SB2013062104 - Input validation error in xen (Alpine package)
Published: June 21, 2013
Security Bulletin ID
SB2013062104
Severity
High
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Input validation error (CVE-ID: CVE-2013-2194)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Multiple integer overflows in the Elf parser (libelf) in Xen 4.2.x and earlier allow local guest administrators with certain permissions to have an unspecified impact via a crafted kernel.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=dac4485dfa4d8ae59e99caf4b911c196dc2b717f
- https://git.alpinelinux.org/aports/commit/?id=386d947eaf640de1a5515087a2b65d5960e5624b
- https://git.alpinelinux.org/aports/commit/?id=19901df1bcb30f294ee615cd161ba33d67c75771
- https://git.alpinelinux.org/aports/commit/?id=50869d41a1af768fb0c39ff2d059a8bec102bc91