Debian Package Tracker

general

source: xen (main)
version: 4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u9
maintainer: Debian Xen Team (archive) [DMD]
uploaders: Bastian Blank [DMD] – Guido Trotter [DMD] – Ian Jackson [DMD]
arch: all amd64 arm64 armhf i386
std-ver: 3.9.4
VCS: unknown

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 4.1.4-3+deb7u9
o-o-sec: 4.1.6.lts1-14
oldstable: 4.4.1-9+deb8u10
old-sec: 4.4.1-9+deb8u10
stable: 4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u9
stable-sec: 4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u9
testing: 4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u9
unstable: 4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u9

versioned links

4.1.4-3+deb7u9: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
4.1.6.lts1-14: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
4.4.1-9+deb8u10: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u9: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libxen-4.8
libxen-dev
libxenstore3.0
xen-hypervisor-4.8-amd64
xen-hypervisor-4.8-arm64
xen-hypervisor-4.8-armhf
xen-system-amd64
xen-system-arm64
xen-system-armhf
xen-utils-4.8
xen-utils-common
xenstore-utils

action needed

38 security issues in jessie high

There are 38 open security issues in jessie.

30 important issues:

CVE-2017-15592: An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS users to cause a denial of service (hypervisor crash) or possibly gain privileges because self-linear shadow mappings are mishandled for translated guests.
CVE-2017-17566: An issue was discovered in Xen through 4.9.x allowing PV guest OS users to cause a denial of service (host OS crash) or gain host OS privileges in shadow mode by mapping a certain auxiliary page.
CVE-2018-7541: An issue was discovered in Xen through 4.10.x allowing guest OS users to cause a denial of service (hypervisor crash) or gain privileges by triggering a grant-table transition from v2 to v1.
CVE-2017-15595: An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to cause a denial of service (unbounded recursion, stack consumption, and hypervisor crash) or possibly gain privileges via crafted page-table stacking.
CVE-2017-17563: An issue was discovered in Xen through 4.9.x allowing guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging an incorrect mask for reference-count overflow checking in shadow mode.
CVE-2017-15590: An issue was discovered in Xen through 4.9.x allowing x86 guest OS users to cause a denial of service (hypervisor crash) or possibly gain privileges because MSI mapping was mishandled.
CVE-2017-17044: An issue was discovered in Xen through 4.9.x allowing HVM guest OS users to cause a denial of service (infinite loop and host OS hang) by leveraging the mishandling of Populate on Demand (PoD) errors.
CVE-2018-10472: An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users (in certain configurations) to read arbitrary dom0 files via QMP live insertion of a CDROM, in conjunction with specifying the target file as the backing file of a snapshot.
CVE-2018-7540: An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS users to cause a denial of service (host OS CPU hang) via non-preemptable L3/L4 pagetable freeing.
CVE-2017-15597: An issue was discovered in Xen through 4.9.x. Grant copying code made an implication that any grant pin would be accompanied by a suitable page reference. Other portions of code, however, did not match up with that assumption. When such a grant copy operation is being done on a grant of a dying domain, the assumption turns out wrong. A malicious guest administrator can cause hypervisor memory corruption, most likely resulting in host crash and a Denial of Service. Privilege escalation and information leaks cannot be ruled out.
CVE-2017-15588: An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to execute arbitrary code on the host OS because of a race condition that can cause a stale TLB entry.
CVE-2017-14317: A domain cleanup issue was discovered in the C xenstore daemon (aka cxenstored) in Xen through 4.9.x. When shutting down a VM with a stubdomain, a race in cxenstored may cause a double-free. The xenstored daemon may crash, resulting in a DoS of any parts of the system relying on it (including domain creation / destruction, ballooning, device changes, etc.).
CVE-2017-17564: An issue was discovered in Xen through 4.9.x allowing guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging incorrect error handling for reference counting in shadow mode.
CVE-2017-14319: A grant unmapping issue was discovered in Xen through 4.9.x. When removing or replacing a grant mapping, the x86 PV specific path needs to make sure page table entries remain in sync with other accounting done. Although the identity of the page frame was validated correctly, neither the presence of the mapping nor page writability were taken into account.
CVE-2018-8897: A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs.
CVE-2018-10982: An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users to cause a denial of service (unexpectedly high interrupt number, array overrun, and hypervisor crash) or possibly gain hypervisor privileges by setting up an HPET timer to deliver interrupts in IO-APIC mode, aka vHPET interrupt injection.
CVE-2018-3639: Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.
