[Secure-testing-team] Bug#809229: CVE-2015-8550: xen: unsafe access to shared memory
Michael Tokarev
mjt at tls.msk.ru
Mon Dec 28 14:46:29 UTC 2015
Source: qemu
Version: 2.1+dfsg-1
Severity: important
Tags: security patch upstream fixed-upstream pending
CVE-2015-8550 (XSA-155). xenfb and xen/blkif reads shared memory contents
more than once which open possibility to verification bypass from guest.
http://xenbits.xen.org/xsa/advisory-155.html
The issue has been fixed past upstream 2.5.0 release.
Filing this bug against qemu version 2.1 (jessie), because in Debian, only
in jessie xen uses qemu. Before jessie, xen used its own copy of qemu.
More information about the Secure-testing-team
mailing list