GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Tue Nov 15, 2016 11:26 am Post subject: [ GLSA 201611-09 ] Xen |
|
|
Gentoo Linux Security Advisory
Title: Xen: Multiple vulnerabilities (GLSA 201611-09)
Severity: normal
Exploitable: remote
Date: November 15, 2016
Bug(s): #588780, #593198, #594850
ID: 201611-09
Synopsis
Multiple vulnerabilities have been found in Xen, the worst of which
allows gaining of privileges on the host system.
Background
Xen is a bare-metal hypervisor.
Affected Packages
Package: app-emulation/xen
Vulnerable: < 4.6.3-r3
Unaffected: >= 4.6.3-r3
Architectures: All supported architectures
Package: app-emulation/xen-tools
Vulnerable: < 4.6.3-r2
Unaffected: >= 4.6.3-r2
Architectures: All supported architectures
Description
Multiple vulnerabilities have been discovered in Xen. Please review the
CVE identifiers referenced below for details.
Impact
A malicious guest administrator could escalate their privileges on the
host system or cause a Denial of Service. Additionally, a malicious
unprivileged guest user may be able to obtain or corrupt sensitive
information (including cryptographic material) in other programs in the
same guest.
Workaround
There is no known workaround at this time.
Resolution
All Xen users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=app-emulation/xen-4.6.3-r3"
| All Xen tools users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=app-emulation/xen-tools-4.6.3-r2
|
References
CVE-2016-6258
CVE-2016-7092
CVE-2016-7093
CVE-2016-7094
CVE-2016-7777 |
|