CVE-2017-15594: An issue was discovered in Xen through 4.9.x allowing x86 SVM PV guest OS users to cause a denial of service (hypervisor crash) or gain privileges because IDT settings are mishandled during CPU hotplugging.
CVE-2018-10471: An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS users to cause a denial of service (out-of-bounds zero write and hypervisor crash) via unexpected INT 80 processing, because of an incorrect fix for CVE-2017-5754.
CVE-2018-10981: An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users to cause a denial of service (host OS infinite loop) in situations where a QEMU device model attempts to make invalid transitions between states of a request.
CVE-2017-15589: An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS users to obtain sensitive information from the host OS (or an arbitrary guest OS) because intercepted I/O operations can cause a write of data from uninitialized hypervisor stack memory.
CVE-2017-14316: A parameter verification issue was discovered in Xen through 4.9.x. The function `alloc_heap_pages` allows callers to specify the first NUMA node that should be used for allocations through the `memflags` parameter; the node is extracted using the `MEMF_get_node` macro. While the function checks to see if the special constant `NUMA_NO_NODE` is specified, it otherwise does not handle the case where `node >= MAX_NUMNODES`. This allows an out-of-bounds access to an internal array.
CVE-2017-15593: An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to cause a denial of service (memory leak) because reference counts are mishandled.
CVE-2018-12891: An issue was discovered in Xen through 4.10.x. Certain PV MMU operations may take a long time to process. For that reason Xen explicitly checks for the need to preempt the current vCPU at certain points. A few rarely taken code paths did bypass such checks. By suitably enforcing the conditions through its own page table contents, a malicious guest may cause such bypasses to be used for an unbounded number of iterations. A malicious or buggy PV guest may cause a Denial of Service (DoS) affecting the entire host. Specifically, it may prevent use of a physical CPU for an indeterminate period of time. All Xen versions from 3.4 onwards are vulnerable. Xen versions 3.3 and earlier are vulnerable to an even wider class of attacks, due to them lacking preemption checks altogether in the affected code paths. Only x86 systems are affected. ARM systems are not affected. Only multi-vCPU x86 PV guests can leverage the vulnerability. x86 HVM or PVH guests as well as x86 single-vCPU PV ones cannot leverage the vulnerability.
CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel.
CVE-2017-17045: An issue was discovered in Xen through 4.9.x allowing HVM guest OS users to gain privileges on the host OS, obtain sensitive information, or cause a denial of service (BUG and host OS crash) by leveraging the mishandling of Populate on Demand (PoD) Physical-to-Machine (P2M) errors.
CVE-2018-12892: An issue was discovered in Xen 4.7 through 4.10.x. libxl fails to pass the readonly flag to qemu when setting up a SCSI disk, due to what was probably an erroneous merge conflict resolution. Malicious guest administrators or (in some situations) users may be able to write to supposedly read-only disk images. Only emulated SCSI disks (specified as "sd" in the libxl disk configuration, or an equivalent) are affected. IDE disks ("hd") are not affected (because attempts to make them readonly are rejected). Additionally, CDROM devices (that is, devices specified to be presented to the guest as CDROMs, regardless of the nature of the backing storage on the host) are not affected; they are always read only. Only systems using qemu-xen (rather than qemu-xen-traditional) as the device model version are vulnerable. Only systems using libxl or libxl-based toolstacks are vulnerable. (This includes xl, and libvirt with the libxl driver.) The vulnerability is present in Xen versions 4.7 and later. (In earlier versions, provided that the patch for XSA-142 has been applied, attempts to create read only disks are rejected.) If the host and guest together usually support PVHVM, the issue is exploitable only if the malicious guest administrator has control of the guest kernel or guest kernel command line.
CVE-2018-12893: An issue was discovered in Xen through 4.10.x. One of the fixes in XSA-260 added some safety checks to help prevent Xen livelocking with debug exceptions. Unfortunately, due to an oversight, at least one of these safety checks can be triggered by a guest. A malicious PV guest can crash Xen, leading to a Denial of Service. All Xen systems which have applied the XSA-260 fix are vulnerable. Only x86 systems are vulnerable. ARM systems are not vulnerable. Only x86 PV guests can exploit the vulnerability. x86 HVM and PVH guests cannot exploit the vulnerability. An attacker needs to be able to control hardware debugging facilities to exploit the vulnerability, but such permissions are typically available to unprivileged users.
CVE-2017-17046: An issue was discovered in Xen through 4.9.x on the ARM platform allowing guest OS users to obtain sensitive information from DRAM after a reboot, because disjoint blocks, and physical addresses that do not start at zero, are mishandled.
CVE-2017-17565: An issue was discovered in Xen through 4.9.x allowing PV guest OS users to cause a denial of service (host OS crash) if shadow mode and log-dirty mode are in place, because of an incorrect assertion related to M2P.

8 issues skipped by the security teams:

CVE-2016-9816: Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving an asynchronous abort while at EL2.
CVE-2016-9818: Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving an asynchronous abort while at HYP.
CVE-2017-10919: Xen through 4.8.x mishandles virtual interrupt injection, which allows guest OS users to cause a denial of service (hypervisor crash), aka XSA-223.
CVE-2016-9817: Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving a (1) data or (2) prefetch abort with the ESR_EL2.EA bit set.
CVE-2017-14431: Memory leak in Xen 3.3 through 4.8.x allows guest OS users to cause a denial of service (ARM or x86 AMD host OS memory consumption) by continually rebooting, because certain cleanup is skipped if no pass-through device was ever assigned, aka XSA-207.
CVE-2016-4963: The libxl device-handling in Xen through 4.6.x allows local guest OS users with access to the driver domain to cause a denial of service (management tool confusion) by manipulating information in the backend directories in xenstore.
TEMP-0860565-9E8C4B:
CVE-2016-9815: Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host panic) by sending an asynchronous abort.

Please fix them.

Created: 2015-07-12 Last update: 2018-07-29 08:12

lintian reports 4 errors and 42 warnings high

Lintian reports 4 errors and 42 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2018-04-13 Last update: 2018-07-15 02:15

Standards version of the package is outdated. high

The package is severely out of date with respect to the Debian Policy. The package should be updated to follow the last version of Debian Policy (Standards-Version 4.1.4 instead of 3.9.4).

Created: 2014-08-10 Last update: 2018-06-28 01:49

Fails to build during reproducibility testing normal

A package building reproducibly enables third parties to verify that the source matches the distributed binaries. It has been identified that this source package produced different results, failed to build or had other issues in a test environment. Please read about how to improve the situation!

Created: 2016-04-06 Last update: 2018-08-14 02:32

5 bugs tagged patch in the BTS normal

The BTS contains patches fixing 5 bugs, consider including or untagging them.

Created: 2017-11-21 Last update: 2018-08-14 01:52

news

[rss feed]

