Dva nedostatka paketa Xen

U radu programskog paketa Xen uočena su dva sigurnosna nedostatka koja napadaču omogućuju stjecanje povećanih ovlasti i izvođenje DoS napada.

Paket:	xen 3.x
Operacijski sustavi:	SUSE Linux Enterprise Desktop 10, SUSE Linux Enterprise Server (SLES) 10
Kritičnost:	6.4
Problem:	pogreška u programskoj komponenti
Iskorištavanje:	lokalno/udaljeno
Posljedica:	dobivanje većih privilegija, uskraćivanje usluga (DoS)
Rješenje:	programska zakrpa proizvođača
CVE:	CVE-2011-1936, CVE-2011-1898
Izvorni ID preporuke:	SUSE-SU-2011:0925-1
Izvor:	SUSE

Problem:
Nedostaci su posljedica pogrešaka u Intel VT-d chipset-ima, odnosno nepravilnosti u rukovanju CPUID instrukcijama.
Posljedica:
Napadaču omogućuju izvođenje napada uskraćivanja usluge i povećanje ovlasti na ranjivom sustavu.
Rješenje:
Korisnicima se preporuča instalacija nadogradnje.

Izvorni tekst preporuke

   SUSE Security Update: Security update for Xen
______________________________________________________________________________

Announcement ID:    SUSE-SU-2011:0925-1
Rating:             important
References:         #704380 
Cross-References:   CVE-2011-1936
Affected Products:
                    SUSE Linux Enterprise Server 10 SP4
                    SUSE Linux Enterprise Desktop 10 SP4
                    SLE SDK 10 SP4
______________________________________________________________________________

   An update that fixes one vulnerability is now available.

Description:


   A security bug was fixed in Xen

   * CVE-2011-1936 A bug was found in the way Xen handles
   CPUID instruction emulation during VM exits. An
   unprivileged guest user can potentially use this flaw to
   crash the guest.

   This issue only affected systems running on x86
   architecture with Intel  processor and VMX virtualization
   extension enabled.

   Security Issue references:

   * CVE-2011-1898
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1898
   >
   * CVE-2011-1936
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1936
   >

Indications:

   Please install this update.


Package List:

   - SUSE Linux Enterprise Server 10 SP4 (i586 x86_64):

      xen-3.2.3_17040_37-0.7.1
      xen-devel-3.2.3_17040_37-0.7.1
      xen-doc-html-3.2.3_17040_37-0.7.1
      xen-doc-pdf-3.2.3_17040_37-0.7.1
      xen-doc-ps-3.2.3_17040_37-0.7.1
      xen-kmp-debug-3.2.3_17040_37_2.6.16.60_0.87.9-0.7.1
      xen-kmp-default-3.2.3_17040_37_2.6.16.60_0.87.9-0.7.1
      xen-kmp-kdump-3.2.3_17040_37_2.6.16.60_0.87.9-0.7.1
      xen-kmp-smp-3.2.3_17040_37_2.6.16.60_0.87.9-0.7.1
      xen-libs-3.2.3_17040_37-0.7.1
      xen-tools-3.2.3_17040_37-0.7.1
      xen-tools-domU-3.2.3_17040_37-0.7.1
      xen-tools-ioemu-3.2.3_17040_37-0.7.1

   - SUSE Linux Enterprise Server 10 SP4 (x86_64):

      xen-libs-32bit-3.2.3_17040_37-0.7.1

   - SUSE Linux Enterprise Server 10 SP4 (i586):

      xen-kmp-bigsmp-3.2.3_17040_37_2.6.16.60_0.87.9-0.7.1
      xen-kmp-kdumppae-3.2.3_17040_37_2.6.16.60_0.87.9-0.7.1
      xen-kmp-vmi-3.2.3_17040_37_2.6.16.60_0.87.9-0.7.1
      xen-kmp-vmipae-3.2.3_17040_37_2.6.16.60_0.87.9-0.7.1

   - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64):

      xen-3.2.3_17040_37-0.7.1
      xen-devel-3.2.3_17040_37-0.7.1
      xen-doc-html-3.2.3_17040_37-0.7.1
      xen-doc-pdf-3.2.3_17040_37-0.7.1
      xen-doc-ps-3.2.3_17040_37-0.7.1
      xen-kmp-default-3.2.3_17040_37_2.6.16.60_0.87.9-0.7.1
      xen-kmp-smp-3.2.3_17040_37_2.6.16.60_0.87.9-0.7.1
      xen-libs-3.2.3_17040_37-0.7.1
      xen-tools-3.2.3_17040_37-0.7.1
      xen-tools-domU-3.2.3_17040_37-0.7.1
      xen-tools-ioemu-3.2.3_17040_37-0.7.1

   - SUSE Linux Enterprise Desktop 10 SP4 (x86_64):

      xen-libs-32bit-3.2.3_17040_37-0.7.1

   - SUSE Linux Enterprise Desktop 10 SP4 (i586):

      xen-kmp-bigsmp-3.2.3_17040_37_2.6.16.60_0.87.9-0.7.1

   - SLE SDK 10 SP4 (i586 x86_64):

      xen-3.2.3_17040_37-0.7.1
      xen-devel-3.2.3_17040_37-0.7.1
      xen-kmp-debug-3.2.3_17040_37_2.6.16.60_0.87.9-0.7.1
      xen-kmp-kdump-3.2.3_17040_37_2.6.16.60_0.87.9-0.7.1
      xen-libs-3.2.3_17040_37-0.7.1
      xen-tools-3.2.3_17040_37-0.7.1
      xen-tools-ioemu-3.2.3_17040_37-0.7.1

   - SLE SDK 10 SP4 (x86_64):

      xen-libs-32bit-3.2.3_17040_37-0.7.1


References:

   http://support.novell.com/security/cve/CVE-2011-1936.html
   https://bugzilla.novell.com/704380
  
http://download.novell.com/patch/finder/?keywords=ca3da7c0b116523580ed11bcec4992da

-- 
To unsubscribe, e-mail: Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
For additional commands, e-mail: Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.

Dva nedostatka paketa Xen

Tražilica portala

Aktivnosti

O CIS-u

Posljednje vijesti

Posljednji dokumenti

Dva nedostatka paketa Xen

Tražilica portala

Aktivnosti

O CIS-u

Posljednje sigurnosne preporuke

Posljednje vijesti

Popularni članci

Posljednji dokumenti