1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
|
Candidate: CVE-2011-1583
PublicDate: 2011-08-12
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1583
http://lists.xensource.com/archives/html/xen-devel/2011-05/msg00483.html
Description:
Multiple integer overflows in tools/libxc/xc_dom_bzimageloader.c in Xen
3.2, 3.3, 4.0, and 4.1 allow local users to cause a denial of service and
possibly execute arbitrary code via a crafted paravirtualised guest kernel
image that triggers (1) a buffer overflow during a decompression loop or
(2) an out-of-bounds read in the loader involving unspecified length
fields.
Ubuntu-Description:
Notes:
kees> for full-virtualization issues, add qemu (and kvm)
Bugs:
Priority: medium
Discovered-by:
Assigned-to: mdeslaur
Patches_xen-3.1:
Tags_xen-3.1: universe-binary
upstream_xen-3.1: needs-triage
hardy_xen-3.1: ignored (reached end-of-life)
lucid_xen-3.1: DNE
maverick_xen-3.1: DNE
natty_xen-3.1: DNE
oneiric_xen-3.1: DNE
precise_xen-3.1: DNE
quantal_xen-3.1: DNE
raring_xen-3.1: DNE
saucy_xen-3.1: DNE
devel_xen-3.1: DNE
Patches_xen-3.2:
Tags_xen-3.2: universe-binary
upstream_xen-3.2: needs-triage
hardy_xen-3.2: ignored (reached end-of-life)
lucid_xen-3.2: DNE
maverick_xen-3.2: DNE
natty_xen-3.2: DNE
oneiric_xen-3.2: DNE
precise_xen-3.2: DNE
quantal_xen-3.2: DNE
raring_xen-3.2: DNE
saucy_xen-3.2: DNE
devel_xen-3.2: DNE
Patches_xen-3.3:
Tags_xen-3.3: universe-binary
upstream_xen-3.3: needs-triage
hardy_xen-3.3: DNE
lucid_xen-3.3: ignored (reached end-of-life)
maverick_xen-3.3: ignored (reached end-of-life)
natty_xen-3.3: ignored (reached end-of-life)
oneiric_xen-3.3: DNE
precise_xen-3.3: DNE
quantal_xen-3.3: DNE
raring_xen-3.3: DNE
saucy_xen-3.3: DNE
devel_xen-3.3: DNE
Patches_xen:
vendor: http://www.debian.org/security/2011/dsa-2337
upstream_xen: released (4.1.1-1)
hardy_xen: DNE
lucid_xen: DNE
maverick_xen: DNE
natty_xen: DNE
oneiric_xen: not-affected (4.1.1-2ubuntu4.1)
precise_xen: not-affected
quantal_xen: not-affected
raring_xen: not-affected
saucy_xen: not-affected
devel_xen: not-affected
|