svn commit: r437266 - head/security/vuxml

Jason Unovitch junovitch at FreeBSD.org
Thu Mar 30 01:58:07 UTC 2017 

Author: junovitch
Date: Thu Mar 30 01:58:06 2017
New Revision: 437266
URL: https://svnweb.freebsd.org/changeset/ports/437266

Log:
  Document Xen Security Advisory (XSA 206)
  
  CVE lists none (yet) assigned
  
  While here, fix a typo on my last Xen entry
  
  Security:	https://vuxml.FreeBSD.org/freebsd/47873d72-14eb-11e7-970f-002590263bf5.html

Modified:
  head/security/vuxml/vuln.xml

Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml	Thu Mar 30 01:50:00 2017	(r437265)
+++ head/security/vuxml/vuln.xml	Thu Mar 30 01:58:06 2017	(r437266)
@@ -58,6 +58,33 @@ Notes:
   * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+  <vuln vid="47873d72-14eb-11e7-970f-002590263bf5">
+    <topic>xen-tools -- xenstore denial of service via repeated update</topic>
+    <affects>
+      <package>
+	<name>xen-tools</name>
+	<range><lt>4.7.2_1</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>The Xen Project reports:</p>
+	<blockquote cite="http://xenbits.xen.org/xsa/advisory-206.html">
+	  <p>Unprivileged guests may be able to stall progress of the control
+	    domain or driver domain, possibly leading to a Denial of Service
+	    (DoS) of the entire host.</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <url>http://xenbits.xen.org/xsa/advisory-206.html</url>
+    </references>
+    <dates>
+      <discovery>2017-03-28</discovery>
+      <entry>2017-03-30</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="68611303-149e-11e7-b9bb-6805ca0b3d42">
     <topic>phpMyAdmin -- bypass 'no password' restriction</topic>
     <affects>
@@ -167,7 +194,7 @@ Notes:
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
-	<p>The Zen Project reports:</p>
+	<p>The Xen Project reports:</p>
 	<blockquote cite="http://xenbits.xen.org/xsa/advisory-211.html">
 	  <p>A privileged user within the guest VM can cause a heap overflow in
 	    the device model process, potentially escalating their privileges to

More information about the svn-ports-all mailing list