[Git][security-tracker-team/security-tracker][master] new xen issues

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue Oct 10 13:48:38 BST 2023



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
24f78ad1 by Moritz Muehlenhoff at 2023-10-10T14:48:06+02:00
new xen issues

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,27 @@
+CVE-2023-34324 [linux/xen: Possible deadlock in Linux kernel event handling]
+	- linux <unfixed>
+	NOTE: https://xenbits.xen.org/xsa/advisory-441.html
+CVE-2023-34328 [A PV vCPU can place a breakpoint over the live GDT]
+	- xen <unfixed>
+	[buster] - xen <end-of-life> (DSA 4677-1)
+	NOTE: https://xenbits.xen.org/xsa/advisory-444.html
+CVE-2023-34327 [An HVM vCPU can end up operating in the context of a previous vCPUs debug mask state]
+	- xen <unfixed>
+	[buster] - xen <end-of-life> (DSA 4677-1)
+	NOTE: https://xenbits.xen.org/xsa/advisory-444.html
+CVE-2023-34325 [Multiple vulnerabilities in libfsimage disk handling]
+	- xen <unfixed>
+	[buster] - xen <end-of-life> (DSA 4677-1)
+	NOTE: https://xenbits.xen.org/xsa/advisory-443.html
+CVE-2023-34326 [x86/AMD: missing IOMMU TLB flushing]
+	- xen <unfixed>
+	[buster] - xen <end-of-life> (DSA 4677-1)
+	NOTE: https://xenbits.xen.org/xsa/advisory-442.html
+CVE-2023-34323 [xenstored: A transaction conflict can crash C Xenstored]
+	- xen <unfixed> (unimportant)
+	[buster] - xen <end-of-life> (DSA 4677-1)
+	NOTE: https://xenbits.xen.org/xsa/advisory-440.html
+	NOTE: Debian uses the ocaml-based xenstored
 CVE-2023-5471 (A vulnerability, which was classified as critical, was found in codepr ...)
 	NOT-FOR-US: codeprojects Farmacia
 CVE-2023-5468 (The Slick Contact Forms plugin for WordPress is vulnerable to Stored C ...)


=====================================
data/dsa-needed.txt
=====================================
@@ -94,3 +94,5 @@ webkit2gtk
 --
 wpewebkit/oldstable
 --
+xen (jmm)
+--



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/24f78ad1d9cd61885265c5f453d2d76e429de886

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/24f78ad1d9cd61885265c5f453d2d76e429de886
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231010/01865d5a/attachment.htm>


More information about the debian-security-tracker-commits mailing list