View previous topic :: View next topic |
Author |
Message |
GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Tue Apr 05, 2016 7:26 am Post subject: [ GLSA 201604-03 ] Xen |
|
|
Gentoo Linux Security Advisory
Title: Xen: Multiple vulnerabilities (GLSA 201604-03)
Severity: normal
Exploitable: local
Date: April 05, 2016
Bug(s): #445254, #513832, #547202, #549200, #549950, #550658, #553664, #553718, #555532, #556304, #561110, #564472, #564932, #566798, #566838, #566842, #567962, #571552, #571556, #574012
ID: 201604-03
Synopsis
Multiple vulnerabilities have been found in Xen, the worst of which
cause a Denial of Service.
Background
Xen is a bare-metal hypervisor.
Affected Packages
Package: app-emulation/xen
Vulnerable: < 4.6.0-r9
Unaffected: >= 4.6.0-r9
Unaffected: >= 4.5.2-r5 < 4.5.3
Architectures: All supported architectures
Package: app-emulation/xen-pvgrub
Vulnerable: < 4.6.0
Architectures: All supported architectures
Package: app-emulation/xen-tools
Vulnerable: < 4.6.0-r9
Unaffected: >= 4.6.0-r9
Unaffected: >= 4.5.2-r5 < 4.5.3
Architectures: All supported architectures
Package: app-emulation/pvgrub
Unaffected: >= 4.6.0
Unaffected: >= 4.5.2 < 4.5.3
Architectures: All supported architectures
Description
Multiple vulnerabilities have been discovered in Xen. Please review the
CVE identifiers referenced below for details.
Impact
A local attacker could possibly cause a Denial of Service condition or
obtain sensitive information.
Workaround
There is no known workaround at this time.
Resolution
All Xen 4.5 users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=app-emulation/xen-4.5.2-r5"
| All Xen 4.6 users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=app-emulation/xen-4.6.0-r9"
| All Xen tools 4.5 users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=app-emulation/xen-tools-4.5.2-r5"
| All Xen tools 4.6 users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=app-emulation/xen-tools-4.6.0-r9"
| All Xen pvgrub users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=app-emulation/xen-pvgrub-4.6.0"
|
References
CVE-2012-3494
CVE-2012-3495
CVE-2012-3496
CVE-2012-3497
CVE-2012-3498
CVE-2012-3515
CVE-2012-4411
CVE-2012-4535
CVE-2012-4536
CVE-2012-4537
CVE-2012-4538
CVE-2012-4539
CVE-2012-6030
CVE-2012-6031
CVE-2012-6032
CVE-2012-6033
CVE-2012-6034
CVE-2012-6035
CVE-2012-6036
CVE-2015-2151
CVE-2015-3209
CVE-2015-3259
CVE-2015-3340
CVE-2015-3456
CVE-2015-4103
CVE-2015-4104
CVE-2015-4105
CVE-2015-4106
CVE-2015-4163
CVE-2015-4164
CVE-2015-5154
CVE-2015-7311
CVE-2015-7504
CVE-2015-7812
CVE-2015-7813
CVE-2015-7814
CVE-2015-7835
CVE-2015-7871
CVE-2015-7969
CVE-2015-7970
CVE-2015-7971
CVE-2015-7972
CVE-2015-8339
CVE-2015-8340
CVE-2015-8341
CVE-2015-8550
CVE-2015-8551
CVE-2015-8552
CVE-2015-8554
CVE-2015-8555
CVE-2016-2270
CVE-2016-2271 |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|