Xen Hypervisor Multiple Vulnerabilities Advisory (CVE-2011-3131/XSA Series)

Critical Vulnerability Information DSA: DSA 2582-1 Package: xen Vulnerability: Multiple denial of service vulnerabilities in the xen hypervisor CVE IDs: - CVE-2011-3131 (XSA 5) - CVE-2012-4535 (XSA 20) - CVE-2012-4537 (XSA 22) - CVE-2012-4538 (XSA 23) - CVE-2012-4539 (XSA 24) - CVE-2012-5510 (XSA 26) - CVE-2012-5513 (XSA 29) - CVE-2012-5514 (XSA 30) - CVE-2012-5515 (XSA 31) Debian Bug: None specified Vulnerabilities Details CVE-2011-3131 (XSA 5): DoS using I/O/MMU faults from PCI passthrough guest CVE-2012-4535 (XSA 20): Timer overflow DoS vulnerability CVE-2012-4537 (XSA 22): Memory mapping failure DoS vulnerability CVE-2012-4538 (XSA 23): Unhooking empty PAE entries DoS vulnerability CVE-2012-4539 (XSA 24): Grant table hypercall infinite loop DoS vulnerability CVE-2012-5510 (XSA 26): Grant table version switch list corruption vulnerability CVE-2012-5513 (XSA 29): XENMEM_exchange may overwrite hypervisor memory CVE-2012-5514 (XSA 30): Broken error handling in guest_physmap_mark_populate_on_demand() CVE-2012-5515 (XSA 31): Several memory hypercall operations allow invalid extent order values Related Security Advisories Xen Security Advisories XSA 25 and 28 are not fixed by this update. Recommended Actions Upgrade xen packages to: - Stable distribution (squeeze): version 4.0.1-5.5 - Testing distribution (wheezy): version 4.1.3-6 - Unstable distribution (sid): version 4.1.3-6

Goal Reached Thanks to every supporter — we hit 100%!

Xen Hypervisor Multiple Vulnerabilities Advisory (CVE-2011-3131/XSA Series)