GLSA 201604-03: Xen: Multiple vulnerabilities
Severity: | normal |
Title: | Xen: Multiple vulnerabilities |
Date: | 04/05/2016 |
Bugs: |
|
ID: | 201604-03 |
Synopsis
Multiple vulnerabilities have been found in Xen, the worst of which cause a Denial of Service.Background
Xen is a bare-metal hypervisor.
Affected packages
Package | Vulnerable | Unaffected | Architecture(s) |
---|---|---|---|
app-emulation/xen | < 4.6.0-r9 | >= 4.6.0-r9 | All supported architectures |
app-emulation/xen-pvgrub | < 4.6.0 | All supported architectures | |
app-emulation/xen-tools | < 4.6.0-r9 | >= 4.6.0-r9 | All supported architectures |
app-emulation/pvgrub | >= 4.6.0 | All supported architectures |
Description
Multiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers referenced below for details.
Impact
A local attacker could possibly cause a Denial of Service condition or obtain sensitive information.
Workaround
There is no known workaround at this time.
Resolution
All Xen 4.5 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-emulation/xen-4.5.2-r5"
All Xen 4.6 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-emulation/xen-4.6.0-r9"
All Xen tools 4.5 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-emulation/xen-tools-4.5.2-r5"
All Xen tools 4.6 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-emulation/xen-tools-4.6.0-r9"
All Xen pvgrub users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-emulation/xen-pvgrub-4.6.0"
References
CVE-2012-3494 CVE-2012-3495 CVE-2012-3496 CVE-2012-3497 CVE-2012-3498 CVE-2012-3515 CVE-2012-4411 CVE-2012-4535 CVE-2012-4536 CVE-2012-4537 CVE-2012-4538 CVE-2012-4539 CVE-2012-6030 CVE-2012-6031 CVE-2012-6032 CVE-2012-6033 CVE-2012-6034 CVE-2012-6035 CVE-2012-6036 CVE-2015-2151 CVE-2015-3209 CVE-2015-3259 CVE-2015-3340 CVE-2015-3456 CVE-2015-4103 CVE-2015-4104 CVE-2015-4105 CVE-2015-4106 CVE-2015-4163 CVE-2015-4164 CVE-2015-5154 CVE-2015-7311 CVE-2015-7504 CVE-2015-7812 CVE-2015-7813 CVE-2015-7814 CVE-2015-7835 CVE-2015-7871 CVE-2015-7969 CVE-2015-7970 CVE-2015-7971 CVE-2015-7972 CVE-2015-8339 CVE-2015-8340 CVE-2015-8341 CVE-2015-8550 CVE-2015-8551 CVE-2015-8552 CVE-2015-8554 CVE-2015-8555 CVE-2016-2270 CVE-2016-2271
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2010 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.