GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Tue Oct 30, 2018 10:26 pm Post subject: [ GLSA 201810-06 ] Xen |
|
|
Gentoo Linux Security Advisory
Title: Xen: Multiple vulnerabilities (GLSA 201810-06)
Severity: normal
Exploitable: local
Date: 2018-10-30
Bug(s): #643350, #655188, #655544, #659442
ID: 201810-06
Synopsis
Multiple vulnerabilities have been found in Xen, the worst of which
could cause a Denial of Service condition.
Background
Xen is a bare-metal hypervisor.
Affected Packages
Package: app-emulation/xen
Vulnerable: < 4.10.1-r2
Unaffected: >= 4.10.1-r2
Architectures: All supported architectures
Package: app-emulation/xen-tools
Vulnerable: < 4.10.1-r2
Unaffected: >= 4.10.1-r2
Architectures: All supported architectures
Description
Multiple vulnerabilities have been discovered in Xen. Please review the
referenced CVE identifiers for details.
Impact
A local attacker could cause a Denial of Service condition or disclose
sensitive information.
Workaround
There is no known workaround at this time.
Resolution
All Xen users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=app-emulation/xen-4.10.1-r2"
| All Xen tools users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose
">=app-emulation/xen-tools-4.10.1-r2"
|
References
CVE-2017-5715
CVE-2017-5753
CVE-2017-5754
CVE-2018-10471
CVE-2018-10472
CVE-2018-10981
CVE-2018-10982
CVE-2018-12891
CVE-2018-12892
CVE-2018-12893
CVE-2018-15468
CVE-2018-15469
CVE-2018-15470
CVE-2018-3620
CVE-2018-3646
CVE-2018-5244
CVE-2018-7540
CVE-2018-7541
CVE-2018-7542 |
|