Multiple security issues have been found in the Xen virtualisation
solution:
- CVE-2015-3209
Matt Tait discovered a flaw in the way QEMU’s AMD PCnet Ethernet
emulation handles multi-TMD packets with a length above 4096 bytes.
A privileged guest user in a guest with an AMD PCNet ethernet card
enabled can potentially use this flaw to execute arbitrary code on
the host with the privileges of the hosting QEMU process.
- CVE-2015-4103
Jan Beulich discovered that the QEMU Xen code does not properly
restrict write access to the host MSI message data field, allowing
a malicious guest to cause a denial of service.
- CVE-2015-4104
Jan Beulich discovered that the QEMU Xen code does not properly
restrict access to PCI MSI mask bits, allowing a malicious guest to
cause a denial of service.
- CVE-2015-4105
Jan Beulich reported that the QEMU Xen code enables logging for PCI
MSI-X pass-through error messages, allowing a malicious guest to
cause a denial of service.
- CVE-2015-4106
Jan Beulich discovered that the QEMU Xen code does not properly restrict
write access to the PCI config space for certain PCI pass-through devices,
allowing a malicious guest to cause a denial of service, obtain sensitive
information or potentially execute arbitrary code.
- CVE-2015-4163
Jan Beulich discovered that a missing version check in the
GNTTABOP_swap_grant_ref hypercall handler may result in denial of service.
This only applies to Debian stable/jessie.
- CVE-2015-4164
Andrew Cooper discovered a vulnerability in the iret hypercall handler,
which may result in denial of service.
For the oldstable distribution (wheezy), these problems have been fixed
in version 4.1.4-3+deb7u8.
For the stable distribution (jessie), these problems have been fixed in
version 4.4.1-9+deb8u1. CVE-2015-3209, CVE-2015-4103, CVE-2015-4104,
CVE-2015-4105 and CVE-2015-4106 don’t affect the Xen package in stable
jessie, it uses the standard qemu package and has already been fixed in
DSA-3284-1.
For the unstable distribution (sid), these problems will be fixed soon.
We recommend that you upgrade your xen packages.