Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2018.3539 [DLA 1577-1] xen security update 13 November 2018 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: xen Publisher: Debian Operating System: Debian GNU/Linux 8 Impact/Access: Root Compromise -- Existing Account Access Privileged Data -- Existing Account Denial of Service -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2018-15470 CVE-2018-15469 CVE-2018-12893 CVE-2018-12891 CVE-2018-8897 CVE-2018-7541 CVE-2018-7540 Reference: ESB-2018.1663 ESB-2018.1429 ESB-2018.1427 ESB-2018.0651 ESB-2018.0630 Original Bulletin: https://lists.debian.org/debian-lts-announce/2018/11/msg00013.html - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : xen Version : 4.4.4lts4-0+deb8u1 CVE ID : CVE-2018-7540 CVE-2018-7541 CVE-2018-8897 CVE-2018-12891 CVE-2018-12893 CVE-2018-15469 CVE-2018-15470 Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in denial of service, informations leaks or privilege escalation. For Debian 8 "Jessie", these problems have been fixed in version 4.4.4lts4-0+deb8u1. We recommend that you upgrade your xen packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEFkxwUS95KUdnZKtW/iLG/YMTXUUFAlvpcD4ACgkQ/iLG/YMT XUXrMg//R4SkbB/ZXrwW12ZgU/1xejiOqC3PPc7Q9IW+UM6e6Oi3o9Grylj04JIh 3aCMZuvpG/V9VKgvqqS5doJHKqC0NLkOc2HMXiLYf0FAQip8JxMEhqztNH1zLIDE vRj3bjeG2NECY5a/FGV6qSPxrE3tfijuQIfHYGTMobJFOj67aAx+G8zXtf4R0IcU Cm0NwUzicW4T3NW7KEvpo93zozp+ppZLzDfIHUoCK59hZnVyKfgetBQ9k3bMGfJ4 W1EbsyAMHAsQU2uaViOH9zFFEyBp1g7TbDHk6Y33iOLfl4yFIUXU0wHhWnL4FNyk 32VuaYFS1UwSQQ/cWYhYkiw69jBsYVGv0nmwruxiAEXndW6hlZ7r4sAfIh1Fsy6J 0TCllPD5F+mbJjvKw63vpUPHUDrDSoNV8oQc0+aly9CankVwgX49t51d8xVKtzLv +uUc4qAkZv4011QoZYmaXhvsqijGYeadLCJ6qU0LFtQhNQ4hX6IPOlhoN70YSYfR ZPEJpO5mu8Gi/yHpfmh+d61e0vQOcoF4tIbneN/ZkhlGErQTn+JByHxlAL3Qdwup x5OsluzU8XMFxMUgGmnGZUniNEBEyMOUcZ108omhAi9u26TCdI8LunngCiG1zI9o /sbjussJTqbi67zd6Bv89qfnKDV5L/2jI94kVr4GKHlIaQ9R878= =xHoU - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBW+oTiWaOgq3Tt24GAQicSxAAn5dDFWztB37suy81jXMRl0PoF1O9f/EG leZK2K2fA+O/NOgm7j0HctF0WvB5HKfTXYIeL42vKUGm24GiPvuTu2f0YQqrrrbu 5VRNvdJD87aOFdJA7ddz83a+kLJ1Lb438FrB2USNnBZ6+zYiOQhQDauhB+TJhXx8 C9eiyTSNFJapTyMaAKCyazc09Ng3U2hx0DP/xNz7pdjSKWA39PR1TwIi//xPUlSs Z1VxInaif/w6bZJHglHDt7PKlVmkky9mUlTysvUIipBRsPyq4Q9yZdZckBktwff2 f0E9Enx9vICW52fRNXWIEyvVul4pfxPCZHIWU/M1IrCydrrkPSqH3AenR3/PNuaR VNPQZnEqp2I5X7FBhPVC9lJUPgOs0h2XPTJPrUYrnBvfWlrlYhdfHf4UYj0pGpsc /WuZiNbZ6G1IN68rvswmqbkgbqX98WGiZ3Lu/0D3luSDmW3PmR9J4tWsrHeSfMSM 5CqtOiZrTJS4pkNmScfglCc5bYqiYweqqJ/h4TgX1ElZjntROIQrOfXXUF6pjQ7k pUdbeaa8VeGrFbtAooLtZ2c68+u1cBKWJvx+YHbluw71LDLVQIZ9a9CFX2wt8oIu 5PEw45CNNHTuxxNc17Z95z4Ls+4eXrenspjrOIXZ6erdntv6UdpzL07BZEJ3ByR4 DyB+nY83crM= =jTRj -----END PGP SIGNATURE-----