svn commit: r437266 - head/security/vuxml
Jason Unovitch
junovitch at FreeBSD.org
Thu Mar 30 01:58:07 UTC 2017
Author: junovitch
Date: Thu Mar 30 01:58:06 2017
New Revision: 437266
URL: https://svnweb.freebsd.org/changeset/ports/437266
Log:
Document Xen Security Advisory (XSA 206)
CVE lists none (yet) assigned
While here, fix a typo on my last Xen entry
Security: https://vuxml.FreeBSD.org/freebsd/47873d72-14eb-11e7-970f-002590263bf5.html
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Thu Mar 30 01:50:00 2017 (r437265)
+++ head/security/vuxml/vuln.xml Thu Mar 30 01:58:06 2017 (r437266)
@@ -58,6 +58,33 @@ Notes:
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="47873d72-14eb-11e7-970f-002590263bf5">
+ <topic>xen-tools -- xenstore denial of service via repeated update</topic>
+ <affects>
+ <package>
+ <name>xen-tools</name>
+ <range><lt>4.7.2_1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Xen Project reports:</p>
+ <blockquote cite="http://xenbits.xen.org/xsa/advisory-206.html">
+ <p>Unprivileged guests may be able to stall progress of the control
+ domain or driver domain, possibly leading to a Denial of Service
+ (DoS) of the entire host.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://xenbits.xen.org/xsa/advisory-206.html</url>
+ </references>
+ <dates>
+ <discovery>2017-03-28</discovery>
+ <entry>2017-03-30</entry>
+ </dates>
+ </vuln>
+
<vuln vid="68611303-149e-11e7-b9bb-6805ca0b3d42">
<topic>phpMyAdmin -- bypass 'no password' restriction</topic>
<affects>
@@ -167,7 +194,7 @@ Notes:
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>The Zen Project reports:</p>
+ <p>The Xen Project reports:</p>
<blockquote cite="http://xenbits.xen.org/xsa/advisory-211.html">
<p>A privileged user within the guest VM can cause a heap overflow in
the device model process, potentially escalating their privileges to
More information about the svn-ports-all
mailing list