Debian alert DSA-6068-1 (xen)
| From: | Moritz Muehlenhoff <jmm@debian.org> | |
| To: | debian-security-announce@lists.debian.org | |
| Subject: | [SECURITY] [DSA 6068-1] xen security update | |
| Date: | Tue, 02 Dec 2025 21:58:18 +0000 | |
| Message-ID: | <aS9g-lWN8MT6yE8f@seger.debian.org> |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-6068-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff December 02, 2025 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : xen CVE ID : CVE-2024-28956 CVE-2024-36350 CVE-2024-36357 CVE-2025-27465 CVE-2025-27466 CVE-2025-58142 CVE-2025-58143 CVE-2025-58144 CVE-2025-58145 CVE-2025-58147 CVE-2025-58148 CVE-2025-58149 CVE-2025-1713 Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in memory disclosure, denial of service or privilege escalation. For the oldstable distribution (bookworm), these problems have been fixed in version 4.17.5+72-g01140da4e8-1. For the stable distribution (trixie), these problems have been fixed in version 4.20.2+7-g1badcf5035-0+deb13u1. We recommend that you upgrade your xen packages. For the detailed security status of xen please refer to its security tracker page at: https://security-tracker.debian.org/tracker/xen Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmkvX3UACgkQEMKTtsN8 TjYheBAAh2reXA7VCnSZhr7vaQPJeiLz5vWMHrIsYFhDj/pObuCsHdpEzIiAQtkN 03M8X22TvwZ70C2vZvVOh0JVeMODUkVrQm1HAOWyvMdHYMUZBBUVk+AnRWiQt37c u6HkrxBFDVzCmC77L/O5v1ZxyDBl0qmJ4nE1YChN8xY4+Dune5YmVXiS5Lj15FYz wocKiuhoA4boxUwlUb6rfuVEiKL/aHDhQ4bFuaq9Hb5RYNMCQpAkaUGi3xNimcEA /1TXmNP2zeBqNZdHERYOyV0OZmo1MQBH/mdkTNGy2W4NiUTURCeNQZhLRXZNMBF2 2PjA7sq8Uf3jdDmA6dlbpHW9STLFqhd8pe+V2GtyCcoEKY/QGfuG5D9LqSKKYq05 WyU+exZLK9HvxSJqiHy362yTBGROOSHPb0D1LhSZadeNUAmIAtfbNgBsj4iQk3o9 LWp38C8/n3IX8lJ5IPcs3s+XT547aVexH/occrsaHVW1K2eEEr1Khc1G+aXQlAAz jQJy8VIjl7ISURrrH0p+wbxKoitqqEcWa/6BD2UtGU8Ar+pK1FRVOi4hNEStvOQW PCoG1igpa6ONSOqXJBEgYiNuk4/K3c51WImqzhfvc/kKXRE0H/IXT1jqO7tWDGmu klyICuRzhwKjFAiHq53VC7slbxugIPJFXnxKTAfpMTzpwxcpQ6Q= =j0Rz -----END PGP SIGNATURE-----