CVE-2013-2211
Published: 28 August 2013
The libxenlight (libxl) toolstack library in Xen 4.0.x, 4.1.x, and 4.2.x uses weak permissions for xenstore keys for paravirtualised and emulated serial console devices, which allows local guest administrators to modify the xenstore value via unspecified vectors.
Notes
Author | Note |
---|---|
seth-arnold | Vulnerable interface added in 4.0 XSA-57 |
Priority
Status
Package | Release | Status |
---|---|---|
xen Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
precise |
Released
(4.1.2-2ubuntu2.10)
|
|
quantal |
Released
(4.1.3-3ubuntu1.7)
|
|
raring |
Released
(4.2.1-0ubuntu3.3)
|
|
upstream |
Needed
|
|
Patches: upstream: http://lists.xen.org/archives/html/xen-announce/2013-06/binuXPDlTvthz.bin (4.1) upstream: http://lists.xen.org/archives/html/xen-announce/2013-06/binVAC3mRmerG.bin (4.2) |
||
Binaries built from this source package are in Universe and so are supported by the community. | ||
xen-3.3 Launchpad, Ubuntu, Debian |
lucid |
Not vulnerable
|
precise |
Does not exist
|
|
quantal |
Does not exist
|
|
raring |
Does not exist
|
|
upstream |
Ignored
(end of life)
|
|
Binaries built from this source package are in Universe and so are supported by the community. |