GLSA-201407-03

[oss-security] 20131010 Xen Security Advisory 68 (CVE-2013-4369) - possible null  dereference when parsing vif ratelimiting info

xen-cve20134369-dos(87798)

XEN has been updated to version 4.2.3 c/s 26170, fixing various bugs and security issues.

  - CVE-2013-4416: XSA-72: Fixed ocaml xenstored that     mishandled oversized message replies

  - CVE-2013-4355: XSA-63: Fixed information leaks through     I/O instruction emulation

  - CVE-2013-4361: XSA-66: Fixed information leak through     fbld instruction emulation

  - CVE-2013-4368: XSA-67: Fixed information leak through     outs instruction emulation

  - CVE-2013-4369: XSA-68: Fixed possible null dereference     when parsing vif ratelimiting info

  - CVE-2013-4370: XSA-69: Fixed misplaced free in ocaml     xc_vcpu_getaffinity stub

  - CVE-2013-4371: XSA-70: Fixed use-after-free in     libxl_list_cpupool under memory pressure

  - CVE-2013-4375: XSA-71: xen: qemu disk backend (qdisk)     resource leak

  - CVE-2013-1442: XSA-62: Fixed information leak on AVX     and/or LWP capable CPUs

  - CVE-2013-1432: XSA-58: Page reference counting error due     to XSA-45/CVE-2013-1918 fixes.

Various bugs have also been fixed :

  - Boot failure with xen kernel in UEFI mode with error 'No     memory for trampoline' (bnc#833483)

  - Improvements to block-dmmd script (bnc#828623)

  - MTU size on Dom0 gets reset when booting DomU with e1000     device (bnc#840196)

  - In HP's UEFI x86_64 platform and with xen environment,     in booting stage, xen hypervisor will panic.
    (bnc#833251)

  - Xen: migration broken from xsave-capable to     xsave-incapable host (bnc#833796)

  - In xen, 'shutdown -y 0 -h' cannot power off system     (bnc#834751)

  - In HP's UEFI x86_64 platform with xen environment, xen     hypervisor will panic on multiple blades nPar.
    (bnc#839600)

  - vcpus not started after upgrading Dom0 from SLES 11 SP2     to SP3 (bnc#835896)

  - SLES 11 SP3 Xen security patch does not automatically     update UEFI boot binary (bnc#836239)

  - Failed to setup devices for vm instance when start     multiple vms simultaneously (bnc#824676)

  - SLES 9 SP4 guest fails to start after upgrading to SLES     11 SP3 (bnc#817799)

  - Various upstream fixes have been included.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote host is affected by the vulnerability described in GLSA-201407-03 (Xen: Multiple Vunlerabilities)

    Multiple vulnerabilities have been discovered in Xen. Please review the       CVE identifiers referenced below for details.
  Impact :

    A remote attacker can utilize multiple vectors to execute arbitrary       code, cause Denial of Service, or gain access to data on the host.
  Workaround :

    There is no known workaround at this time.

Xen was updated to 4.2.3 c/s 26170 to fix various bugs and security issues.

Following issues were fixed :

  - bnc#845520 - CVE-2013-4416: xen: ocaml xenstored     mishandles oversized message replies

  - bnc#833483 - Boot Failure with xen kernel in UEFI mode     with error 'No memory for trampoline'

  - Improvements to block-dmmd script bnc#828623

  - bnc#840196 - MTU size on Dom0 gets reset when booting     DomU with e1000 device

  - bnc#840592 - CVE-2013-4355: XSA-63: xen: Information     leaks through I/O instruction emulation

  - bnc#841766 - CVE-2013-4361: XSA-66: xen: Information     leak through fbld instruction emulation

  - bnc#842511 - CVE-2013-4368: XSA-67: xen: Information     leak through outs instruction emulation

  - bnc#842512 - CVE-2013-4369: XSA-68: xen: possible null     dereference when parsing vif ratelimiting info

  - bnc#842513 - CVE-2013-4370: XSA-69: xen: misplaced free     in ocaml xc_vcpu_getaffinity stub

  - bnc#842514 - CVE-2013-4371: XSA-70: xen: use-after-free     in libxl_list_cpupool under memory pressure

  - bnc#842515 - CVE-2013-4375: XSA-71: xen: qemu disk     backend (qdisk) resource leak

  - bnc#839596 - CVE-2013-1442: XSA-62: xen: Information     leak on AVX and/or LWP capable CPUs

  - bnc#833251 - [HP BCS SLES11 Bug]: In HP&rsquo;s UEFI     x86_64 platform and with xen environment, in booting     stage ,xen hypervisor will panic.

  - bnc#833796 - Xen: migration broken from xsave-capable to     xsave-incapable host

  - bnc#834751 - [HP BCS SLES11 Bug]: In xen,     &ldquo;shutdown &ndash;y 0 &ndash;h&rdquo; cannot power     off system

  - bnc#839600 - [HP BCS SLES11 Bug]: In HP&rsquo;s UEFI     x86_64 platform and sles11sp3 with xen environment, xen     hypervisor will panic on multiple blades nPar. 

  - bnc#833251 - [HP BCS SLES11 Bug]: In HP&rsquo;s UEFI     x86_64 platform and with xen environment, in booting     stage ,xen hypervisor will panic.

  - bnc#835896 - vcpus not started after upgrading Dom0 from     11SP2 to SP3

  - bnc#836239 - SLES 11 SP3 Xen security patch does not     automatically update UEFI boot binary

XEN has been updated to version 4.2.3 c/s 26170, fixing various bugs and security issues.

  - XSA-72: Fixed ocaml xenstored that mishandled oversized     message replies. (CVE-2013-4416)

  - XSA-63: Fixed information leaks through I/O instruction     emulation. (CVE-2013-4355)

  - XSA-66: Fixed information leak through fbld instruction     emulation. (CVE-2013-4361)

  - XSA-67: Fixed information leak through outs instruction     emulation. (CVE-2013-4368)

  - XSA-68: Fixed possible null dereference when parsing vif     ratelimiting info. (CVE-2013-4369)

  - XSA-69: Fixed misplaced free in ocaml     xc_vcpu_getaffinity stub. (CVE-2013-4370)

  - XSA-70: Fixed use-after-free in libxl_list_cpupool under     memory pressure. (CVE-2013-4371)

  - XSA-71: xen: qemu disk backend (qdisk) resource leak.
    (CVE-2013-4375)

  - XSA-62: Fixed information leak on AVX and/or LWP capable     CPUs. (CVE-2013-1442)

  - XSA-58: Page reference counting error due to     XSA-45/CVE-2013-1918 fixes. Various bugs have also been     fixed:. (CVE-2013-1432)

  - Boot failure with xen kernel in UEFI mode with error 'No     memory for trampoline'. (bnc#833483)

  - Improvements to block-dmmd script. (bnc#828623)

  - MTU size on Dom0 gets reset when booting DomU with e1000     device. (bnc#840196)

  - In HP's UEFI x86_64 platform and with xen environment,     in booting stage, xen hypervisor will panic.
    (bnc#833251)

  - Xen: migration broken from xsave-capable to     xsave-incapable host. (bnc#833796)

  - In xen, 'shutdown -y 0 -h' cannot power off system.
    (bnc#834751)

  - In HP's UEFI x86_64 platform with xen environment, xen     hypervisor will panic on multiple blades nPar.
    (bnc#839600)

  - vcpus not started after upgrading Dom0 from SLES 11 SP2     to SP3. (bnc#835896)

  - SLES 11 SP3 Xen security patch does not automatically     update UEFI boot binary. (bnc#836239)

  - Failed to setup devices for vm instance when start     multiple vms simultaneously. (bnc#824676)

  - SLES 9 SP4 guest fails to start after upgrading to SLES     11 SP3. (bnc#817799)

  - Various upstream fixes have been included.

Five security fixes CVE-2013-4368 CVE-2013-4369 CVE-2013-4370 CVE-2013-4371 CVE-2013-4375

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
83602	SUSE SLED11 / SLES11 Security Update : Xen (SUSE-SU-2013:1774-1)	Nessus	SuSE Local Security Checks	high
76544	GLSA-201407-03 : Xen: Multiple Vunlerabilities	Nessus	Gentoo Local Security Checks	high
74865	openSUSE Security Update : xen (openSUSE-SU-2013:1953-1)	Nessus	SuSE Local Security Checks	medium
70969	SuSE 11.2 / 11.3 Security Update : Xen (SAT Patch Numbers 8478 / 8479)	Nessus	SuSE Local Security Checks	high
70550	Fedora 18 : xen-4.2.3-4.fc18 (2013-19053)	Nessus	Fedora Local Security Checks	medium
70549	Fedora 19 : xen-4.2.3-4.fc19 (2013-19048)	Nessus	Fedora Local Security Checks	medium

CVE-2013-4369

LOW

Description

References

Details

Risk Information

CVSS v2.0

Vulnerable Software

Configuration 1

Tenable Plugins

high

high

medium

high

medium

medium