Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [SECURITY] [DSA 4131-1] xen security update

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 4131-1] xen security update


Chronologisch Thread 
    < Chronologisch >      < Thread >
  • From: Moritz Muehlenhoff <jmm AT debian.org>
  • To: debian-security-announce AT lists.debian.org
  • Subject: [IT-SecNots] [SECURITY] [DSA 4131-1] xen security update
  • Date: Sun, 4 Mar 2018 10:59:29 +0100
  • List-archive: https://lists.debian.org/msgid-search/20180304095929.GA28185 AT pisco.westfalen.local
  • List-id: <debian-security-announce.lists.debian.org>
  • List-url: <http://lists.debian.org/debian-security-announce/>
  • Old-return-path: <jmm AT inutil.org>
  • Priority: urgent
  • Resent-date: Sun, 4 Mar 2018 10:00:04 +0000 (UTC)
  • Resent-from: debian-security-announce AT lists.debian.org
  • Resent-message-id: <wMpGxQAerdD.A.o8F.kO8maB@bendel>
  • Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4131-1 security AT debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
March 04, 2018 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : xen
CVE ID : CVE-2018-7540 CVE-2018-7541 CVE-2018-7542

Multiple vulnerabilities have been discovered in the Xen hypervisor:

CVE-2018-7540

Jann Horn discovered that missing checks in page table freeing may
result in denial of service.

CVE-2018-7541

Jan Beulich discovered that incorrect error handling in grant table
checks may result in guest-to-host denial of service and potentially
privilege escalation.

CVE-2018-7542

Ian Jackson discovered that insufficient handling of x86 PVH guests
without local APICs may result in guest-to-host denial of service.

For the stable distribution (stretch), these problems have been fixed in
version 4.8.3+comet2+shim4.10.0+comet3-1+deb9u5.

We recommend that you upgrade your xen packages.

For the detailed security status of xen please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/xen

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlqbwwUACgkQEMKTtsN8
TjbKQhAAucrOjkc+fjAsBI3i8ereiItTX7C/dg0VATL4q62g6lAZPLVIDzu5cw5l
VkEK9hhyxg+yXStNUDeswIIoX7tdenMxmN6YK1rETsJrvOn8E+bny+6twX+j0zbb
T4uFXYQCinHnFbNxmWjWZi7NOOecCXpD7epG3D5KWYuTL1sYkTJ3yYADHpyUa1Zl
abAmuVFyjw9MZMYzmg7ZcJun4D9ydqLRkq6DwtXxwf8AGIWQ9zrebfSz+RyY9FsO
Onf/X1aoab8V48v22PrZBpLjPo+vJ07IfsIVRDm19ceBXKLWzwbjMYFisq7ypg8X
LnSQo5CCBAp+mKGySU71V8aqLC4H4KaD9vJQxtK1e1zxNXdU9N9qOVbn9Qit04xL
5QKvxO+cBh3qIZ4coVTgpQVuQe9oyskR/Dji0Au4SlZpV2weDj+KhNCfIWZKZhmW
TYJvKMmxRQWpbyKEhcGc9Glo2dlcXzZmfku4/9F/2OwRDQc6V5m6Vtfuk0U4goTO
UhoHZJJ/U2/BunMKMVPuEPq8w44QTxHVNVtZY3MtXeI4MFk1nlXqVlFcvxWFriD0
6JDha5EuyUPdE0mSLTbexntxY1Dt4QDUtPVJ+ypnxVruHL9HTnaVGC2PS3ocRnfc
tzQv/l9582ILDj25gp04hROTb+ExTXspnKhhD9zWjrCnWMJvWYw=
=pe4c
-----END PGP SIGNATURE-----


  • [IT-SecNots] [SECURITY] [DSA 4131-1] xen security update, Moritz Muehlenhoff, 04.03.2018

Archiv bereitgestellt durch MHonArc 2.6.19.

Seitenanfang