Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[ GLSA 201604-03 ] Xen
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index News & Announcements
View previous topic :: View next topic  
Author Message
GLSA
Advocate
Advocate


Joined: 12 May 2004
Posts: 2189

PostPosted: Tue Apr 05, 2016 7:26 am    Post subject: [ GLSA 201604-03 ] Xen Reply with quote

Gentoo Linux Security Advisory

Title: Xen: Multiple vulnerabilities (GLSA 201604-03)
Severity: normal
Exploitable: local
Date: April 05, 2016
Bug(s): #445254, #513832, #547202, #549200, #549950, #550658, #553664, #553718, #555532, #556304, #561110, #564472, #564932, #566798, #566838, #566842, #567962, #571552, #571556, #574012
ID: 201604-03

Synopsis

Multiple vulnerabilities have been found in Xen, the worst of which
cause a Denial of Service.


Background

Xen is a bare-metal hypervisor.

Affected Packages

Package: app-emulation/xen
Vulnerable: < 4.6.0-r9
Unaffected: >= 4.6.0-r9
Unaffected: >= 4.5.2-r5 < 4.5.3
Architectures: All supported architectures

Package: app-emulation/xen-pvgrub
Vulnerable: < 4.6.0
Architectures: All supported architectures

Package: app-emulation/xen-tools
Vulnerable: < 4.6.0-r9
Unaffected: >= 4.6.0-r9
Unaffected: >= 4.5.2-r5 < 4.5.3
Architectures: All supported architectures

Package: app-emulation/pvgrub
Unaffected: >= 4.6.0
Unaffected: >= 4.5.2 < 4.5.3
Architectures: All supported architectures


Description

Multiple vulnerabilities have been discovered in Xen. Please review the
CVE identifiers referenced below for details.


Impact

A local attacker could possibly cause a Denial of Service condition or
obtain sensitive information.


Workaround

There is no known workaround at this time.

Resolution

All Xen 4.5 users should upgrade to the latest version:
Code:
# emerge --sync
      # emerge --ask --oneshot --verbose ">=app-emulation/xen-4.5.2-r5"
   
All Xen 4.6 users should upgrade to the latest version:
Code:
# emerge --sync
      # emerge --ask --oneshot --verbose ">=app-emulation/xen-4.6.0-r9"
   
All Xen tools 4.5 users should upgrade to the latest version:
Code:
# emerge --sync
      # emerge --ask --oneshot --verbose ">=app-emulation/xen-tools-4.5.2-r5"
   
All Xen tools 4.6 users should upgrade to the latest version:
Code:
# emerge --sync
      # emerge --ask --oneshot --verbose ">=app-emulation/xen-tools-4.6.0-r9"
   
All Xen pvgrub users should upgrade to the latest version:
Code:
# emerge --sync
      # emerge --ask --oneshot --verbose ">=app-emulation/xen-pvgrub-4.6.0"
   


References

CVE-2012-3494
CVE-2012-3495
CVE-2012-3496
CVE-2012-3497
CVE-2012-3498
CVE-2012-3515
CVE-2012-4411
CVE-2012-4535
CVE-2012-4536
CVE-2012-4537
CVE-2012-4538
CVE-2012-4539
CVE-2012-6030
CVE-2012-6031
CVE-2012-6032
CVE-2012-6033
CVE-2012-6034
CVE-2012-6035
CVE-2012-6036
CVE-2015-2151
CVE-2015-3209
CVE-2015-3259
CVE-2015-3340
CVE-2015-3456
CVE-2015-4103
CVE-2015-4104
CVE-2015-4105
CVE-2015-4106
CVE-2015-4163
CVE-2015-4164
CVE-2015-5154
CVE-2015-7311
CVE-2015-7504
CVE-2015-7812
CVE-2015-7813
CVE-2015-7814
CVE-2015-7835
CVE-2015-7871
CVE-2015-7969
CVE-2015-7970
CVE-2015-7971
CVE-2015-7972
CVE-2015-8339
CVE-2015-8340
CVE-2015-8341
CVE-2015-8550
CVE-2015-8551
CVE-2015-8552
CVE-2015-8554
CVE-2015-8555
CVE-2016-2270
CVE-2016-2271
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index News & Announcements All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum