SB2013062106 - Input validation error in xen (Alpine package)
Published: June 21, 2013
Security Bulletin ID
SB2013062106
Severity
High
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Input validation error (CVE-ID: CVE-2013-2196)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Multiple unspecified vulnerabilities in the Elf parser (libelf) in Xen 4.2.x and earlier allow local guest administrators with certain permissions to have an unspecified impact via a crafted kernel, related to "other problems" that are not CVE-2013-2194 or CVE-2013-2195.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=dac4485dfa4d8ae59e99caf4b911c196dc2b717f
- https://git.alpinelinux.org/aports/commit/?id=386d947eaf640de1a5515087a2b65d5960e5624b
- https://git.alpinelinux.org/aports/commit/?id=19901df1bcb30f294ee615cd161ba33d67c75771
- https://git.alpinelinux.org/aports/commit/?id=50869d41a1af768fb0c39ff2d059a8bec102bc91