVM operations do not validate the range of their inputs

Date
3 December 2012 (public disclosure)
References
CVE-2012-5511
Advisory
http://lists.xen.org/archives/html/xen-announce/2012-12/msg00006.html
Fixes
xen-unstable.hg: 26230:96fed5bcd097
xen-4.2-testing.hg: 25934:5771c761ff1b
xen-4.1-testing.hg: 23417:53ef1f35a0f8

XSA 28 HVMOP_get_mem_access crash / HVMOP_set_mem_access information leak

Date
3 December 2012 (public disclosure)
References
CVE-2012-5512
Advisory
http://lists.xen.org/archives/html/xen-announce/2012-12/msg00003.html
Fixes
xen-unstable.hg: Not vulnerable
xen-4.2-testing.hg: Not vulnerable
xen-4.1-testing.hg: 23418:e7c8ffa11596

XSA 29 XENMEM_exchange may overwrite hypervisor memory

Date
3 December 2012 (public disclosure)
References
CVE-2012-5513
Advisory
http://lists.xen.org/archives/html/xen-announce/2012-12/msg00004.html
Fixes
xen-unstable.hg: 26231:b406e395995f
xen-4.2-testing.hg: 25935:83ab3cd0f8e4
xen-4.1-testing.hg: 23419:f81286b3be32

XSA 30 Broken error handling in guest_physmap_mark_populate_on_demand()

Date
3 December 2012 (public disclosure)
References
CVE-2012-5514
Advisory
http://lists.xen.org/archives/html/xen-announce/2012-12/msg00005.html
Fixes
xen-unstable.hg: 26232:ddf4ead1afda
xen-4.2-testing.hg: 25936:09a48c5da636
xen-4.1-testing.hg: 23420:cadc212c8ef3

XSA 31 Several memory hypercall operations allow invalid extent order values

Date
3 December 2012 (public disclosure)
References
CVE-2012-5515
Advisory
http://lists.xen.org/archives/html/xen-announce/2012-12/msg00001.html
Fixes
xen-unstable.hg: 26233:f2c836302c0f
xen-4.2-testing.hg: 25937:2c3f00c5189b
xen-4.1-testing.hg: 23421:a8a9e1c126ea

XSA 32 several hypercalls do not validate input GFNs

Date
3 December 2012 (public disclosure)
References
CVE-2012-5525
Advisory
http://lists.xen.org/archives/html/xen-announce/2012-12/msg00002.html
Fixes
xen-unstable.hg: 26234:bc624b00d6d6
xen-4.2-testing.hg: 25938:b306bce61341
xen-4.1-testing.hg: Not vulnerable

XSA 33 VT-d interrupt remapping source validation flaw

Date
9 January 2013 (public release)
References
CVE-2012-5634
Advisory
http://lists.xen.org/archives/html/xen-announce/2013-01/msg00001.html
Fixes
xen-unstable.hg: 26340:19fd1237ff0d
xen-4.2-testing.hg: 25967:2fff08507add
xen-4.1-testing.hg: 23441:2a91623a5807

XSA 34 nested virtualization on 32-bit exposes host crash

Date
22 January 2013 (public release)
References
CVE-2013-0151
Advisory
http://lists.xen.org/archives/html/xen-announce/2013-01/msg00008.html
Fixes
xen-unstable.hg: Not vulnerable
xen-4.2-testing.hg: 25972:fef7ef92f08e

XSA 35 Nested HVM exposes host to being driven out of memory by guest

Date
22 January 2013 (public release)
References
CVE-2013-0152
Advisory
http://lists.xen.org/archives/html/xen-announce/2013-01/msg00009.html
Fixes
xen-unstable.hg: 26444:621b1a889e9b
xen-4.2-testing.hg: 25973:7c04074a0a0f

XSA 36 interrupt remap entries shared and old ones not cleared on AMD IOMMUs

Date
5 February 2013
References
CVE-2013-0153
Advisory
http://lists.xen.org/archives/html/xen-announce/2013-02/msg00006.html
Fixes
xen-unstable.hg: 26516:32d4516a97f0 26517:601139e2b0db 26518:e379a23b0465 26519:1af531e7bc2f 26531:e68f14b9e739
xen-4.2-testing.hg: 25974:f3725a1da193 25975:7b294324e98e 25976:43308c02c07d 25977:b8a523d9f14c 25977:b8a523d9f14c 25990:6a03b38b9cd6
xen-4.1-testing.hg: 23448:dd6694df1a31 23449:cac6ae5e5dc6 23450:5c0fe82d6060 23451:e5ed73d172eb 23458:4d522221fa77

