[Pkg-xen-devel] Bug#1021668: xen: CVE-2022-33749 CVE-2022-33748 CVE-2022-33747 CVE-2022-33746
Salvatore Bonaccorso
carnil at debian.org
Wed Oct 12 21:01:29 BST 2022
Hi,
On Wed, Oct 12, 2022 at 07:38:17PM +0200, Moritz Mühlenhoff wrote:
> Source: xen
> X-Debbugs-CC: team at security.debian.org
> Severity: important
> Tags: security
>
> Hi,
>
> The following vulnerabilities were published for xen.
>
> CVE-2022-33749[0]:
> | XAPI open file limit DoS It is possible for an unauthenticated client
> | on the network to cause XAPI to hit its file-descriptor limit. This
> | causes XAPI to be unable to accept new requests for other (trusted)
> | clients, and blocks XAPI from carrying out any tasks that require the
> | opening of file descriptors.
>
> https://xenbits.xen.org/xsa/advisory-413.html
FTR, I think this should not be tracked for src:xen (and upated the
security-tracker already earlier), as it is for xapi (not found in
src:xen but in the earlier removed src:xen-api).
Regards,
Salvatore
More information about the Pkg-xen-devel
mailing list