[ GLSA 201407-03 ] Xen: Multiple Vunlerabilities

[GLSA]

Gentoo Linux Security Advisory

Title: Xen: Multiple Vunlerabilities (GLSA 201407-03)
Severity: high
Exploitable: remote
Date: July 16, 2014
Bug(s): #440768, #484478, #486354, #497082, #497084, #497086, #499054, #499124, #500528, #500530, #500536, #501080, #501906, #505714, #509054, #513824
ID: 201407-03

Synopsis

Multiple vulnerabilities have been found in Xen, the worst of which
could lead to arbitrary code execution.


Background

Xen is a bare-metal hypervisor.

Affected Packages

Package: app-emulations/xen
Vulnerable: < 4.3.2-r4
Unaffected: >= 4.3.2-r4
Unaffected: >= 4.2.4-r4 < 4.2.5
Architectures: All supported architectures

Package: app-emulations/xen-tools
Vulnerable: < 4.3.2-r5
Unaffected: >= 4.3.2-r5
Unaffected: >= 4.2.4-r6 < 4.2.5
Architectures: All supported architectures

Package: app-emulations/xen-pvgrub
Vulnerable: < 4.3.2
Unaffected: >= 4.3.2 < 4.3.3
Unaffected: >= 4.2.4 < 4.2.5
Architectures: All supported architectures


Description

Multiple vulnerabilities have been discovered in Xen. Please review the
CVE identifiers referenced below for details.


Impact

A remote attacker can utilize multiple vectors to execute arbitrary
code, cause Denial of Service, or gain access to data on the host.


Workaround

There is no known workaround at this time.

Resolution

All Xen 4.3 users should upgrade to the latest version: