User: Password:
|
|
Subscribe / Log in / New account

Gentoo alert 201407-03 (xen)

From:  Mikle Kolyada <zlogene@gentoo.org>
To:  gentoo-announce@gentoo.org
Subject:  [gentoo-announce] [ GLSA 201407-03 ] Xen: Multiple Vunlerabilities
Date:  Wed, 16 Jul 2014 20:48:47 +0400
Message-ID:  <53C6ACEF.3000003@gentoo.org>

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201407-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Xen: Multiple Vunlerabilities Date: July 16, 2014 Bugs: #440768, #484478, #486354, #497082, #497084, #497086, #499054, #499124, #500528, #500530, #500536, #501080, #501906, #505714, #509054, #513824 ID: 201407-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Xen, the worst of which could lead to arbitrary code execution. Background ========== Xen is a bare-metal hypervisor. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-emulations/xen < 4.3.2-r4 >= 4.3.2-r4 *>= 4.2.4-r4 2 app-emulations/xen-tools < 4.3.2-r5 >= 4.3.2-r5 *>= 4.2.4-r6 3 app-emulations/xen-pvgrub < 4.3.2 *>= 4.3.2 *>= 4.2.4 ------------------------------------------------------------------- 3 affected packages Description =========== Multiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker can utilize multiple vectors to execute arbitrary code, cause Denial of Service, or gain access to data on the host. Workaround ========== There is no known workaround at this time. Resolution ========== All Xen 4.3 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-emulations/xen-4.3.2-r2" All Xen 4.2 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-emulations/xen-4.2.4-r2" All xen-tools 4.3 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=app-emulations/xen-tools-4.3.2-r2" All xen-tools 4.2 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=app-emulations/xen-tools-4.2.4-r2" All Xen PVGRUB 4.3 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=app-emulations/xen-pvgrub-4.3.2" All Xen PVGRUB 4.2 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=app-emulations/xen-pvgrub-4.2.4" References ========== [ 1 ] CVE-2013-1442 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1442 [ 2 ] CVE-2013-4329 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4329 [ 3 ] CVE-2013-4355 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4355 [ 4 ] CVE-2013-4356 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4356 [ 5 ] CVE-2013-4361 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4361 [ 6 ] CVE-2013-4368 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4368 [ 7 ] CVE-2013-4369 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4369 [ 8 ] CVE-2013-4370 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4370 [ 9 ] CVE-2013-4371 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4371 [ 10 ] CVE-2013-4375 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4375 [ 11 ] CVE-2013-4416 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4416 [ 12 ] CVE-2013-4494 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4494 [ 13 ] CVE-2013-4551 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4551 [ 14 ] CVE-2013-4553 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4553 [ 15 ] CVE-2013-4554 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4554 [ 16 ] CVE-2013-6375 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6375 [ 17 ] CVE-2013-6400 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6400 [ 18 ] CVE-2013-6885 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6885 [ 19 ] CVE-2013-6885 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6885 [ 20 ] CVE-2014-1642 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1642 [ 21 ] CVE-2014-1666 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1666 [ 22 ] CVE-2014-1891 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1891 [ 23 ] CVE-2014-1892 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1892 [ 24 ] CVE-2014-1893 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1893 [ 25 ] CVE-2014-1894 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1894 [ 26 ] CVE-2014-1895 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1895 [ 27 ] CVE-2014-1896 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1896 [ 28 ] CVE-2014-2599 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2599 [ 29 ] CVE-2014-3124 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3124 [ 30 ] CVE-2014-4021 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4021 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201407-03.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds