CVE-2013-4416

Published: 2 November 2013

The Ocaml xenstored implementation (oxenstored) in Xen 4.1.x, 4.2.x, and 4.3.x allows local guest domains to cause a denial of service (domain shutdown) via a large message reply.

Notes

Author	Note
mdeslaur	This is XSA-72

Priority

Status

Package	Release	Status
xen Launchpad, Ubuntu, Debian	lucid	Does not exist
	precise	Released (4.1.5-0ubuntu0.12.04.2)
	quantal	Released (4.1.5-0ubuntu0.12.10.2)
	raring	Released (4.2.2-0ubuntu0.13.04.2)
	saucy	Released (4.3.0-1ubuntu1.1)
	upstream	Needs triage
xen-3.3 Launchpad, Ubuntu, Debian	lucid	Ignored (end of life)
	precise	Does not exist
	quantal	Does not exist
	raring	Does not exist
	saucy	Does not exist
	upstream	Ignored (end of life)

References

http://www.securitytracker.com/id/1029264
http://www.openwall.com/lists/oss-security/2013/10/29/5
http://lists.xen.org/archives/html/xen-announce/2013-10/msg00006.html
http://osvdb.org/99072
https://www.cve.org/CVERecord?id=CVE-2013-4416
NVD
Launchpad
Debian

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›