BugTraq
[SECURITY] [DSA 4131-1] xen security update Mar 04 2018 09:59AM
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

-
------------------------------------------------------------------------
-
Debian Security Advisory DSA-4131-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
March 04, 2018 https://www.debian.org/security/faq
-
------------------------------------------------------------------------
-

Package : xen
CVE ID : CVE-2018-7540 CVE-2018-7541 CVE-2018-7542

Multiple vulnerabilities have been discovered in the Xen hypervisor:

CVE-2018-7540

Jann Horn discovered that missing checks in page table freeing may
result in denial of service.

CVE-2018-7541

Jan Beulich discovered that incorrect error handling in grant table
checks may result in guest-to-host denial of service and potentially
privilege escalation.

CVE-2018-7542

Ian Jackson discovered that insufficient handling of x86 PVH guests
without local APICs may result in guest-to-host denial of service.

For the stable distribution (stretch), these problems have been fixed in
version 4.8.3+comet2+shim4.10.0+comet3-1+deb9u5.

We recommend that you upgrade your xen packages.

For the detailed security status of xen please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/xen

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce (at) lists.debian (dot) org [email concealed]
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlqbwwUACgkQEMKTtsN8
TjbKQhAAucrOjkc+fjAsBI3i8ereiItTX7C/dg0VATL4q62g6lAZPLVIDzu5cw5l
VkEK9hhyxg+yXStNUDeswIIoX7tdenMxmN6YK1rETsJrvOn8E+bny+6twX+j0zbb
T4uFXYQCinHnFbNxmWjWZi7NOOecCXpD7epG3D5KWYuTL1sYkTJ3yYADHpyUa1Zl
abAmuVFyjw9MZMYzmg7ZcJun4D9ydqLRkq6DwtXxwf8AGIWQ9zrebfSz+RyY9FsO
Onf/X1aoab8V48v22PrZBpLjPo+vJ07IfsIVRDm19ceBXKLWzwbjMYFisq7ypg8X
LnSQo5CCBAp+mKGySU71V8aqLC4H4KaD9vJQxtK1e1zxNXdU9N9qOVbn9Qit04xL
5QKvxO+cBh3qIZ4coVTgpQVuQe9oyskR/Dji0Au4SlZpV2weDj+KhNCfIWZKZhmW
TYJvKMmxRQWpbyKEhcGc9Glo2dlcXzZmfku4/9F/2OwRDQc6V5m6Vtfuk0U4goTO
UhoHZJJ/U2/BunMKMVPuEPq8w44QTxHVNVtZY3MtXeI4MFk1nlXqVlFcvxWFriD0
6JDha5EuyUPdE0mSLTbexntxY1Dt4QDUtPVJ+ypnxVruHL9HTnaVGC2PS3ocRnfc
tzQv/l9582ILDj25gp04hROTb+ExTXspnKhhD9zWjrCnWMJvWYw=
=pe4c
-----END PGP SIGNATURE-----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus