Arno Töll
2012-Jun-12 12:54 UTC
[Pkg-xen-devel] Bug#677221: xen: Xen PV privilege escalation (CVE-2012-0217)
Source: xen Version: 4.1.2-2 Severity: critical Tags: security Justification: allows PV domains to escape into the dom0 context Hi, I realize you're most likely pretty well aware of that problem already, but Debian's Xen versions are vulnerable to a PV privilege escalation [1]. The issue is tracked as CVE-2012-0217 and public as of today. Therefore I am filing this bug for coordination and traceability. Please update the packages and consider a security update for Squeeze. [1] http://lists.xen.org/archives/html/xen-devel/2012-06/msg00670.html -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 3.3.0-trunk-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash
Bastian Blank
2012-Jun-12 20:22 UTC
[Pkg-xen-devel] Bug#677221: Bug#677221: xen: Xen PV privilege escalation (CVE-2012-0217)
found 677221 4.0.1-1 fixed 677221 4.0.1-5 severity 677221 grave thanks On Tue, Jun 12, 2012 at 02:54:35PM +0200, Arno T?ll wrote:> I realize you're most likely pretty well aware of that problem already, but > Debian's Xen versions are vulnerable to a PV privilege escalation [1]. The issue > is tracked as CVE-2012-0217 and public as of today.Fix pending for stable. Bastian -- ... The prejudices people feel about each other disappear when they get to know each other. -- Kirk, "Elaan of Troyius", stardate 4372.5
Debian Bug Tracking System
2012-Jun-14 15:51 UTC
[Pkg-xen-devel] Bug#677221: marked as done (xen: Xen PV privilege escalation (CVE-2012-0217))
Your message dated Thu, 14 Jun 2012 15:48:51 +0000 with message-id <E1SfCHz-00087Z-Hk at franck.debian.org> and subject line Bug#677221: fixed in xen 4.1.3~rc1+hg-20120614.a9c0a89c08f2-1 has caused the Debian Bug report #677221, regarding xen: Xen PV privilege escalation (CVE-2012-0217) to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner at bugs.debian.org immediately.) -- 677221: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677221 Debian Bug Tracking System Contact owner at bugs.debian.org with problems -------------- next part -------------- An embedded message was scrubbed... From: =?utf-8?q?Arno_T=C3=B6ll?= <arno at debian.org> Subject: xen: Xen PV privilege escalation (CVE-2012-0217) Date: Tue, 12 Jun 2012 14:54:35 +0200 Size: 2428 URL: <http://lists.alioth.debian.org/pipermail/pkg-xen-devel/attachments/20120614/cfe3b43e/attachment-0002.mht> -------------- next part -------------- An embedded message was scrubbed... From: Bastian Blank <waldi at debian.org> Subject: Bug#677221: fixed in xen 4.1.3~rc1+hg-20120614.a9c0a89c08f2-1 Date: Thu, 14 Jun 2012 15:48:51 +0000 Size: 11241 URL: <http://lists.alioth.debian.org/pipermail/pkg-xen-devel/attachments/20120614/cfe3b43e/attachment-0003.mht>