Several vulnerabilities were discovered in Xen, a hypervisor. CVE-2012-0217 Xen does not properly handle uncanonical return addresses on Intel amd64 CPUs, allowing amd64 PV guests to elevate to hypervisor privileges. AMD processors, HVM and i386 guests are not affected. CVE-2012-0218 Xen does not properly handle SYSCALL and SYSENTER instructions in PV guests, allowing unprivileged users inside a guest system to crash the guest system. CVE-2012-2934 Xen does not detect old AMD CPUs affected by AMD Erratum #121. For CVE-2012-2934, Xen refuses to start domUs on affected systems unless the allow_unsafe option is passed. For the stable distribution (squeeze), these problems have been fixed in version 4.0.1-5.2. For the testing distribution (wheezy) and the unstable distribution (sid), these problems have been fixed in version 4.1.3~rc1+hg-20120614.a9c0a89c08f2-1. We recommend that you upgrade your xen packages.
Several vulnerabilities were discovered in Xen, a hypervisor.
Xen does not properly handle uncanonical return addresses on Intel amd64 CPUs, allowing amd64 PV guests to elevate to hypervisor privileges. AMD processors, HVM and i386 guests are not affected.
Xen does not properly handle SYSCALL and SYSENTER instructions in PV guests, allowing unprivileged users inside a guest system to crash the guest system.
Xen does not detect old AMD CPUs affected by AMD Erratum #121.
For CVE-2012-2934,
Xen refuses to start domUs on affected systems
unless the allow_unsafe
option is passed.
For the stable distribution (squeeze), these problems have been fixed in version 4.0.1-5.2.
For the testing distribution (wheezy) and the unstable distribution (sid), these problems have been fixed in version 4.1.3~rc1+hg-20120614.a9c0a89c08f2-1.
We recommend that you upgrade your xen packages.
Vulmon