| Name | CVE-2013-2211 |
| Description | The libxenlight (libxl) toolstack library in Xen 4.0.x, 4.1.x, and 4.2.x uses weak permissions for xenstore keys for paravirtualised and emulated serial console devices, which allows local guest administrators to modify the xenstore value via unspecified vectors. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| References | DSA-3006-1 |
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|---|---|---|
| xen (PTS) | jessie, jessie (lts) | 4.4.4lts5-0+deb8u1 | fixed |
| stretch (security), stretch (lts), stretch | 4.8.5.final+shim4.10.4-1+deb9u12 | fixed | |
| buster, buster (security) | 4.11.4+107-gef32c7afa2-1 | fixed | |
| bullseye | 4.14.6-1 | fixed | |
| bullseye (security) | 4.14.5+94-ge49571868d-1 | fixed | |
| bookworm | 4.17.3+10-g091466ba55-1~deb12u1 | fixed | |
| trixie | 4.17.3+10-g091466ba55-1 | fixed | |
| sid | 4.17.3+36-g54dacb5c02-1 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| xen | source | squeeze | (not affected) | |||
| xen | source | wheezy | 4.1.4-3+deb7u2 | DSA-3006-1 | ||
| xen | source | (unstable) | 4.3.0-1 |
[squeeze] - xen <not-affected> (libxl not packaged in squeeze)