Displaying 2 results from an estimated 2 matches for "xsa133".
Did you mean:
ata133
2015 May 13
0
Xen Security Advisory 133 (CVE-2015-3456) - Privilege escalation via emulated floppy disk drive
...e service domain.
qemu-dm stubdomains are only available with the traditional "qemu-xen"
version.
CREDITS
=======
This issue was discovered by Jason Geffner, Senior Security Researcher
at CrowdStrike.
RESOLUTION
==========
Applying the appropriate attached patch resolves this issue.
xsa133-qemuu.patch qemu-upstream-unstable, Xen 4.5.x, Xen 4.4.x
xsa133-qemuu-4.3-4.2.patch qemu-upstream-unstable, Xen 4.3.x, Xen 4.2.x
xsa133-qemut.patch qemu-xen-unstable, Xen 4.5.x, Xen 4.4.x,
Xen 4.3.x, Xen 4.2.x
$ sha256sum xsa133*.patch
e7ca0106a9d4bfe472b3b52bbed8646b47305634...
2015 May 15
2
CVE-2015-3456 / XSA-133 / "Venom" @ Debian Xen
...ian Changelog [2] 4.4.1-9 appeared
in Debian before XSA-133 was published and
xen_4.4.1-9.debian.tar.xz [3] does not seem to contain
any XSA-133 patch. Could you elaborate why 4.4.1-9 is not affected?
* [1] also says that latest 4.1.4-3+deb7u5 of wheezy security
is vulnerable. Patch xsa133-qemut.patch (with "t") [4] seems to
apply cleanly. Are there plans to roll an update for wheezy
security?
Best,
Sebastian
[1] https://security-tracker.debian.org/tracker/CVE-2015-3456
[2]
http://metadata.ftp-master.debian.org/changelogs//main/x/xen/xen_4.4.1-9_changelog
[3] h...