CVE-2013-2077

NameCVE-2013-2077
DescriptionXen 4.0.x, 4.1.x, and 4.2.x does not properly restrict the contents of a XRSTOR, which allows local PV guest users to cause a denial of service (unhandled exception and hypervisor crash) via unspecified vectors.
SourceCVE (at NVD; oss-sec, fulldisc, OSVDB, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, more)
ReferencesDSA-3006-1
NVD severitymedium (attack range: remote)
Debian/oldstablepackage xen is vulnerable.
Debian/stablenot vulnerable.
Debian/testingnot vulnerable.
Debian/unstablenot vulnerable.

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
xen (PTS)squeeze (security), squeeze4.0.1-5.11vulnerable
wheezy4.1.4-3+deb7u3fixed
wheezy (security)4.1.4-3+deb7u4fixed
sid, jessie4.4.1-6fixed

The information above is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
xensource(unstable)4.2.2-1medium
xensourcesqueeze(unfixed)end-of-life
xensourcewheezy4.1.4-3+deb7u2mediumDSA-3006-1

Notes

[squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
http://lists.xen.org/archives/html/xen-announce/2013-06/msg00001.html

Search for package or bug name: Reporting problems