XSA 37 Hypervisor crash due to incorrect ASSERT (debug build only)

Date
4 January 2013
References
CVE-2013-0154
Advisory
http://lists.xen.org/archives/html/xen-announce/2013-01/msg00000.html
Fixes
xen-unstable.hg: 26333:e1facbde56ff
xen-4.2-testing.hg: 25960:7dad27b2bcc7
xen-4.1-testing.hg: Not vulnerable


XSA 38 oxenstored incorrect handling of certain Xenbus ring states

Date
5 February 2013
References
CVE-2013-0215
Advisory
http://lists.xen.org/archives/html/xen-announce/2013-02/msg00005.html
Fixes
xen-unstable.hg: 26521:2c0fd406f02c 26522:ffd30e7388ad 26539:759574df84a6
xen-4.2-testing.hg: 25979:c713f1f7d3c1 25978:b150d8787a05 25989:b40c7b690275
xen-4.1-testing.hg: 23452:47c7b8531923 23453:130446135528 23457:8792a805cc9a


XSA 39 Linux netback DoS via malicious guest ring.

Date
5 February 2013
References
CVE-2013-0216
CVE-2013-0217
Advisory
http://lists.xen.org/archives/html/xen-announce/2013-02/msg00001.html
Fixes
linux: 48856286b64e4b66ec62b94e504d0b29c1ade664 7d5145d8eb2b9791533ffe4dc003b129b9696c48 4cc7c1cb7b11b6f3515bd9075527576a1eecc4aa b9149729ebdcfce63f853aa54a404c6a8f6ebbf3

XSA 40 Linux stack corruption in xen_failsafe_callback for 32bit PVOPS guests.

Date
16 January 2013
References
CVE-2013-0190
Advisory
http://lists.xen.org/archives/html/xen-announce/2013-01/msg00002.html
Fixes
linux: 9174adbee4a9a49d0139f5d71969852b36720809

XSA 41 qemu (e1000 device driver): Buffer overflow when processing large packets

Date
16 January 2013
References
CVE-2012-6075
Advisory
http://lists.xen.org/archives/html/xen-announce/2013-01/msg00006.html
Fixes
qemu: b0d9ffcd0251161c7c92f94804dcf599dfa3edeb 2c0331f4f7d241995452b99afaf0aab00493334a

XSA 42 Linux kernel hits general protection if %ds is corrupt for 32-bit PVOPS.

Date
13 February 2013
References
CVE-2013-0228
Advisory
http://lists.xen.org/archives/html/xen-announce/2013-02/msg00004.html
Fixes
linux: 13d2b4d11d69a92574a55bfd985cfb0ca77aebdc

XSA 43 Linux pciback DoS via not rate limited log messages.

Date
5 February 2013
References
CVE-2013-0231
Advisory
http://lists.xen.org/archives/html/xen-announce/2013-02/msg00003.html
Fixes
linux: 51ac8893a7a51b196501164e645583bf78138699

XSA 44 Xen PV DoS vulnerability with SYSENTER

Date
18 April 2013
References
CVE-2013-1917
Advisory
http://lists.xen.org/archives/html/xen-announce/2013-04/msg00005.html
Fixes
xen unstable: fdac9515607b757c044e7ef0d61b1453ef999b08
xen 4.2: 68a30a91bad2d4ff1f7c0d4302ec1060d573f6da
xen 4.1: 584eb7c15e4c94baaba93468776572dd7373a33c

XSA 45 Several long latency operations are not preemptible

Date
2 May 2013
References
CVE-2013-1918
Advisory
http://lists.xen.org/archives/html/xen-announce/2013-05/msg00000.html
Fixes
xen unstable: 6cdc9be e2e6b7b 918a5f1 4939f9a 99d2b14 a3e049f b8efae6 f2ddd52
xen 4.2: f8bdc88 a8f6949 f1d1abc f26f9b2 dba35fa 3e5c1c0 a4b2683
xen 4.1: 7a93b9a 06a68a0 210e61b c6fad96 02615aa 09f9f72 8eb2e89

