CVE-2015-2152

Published: 18 March 2015

Xen 4.5.x and earlier enables certain default backends when emulating a VGA device for an x86 HVM guest qemu even when the configuration disables them, which allows local guest users to obtain access to the VGA console by (1) setting the DISPLAY environment variable, when compiled with SDL support, or connecting to the VNC server on (2) ::1 or (3) 127.0.0.1, when not compiled with SDL support.

Priority

Status

Package	Release	Status
xen Launchpad, Ubuntu, Debian	Upstream	Needed





	Ubuntu 14.04 ESM (Trusty Tahr)	Does not exist (trusty was released [4.4.1-0ubuntu0.14.04.4])
	Patches: Upstream: http://xenbits.xen.org/xsa/xsa119-unstable.patch Upstream: http://xenbits.xen.org/xsa/xsa119-4.2.patch
	Binaries built from this source package are in Universe and so are supported by the community.
xen-3.3 Launchpad, Ubuntu, Debian	Upstream	Ignored (reached end-of-life)





	Ubuntu 14.04 ESM (Trusty Tahr)	Does not exist
	Binaries built from this source package are in Universe and so are supported by the community.

References

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu 14.04 Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM

CVE-2015-2152

Medium

Status

References

Join the discussion

Canonical is offering Extended Security Maintenance

Further reading