GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Wed Oct 18, 2017 1:26 am Post subject: [ GLSA 201710-17 ] Xen |
|
|
Gentoo Linux Security Advisory
Title: Xen: Multiple vulnerabilities (GLSA 201710-17)
Severity: high
Exploitable: local
Date: 2017-10-18
Bug(s): #624112, #624116, #624118, #624124, #624128
ID: 201710-17
Synopsis
Multiple vulnerabilities have been found in Xen, the worst of which
may allow local attackers to escalate privileges.
Background
Xen is a bare-metal hypervisor.
Affected Packages
Package: app-emulation/xen
Vulnerable: < 4.7.3
Unaffected: >= 4.7.3
Architectures: All supported architectures
Package: app-emulation/xen-pvgrub
Vulnerable: < 4.7.3
Unaffected: >= 4.7.3
Architectures: All supported architectures
Package: app-emulation/xen-tools
Vulnerable: < 4.7.3
Unaffected: >= 4.7.3
Architectures: All supported architectures
Description
Multiple vulnerabilities have been discovered in Xen. Please review the
referenced CVE identifiers for details.
Impact
A local attacker could escalate privileges, cause a Denial of Service
condition, obtain sensitive information, or have other unspecified
impacts.
Workaround
There is no known workaround at this time.
Resolution
All Xen users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=app-emulation/xen-4.7.3"
| All Xen pvgrub users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=app-emulation/xen-pvgrub-4.7.3"
| All Xen Tools users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=app-emulation/xen-tools-4.7.3"
|
References
CVE-2017-10912
CVE-2017-10913
CVE-2017-10914
CVE-2017-10915
CVE-2017-10918
CVE-2017-10920
CVE-2017-10921
CVE-2017-10922
Last edited by GLSA on Mon Jan 15, 2018 4:16 am; edited 1 time in total |
|