[Secure-testing-team] Bug#784011: xen: CVE-2015-3340: Information leak through XEN_DOMCTL_gettscinfo (XSA-132)
Salvatore Bonaccorso
carnil at debian.org
Sat May 2 05:04:34 UTC 2015
Source: xen
Version: 4.4.1-9
Severity: normal
Tags: security upstream patch fixed-upstream
Hi,
the following vulnerability was published for xen.
CVE-2015-3340[0]:
| Xen 4.2.x through 4.5.x does not initialize certain fields, which
| allows certain remote service domains to obtain sensitive information
| from memory via a (1) XEN_DOMCTL_gettscinfo or (2)
| XEN_SYSCTL_getdomaininfolist request.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2015-3340
[1] http://xenbits.xen.org/xsa/advisory-132.html
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
More information about the Secure-testing-team
mailing list