XSA 46 Several access permission issues with IRQs for unprivileged guests

Date
18 April 2013
References
CVE-2013-1919
Advisory
http://lists.xen.org/archives/html/xen-announce/2013-04/msg00003.html
Fixes
xen unstable: 545607e
xen 4.2: e414c40
xen 4.1: d3d1288

XSA 47 Potential use of freed memory in event channel operations

Date
4 April 2013
References
CVE-2013-1920
Advisory
http://lists.xen.org/archives/html/xen-announce/2013-04/msg00000.html
Fixes
xen unstable: 99b9ab0
xen 4.2: 2bebeac
xen 4.1: b10b4af

XSA 48 qemu-nbd format-guessing due to missing format specification

Date
15 April 2013
References
CVE-2013-1922
Advisory
http://lists.xen.org/archives/html/xen-announce/2013-04/msg00001.html
Fixes
qemu: e6b636779b51c97e67694be740ee972c52460c59

XSA 49 VT-d interrupt remapping source validation flaw for bridges

Date
2 May 2013
References
CVE-2013-1952
Advisory
http://lists.xen.org/archives/html/xen-announce/2013-05/msg00001.html
Fixes
xen unstable: 63cec00
xen 4.2: 5f34d2f
xen 4.1: 4c45d2d

XSA 50 grant table hypercall acquire/release imbalance

Date
18 April 2013
References
CVE-2013-1964
Advisory
http://lists.xen.org/archives/html/xen-announce/2013-04/msg00006.html
Fixes
xen 4.1: a12ed39

XSA 51 qemu guest agent (qga) insecure file permissions

Date
6 May 2013
References
CVE-2013-2007
Advisory
http://lists.xen.org/archives/html/xen-announce/2013-05/msg00002.html
Fixes
qemu: c689b4f1bac352dcfd6ecb9a1d45337de0f1de67

XSA 52 Information leak on XSAVE/XRSTOR capable AMD CPUs

Date
3 June 2013
References
CVE-2013-2076
Advisory
http://lists.xen.org/archives/html/xen-announce/2013-06/msg00002.html
Fixes
xen unstable: 8dcf9f0113454f233089e8e5bb3970d891928410
xen 4.2: 16b0db2eeef6491fee4277b030c84678b1579863
xen 4.1: c3401c1aece47dc5388184c9b6a3527655d5bbdf

XSA 53 Hypervisor crash due to missing exception recovery on XRSTOR

Date
3 June 2013
References
CVE-2013-2077
Advisory
http://lists.xen.org/archives/html/xen-announce/2013-06/msg00002.html
Fixes
xen unstable: c6ae65db36b98f2866f74a9a7ae6ac5d51fedc67
xen 4.2: 93113dbc332b7befc334a1496bf6b6a325264d51
xen 4.1: 5849504a03725f553195c8d80b0d595ef8334e2a

XSA 54 Hypervisor crash due to missing exception recovery on XSETBV

Date
3 June 2013
References
CVE-2013-2078
Advisory
http://lists.xen.org/archives/html/xen-announce/2013-06/msg00000.html
Fixes
xen unstable: 365c95f7de789e1dca03f119eab7dc61fe0f77c9
xen 4.2: 9c28f338208bdc3f8f03934f58aabf2724c42cdb
xen 4.1: 13e00caf1a01a4eb99f2269be6ce12a3a4703178

XSA 55 Multiple vulnerabilities in libelf PV kernel handling

Date
7 June 2013
References
Advisory
http://lists.xen.org/archives/html/xen-announce/2013-06/msg00003.html
Fixes
Work is ongoing to resolve this issue. See http://lists.xen.org/archives/html/xen-devel/

XSA 56 Buffer overflow in xencontrol Python bindings affecting xend

Date
17 May 2013
References
CVE-2013-2072
Advisory
http://lists.xen.org/archives/html/xen-announce/2013-05/msg00004.html
Fixes
xen unstable: 41abbadef60e5fccdfd688579dd458f7f7887cf5
xen 4.2: 34e2c78baa7eff6369595adc7e51e70a4a0c8727
xen 4.1: 8dd9cde5d454e4cee55d0202abfd52ceeff1cd94