CVE-2015-2152
Published: 18 March 2015
Xen 4.5.x and earlier enables certain default backends when emulating a VGA device for an x86 HVM guest qemu even when the configuration disables them, which allows local guest users to obtain access to the VGA console by (1) setting the DISPLAY environment variable, when compiled with SDL support, or connecting to the VNC server on (2) ::1 or (3) 127.0.0.1, when not compiled with SDL support.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
xen Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
| precise |
Released
(4.1.6.1-0ubuntu0.12.04.5)
|
|
| trusty |
Released
(4.4.1-0ubuntu0.14.04.4)
|
|
| upstream |
Needed
|
|
| utopic |
Released
(4.4.1-0ubuntu0.14.10.4)
|
|
| vivid |
Released
(4.5.0-1ubuntu3)
|
|
|
Patches: upstream: http://xenbits.xen.org/xsa/xsa119-unstable.patch upstream: http://xenbits.xen.org/xsa/xsa119-4.2.patch |
||
| Binaries built from this source package are in Universe and so are supported by the community. | ||
|
xen-3.3 Launchpad, Ubuntu, Debian |
lucid |
Ignored
(end of life)
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Ignored
(end of life)
|
|
| utopic |
Does not exist
|
|
| vivid |
Does not exist
|
|
| Binaries built from this source package are in Universe and so are supported by the community. | ||