Candidate: CVE-2013-2211
PublicDate: 2013-08-28 21:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2211
 http://www.openwall.com/lists/oss-security/2013/06/21/3
Description:
 The libxenlight (libxl) toolstack library in Xen 4.0.x, 4.1.x, and 4.2.x
 uses weak permissions for xenstore keys for paravirtualised and emulated
 serial console devices, which allows local guest administrators to modify
 the xenstore value via unspecified vectors.
Ubuntu-Description:
Notes:
 seth-arnold> Vulnerable interface added in 4.0
 seth-arnold> XSA-57
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_xen-3.3:
-- Tags_xen-3.3: universe-binary
upstream_xen-3.3: ignored (reached end-of-life)
lucid_xen-3.3: not-affected
precise_xen-3.3: DNE
quantal_xen-3.3: DNE
raring_xen-3.3: DNE
devel_xen-3.3: DNE

Patches_xen:
 upstream: http://lists.xen.org/archives/html/xen-announce/2013-06/binuXPDlTvthz.bin (4.1)
 upstream: http://lists.xen.org/archives/html/xen-announce/2013-06/binVAC3mRmerG.bin (4.2)
Tags_xen: universe-binary
upstream_xen: needed
lucid_xen: DNE
precise_xen: released (4.1.2-2ubuntu2.10)
quantal_xen: released (4.1.3-3ubuntu1.7)
raring_xen: released (4.2.1-0ubuntu3.3)
devel_xen: released (4.2.1-2ubuntu2)