Summary: | <app-emulation/xen{,-tools}-4.6.1-r4: Unsanitised driver domain input in libxl device handling XSA-178 (CVE-2016-4963) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Yury German <blueknight> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | dlan |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | C3 [noglsa cve] | ||
Package list: | Runtime testing required: | --- |
Description
Yury German
2016-05-19 03:38:28 UTC
Files sent to developer in a secure (encrypted) channel. Bug #583464, could be addressing same vulnerability. Purposely split it up in case can not be handled together. If can be handled as one release, either one could be set as dependancy. commit f22d36084c5cdabb599a38b8e1e26832c4bacd94 Author: Yixun Lan <dlan@gentoo.org> Date: Tue Jun 7 13:38:13 2016 +0800 app-emulation/xen-tools: fix XSA-175,178 bug also include a few non-security upstream fixes Gentoo-Bug: 583464, XSA-175 Gentoo-Bug: 583466, XSA-178 Package-Manager: portage-2.3.0_rc1 @ Security: Please vote! CVE-2016-4963 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4963): The libxl device-handling in Xen through 4.6.x allows local guest OS users with access to the driver domain to cause a denial of service (management tool confusion) by manipulating information in the backend directories in xenstore. GLSA Vote: No |