Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 521
Alerts This Week
Warning Icon 1 521

Debian: DSA-4201-1 Critical: Xen Privilege Escalation & DoS Issues

debian
Calendar Grey May 15, 2018
Debian Logo
Numerous security flaws in the Xen hypervisor resolved in Debian Security Advisory DSA-4201-1. Upgrade is advised.
Multiple vulnerabilities have been discovered in the Xen hypervisor: CVE-2018-8897

Summary

Multiple vulnerabilities have been discovered in the Xen hypervisor:

CVE-2018-8897

Andy Lutomirski and Nick Peterson discovered that incorrect handling
of debug exceptions could result in privilege escalation.

CVE-2018-10471

An error was discovered in the mitigations against Meltdown which
could result in denial of service.

CVE-2018-10472

Anthony Perard discovered that incorrect parsing of CDROM images
can result in information disclosure.

CVE-2018-10981

Jan Beulich discovered that malformed device models could result
in denial of service.

CVE-2018-10982

Roger Pau Monne discovered that incorrect handling of high precision
event timers could result in denial of service and potentially
privilege escalation.

For the stable distribution (stretch), these problems have been fixed in
version 4.8.3+comet2+shim4.10.0+comet3-1+deb9u6.

We recommend that you upgrade your xen packages.

For the detailed security status of xen please refer to
its security tracker page at:
htt...

Read the Full Advisory

Severity
critical
Lowest
Low
Medium
High
Critical

Package: xen
CVE ID: CVE-2018-8897 CVE-2018-10471 CVE-2018-10472 CVE-2018-10981

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.