[2018-07-16] xen 4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u9 MIGRATED to testing (Debian testing watch)
[2018-07-01] Accepted xen 4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u9 (all amd64 source) into proposed-updates->stable-new, proposed-updates (Ian Jackson)
[2018-06-27] Accepted xen 4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u9 (all amd64 source) into stable->embargoed, stable (Ian Jackson)
[2018-06-24] Accepted xen 4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u8 (all amd64 source) into proposed-updates->stable-new, proposed-updates (Ian Jackson)
[2018-06-20] Accepted xen 4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u8 (all amd64 source) into stable->embargoed, stable (Ian Jackson)
[2018-05-28] Accepted xen 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u7 (all amd64 source) into proposed-updates->stable-new, proposed-updates (Ian Jackson)
[2018-05-28] Accepted xen 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u6 (all amd64 source) into proposed-updates->stable-new, proposed-updates (Ian Jackson)
[2018-05-25] Accepted xen 4.1.6.lts1-14 (source all amd64) into oldoldstable (Felix Geyer)
[2018-05-25] Accepted xen 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u7 (all amd64 source) into stable->embargoed, stable (Ian Jackson)
[2018-05-15] Accepted xen 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u6 (all amd64 source) into stable->embargoed, stable (Ian Jackson)
[2018-03-12] xen 4.8.3+comet2+shim4.10.0+comet3-1+deb9u5 MIGRATED to testing (Debian testing watch)
[2018-03-05] Accepted xen 4.1.6.lts1-13 (source all amd64) into oldoldstable (Felix Geyer)
[2018-03-05] Accepted xen 4.1.6.lts1-13 (source all amd64) into oldoldstable (Felix Geyer)
[2018-03-04] Accepted xen 4.8.3+comet2+shim4.10.0+comet3-1+deb9u5 (all amd64 source) into proposed-updates->stable-new, proposed-updates (Ian Jackson)
[2018-03-04] Accepted xen 4.8.3+comet2+shim4.10.0+comet3-1+deb9u5 (all amd64 source) into stable->embargoed, stable (Ian Jackson)
[2018-02-23] Accepted xen 4.8.3+comet2+shim4.10.0+comet3-1+deb9u4.1 (all amd64 source) into proposed-updates->stable-new, proposed-updates (Ian Jackson)
[2018-02-23] Accepted xen 4.8.3+comet2+shim4.10.0+comet3-1+deb9u4 (all amd64 source) into proposed-updates->stable-new, proposed-updates (Ian Jackson)
[2018-02-06] Accepted xen 4.1.6.lts1-12 (source all amd64) into oldoldstable (Felix Geyer)
[2018-01-04] Accepted xen 4.1.6.lts1-11 (source all amd64) into oldoldstable (Felix Geyer)
[2017-12-11] xen 4.8.2+xsa245-0+deb9u1 MIGRATED to testing (Debian testing watch)
[2017-11-29] Accepted xen 4.8.2+xsa245-0+deb9u1 (all amd64 source) into proposed-updates->stable-new, proposed-updates (Ian Jackson)
[2017-11-20] Accepted xen 4.1.6.lts1-10 (source all amd64) into oldoldstable (Felix Geyer)
[2017-10-11] Accepted xen 4.1.6.lts1-9 (source all amd64) into oldoldstable (Felix Geyer)
[2017-10-09] xen 4.8.1-1+deb9u3 MIGRATED to testing (Debian testing watch)
[2017-09-23] Accepted xen 4.4.1-9+deb8u10 (source i386 all) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Ian Jackson)
[2017-09-23] Accepted xen 4.8.1-1+deb9u2 (all amd64 source) into proposed-updates->stable-new, proposed-updates (Ian Jackson)
[2017-09-23] Accepted xen 4.8.1-1+deb9u3 (all amd64 source) into proposed-updates->stable-new, proposed-updates (Ian Jackson)
[2017-06-01] Accepted xen 4.1.6.lts1-8 (source all amd64) into oldstable (Felix Geyer)
[2017-05-30] Accepted xen 4.1.6.lts1-7 (source all amd64) into oldstable (Felix Geyer)
[2017-05-27] Accepted xen 4.4.1-9+deb8u9 (all i386 source) into proposed-updates->stable-new, proposed-updates (Ian Jackson)

bugs [bug history graph]

all: 64 67
RC: 4
I&N: 47 50
M&W: 8
F&P: 0
patch: 5

links

lintian (4, 42)
buildd: logs, clang, reproducibility
popcon
browse source code
edit tags
security tracker

ubuntu

[Information about Ubuntu for Debian Developers]

version: 4.9.2-0ubuntu2
57 bugs (10 patches)
patches for 4.9.2-0ubuntu2