Date: Tue, 11 Oct 2022 12:06:11 +0000 From: Xen.org security team <security@....org> To: xen-announce@...ts.xen.org, xen-devel@...ts.xen.org, xen-users@...ts.xen.org, oss-security@...ts.openwall.com CC: Xen.org security team <security-team-members@....org> Subject: Xen Security Advisory 413 v2 (CVE-2022-33749) - XAPI open file limit DoS -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Xen Security Advisory CVE-2022-33749 / XSA-413 version 2 XAPI open file limit DoS UPDATES IN VERSION 2 ==================== Public release. ISSUE DESCRIPTION ================= It is possible for an unauthenticated client on the network to cause XAPI to hit its file-descriptor limit. This causes XAPI to be unable to accept new requests for other (trusted) clients, and blocks XAPI from carrying out any tasks that require the opening of file descriptors. IMPACT ====== An attacker is capable of blocking connections to the XAPI HTTP interface, and also interrupt ongoing operations, causing a XAPI toolstack Denial of Service. Such DoS would also affect any guests that require toolstack actions. VULNERABLE SYSTEMS ================== All versions of XAPI are vulnerable. Systems which are not using the XAPI toolstack are not vulnerable. MITIGATION ========== Not exposing to untrusted clients the network interface XAPI is listening on will prevent the issue. RESOLUTION ========== Applying the attached patches resolves this issue. xsa413/xsa413-*.patch Xapi master $ sha256sum xsa413*/* 63f72af7a92944700318add5cc200160ff7f834b6d304dd22441fa2de74c7b83 xsa413/xsa413-1.patch 6fbcbfb1915ebc4a726374d94e050406d8f1d52c3cb9afc06bcf7cec9e5a19c8 xsa413/xsa413-2.patch c41de04ff2b63756e693c6c75ec4d7206a88db06c1da0b263c9d0644da90ef8b xsa413/xsa413-3.patch 6ee2dc09f6c5f64ce9627e9b4e314237817f7c0c2eebe30a2c83709d1faf0050 xsa413/xsa413-4.patch 360a5099ece45118488706acd76b6da3ca8e6f107cee24586dbf6ec7f5858aeb xsa413/xsa413-5.patch cc79e086affcfd784ab8cd38e1d0acd6adb241c24141f3409161e417cc314b28 xsa413/xsa413-6.patch $ DEPLOYMENT DURING EMBARGO ========================= Deployment of the patches and/or mitigations described above (or others which are substantially similar) is permitted during the embargo, even on public-facing systems with untrusted guest users and administrators. But: Distribution of updated software is prohibited (except to other members of the predisclosure list). Predisclosure list members who wish to deploy significantly different patches and/or mitigations, please contact the Xen Project Security Team. -----BEGIN PGP SIGNATURE----- iQFABAEBCAAqFiEEI+MiLBRfRHX6gGCng/4UyVfoK9kFAmNFTAEMHHBncEB4ZW4u b3JnAAoJEIP+FMlX6CvZmIMH/RBAGOrAi8NI7BBeGHwMW7WqyMfT6mTVUFkb2z9z ZFtvPFvim5AobCUpAKFtUAWpSQoUEEPyTO83C2VDe9jQC37mRo/qAduX7wj8oaJv Dq+QFECP95bsfmu0SwKYL7ZW+3lLxDVwtp88z4P/H/U0VYqG+bNrR569znBbn0wL p7EKQG5A4PS0nLg8ehnxjwuKCn0dCgUIZibh3AIMOUDTFY/apVeDFbX7bKIoQgLV /0B18MevryxqSRe3QpL2WW/kRGLLKF7i5SA7nAbOPMzPWHOLNDZb+b+Hq7/eYwzI a2+6yUcBkWAqyi9M3fXkhslySA/WqLdPXBIkd47zZS9rIuU= =Ih6z -----END PGP SIGNATURE----- Download attachment "xsa413/xsa413-1.patch" of type "application/octet-stream" (3941 bytes) Download attachment "xsa413/xsa413-2.patch" of type "application/octet-stream" (10897 bytes) Download attachment "xsa413/xsa413-3.patch" of type "application/octet-stream" (11881 bytes) Download attachment "xsa413/xsa413-4.patch" of type "application/octet-stream" (10060 bytes) Download attachment "xsa413/xsa413-5.patch" of type "application/octet-stream" (11475 bytes) Download attachment "xsa413/xsa413-6.patch" of type "application/octet-stream" (9793 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.