ESB-2018.3539 - [Debian] xen: Multiple vulnerabilities 2018-11-13

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2018.3539
                     [DLA 1577-1] xen security update
                             13 November 2018

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           xen
Publisher:         Debian
Operating System:  Debian GNU/Linux 8
Impact/Access:     Root Compromise        -- Existing Account
                   Access Privileged Data -- Existing Account
                   Denial of Service      -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2018-15470 CVE-2018-15469 CVE-2018-12893
                   CVE-2018-12891 CVE-2018-8897 CVE-2018-7541
                   CVE-2018-7540  

Reference:         ESB-2018.1663
                   ESB-2018.1429
                   ESB-2018.1427
                   ESB-2018.0651
                   ESB-2018.0630

Original Bulletin: 
   https://lists.debian.org/debian-lts-announce/2018/11/msg00013.html

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : xen
Version        : 4.4.4lts4-0+deb8u1
CVE ID         : CVE-2018-7540 CVE-2018-7541 CVE-2018-8897 CVE-2018-12891 
                 CVE-2018-12893 CVE-2018-15469 CVE-2018-15470

Multiple vulnerabilities have been discovered in the Xen hypervisor, which
could result in denial of service, informations leaks or privilege
escalation.

For Debian 8 "Jessie", these problems have been fixed in version
4.4.4lts4-0+deb8u1.

We recommend that you upgrade your xen packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEFkxwUS95KUdnZKtW/iLG/YMTXUUFAlvpcD4ACgkQ/iLG/YMT
XUXrMg//R4SkbB/ZXrwW12ZgU/1xejiOqC3PPc7Q9IW+UM6e6Oi3o9Grylj04JIh
3aCMZuvpG/V9VKgvqqS5doJHKqC0NLkOc2HMXiLYf0FAQip8JxMEhqztNH1zLIDE
vRj3bjeG2NECY5a/FGV6qSPxrE3tfijuQIfHYGTMobJFOj67aAx+G8zXtf4R0IcU
Cm0NwUzicW4T3NW7KEvpo93zozp+ppZLzDfIHUoCK59hZnVyKfgetBQ9k3bMGfJ4
W1EbsyAMHAsQU2uaViOH9zFFEyBp1g7TbDHk6Y33iOLfl4yFIUXU0wHhWnL4FNyk
32VuaYFS1UwSQQ/cWYhYkiw69jBsYVGv0nmwruxiAEXndW6hlZ7r4sAfIh1Fsy6J
0TCllPD5F+mbJjvKw63vpUPHUDrDSoNV8oQc0+aly9CankVwgX49t51d8xVKtzLv
+uUc4qAkZv4011QoZYmaXhvsqijGYeadLCJ6qU0LFtQhNQ4hX6IPOlhoN70YSYfR
ZPEJpO5mu8Gi/yHpfmh+d61e0vQOcoF4tIbneN/ZkhlGErQTn+JByHxlAL3Qdwup
x5OsluzU8XMFxMUgGmnGZUniNEBEyMOUcZ108omhAi9u26TCdI8LunngCiG1zI9o
/sbjussJTqbi67zd6Bv89qfnKDV5L/2jI94kVr4GKHlIaQ9R878=
=xHoU
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBW+oTiWaOgq3Tt24GAQicSxAAn5dDFWztB37suy81jXMRl0PoF1O9f/EG
leZK2K2fA+O/NOgm7j0HctF0WvB5HKfTXYIeL42vKUGm24GiPvuTu2f0YQqrrrbu
5VRNvdJD87aOFdJA7ddz83a+kLJ1Lb438FrB2USNnBZ6+zYiOQhQDauhB+TJhXx8
C9eiyTSNFJapTyMaAKCyazc09Ng3U2hx0DP/xNz7pdjSKWA39PR1TwIi//xPUlSs
Z1VxInaif/w6bZJHglHDt7PKlVmkky9mUlTysvUIipBRsPyq4Q9yZdZckBktwff2
f0E9Enx9vICW52fRNXWIEyvVul4pfxPCZHIWU/M1IrCydrrkPSqH3AenR3/PNuaR
VNPQZnEqp2I5X7FBhPVC9lJUPgOs0h2XPTJPrUYrnBvfWlrlYhdfHf4UYj0pGpsc
/WuZiNbZ6G1IN68rvswmqbkgbqX98WGiZ3Lu/0D3luSDmW3PmR9J4tWsrHeSfMSM
5CqtOiZrTJS4pkNmScfglCc5bYqiYweqqJ/h4TgX1ElZjntROIQrOfXXUF6pjQ7k
pUdbeaa8VeGrFbtAooLtZ2c68+u1cBKWJvx+YHbluw71LDLVQIZ9a9CFX2wt8oIu
5PEw45CNNHTuxxNc17Z95z4Ls+4eXrenspjrOIXZ6erdntv6UdpzL07BZEJ3ByR4
DyB+nY83crM=
=jTRj
-----END PGP SIGNATURE-----

« Back to bulletins