SB2013062105 - Input validation error in xen (Alpine package)
Published: June 21, 2013
Security Bulletin ID
SB2013062105
Severity
High
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Input validation error (CVE-ID: CVE-2013-2195)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The Elf parser (libelf) in Xen 4.2.x and earlier allow local guest administrators with certain permissions to have an unspecified impact via a crafted kernel, related to "pointer dereferences" involving unexpected calculations.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=dac4485dfa4d8ae59e99caf4b911c196dc2b717f
- https://git.alpinelinux.org/aports/commit/?id=386d947eaf640de1a5515087a2b65d5960e5624b
- https://git.alpinelinux.org/aports/commit/?id=19901df1bcb30f294ee615cd161ba33d67c75771
- https://git.alpinelinux.org/aports/commit/?id=50869d41a1af768fb0c39ff2d059a8bec102bc91