Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2020.3437
xen security update
5 October 2020
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: xen
Publisher: Debian
Operating System: Debian GNU/Linux 10
Impact/Access: Increased Privileges -- Existing Account
Denial of Service -- Existing Account
Access Confidential Data -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2020-25604 CVE-2020-25603 CVE-2020-25602
CVE-2020-25601 CVE-2020-25600 CVE-2020-25599
CVE-2020-25597 CVE-2020-25596 CVE-2020-25595
Reference: ESB-2020.3259
ESB-2020.3251
Original Bulletin:
https://www.debian.org/security/2020/dsa-4769
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- - -------------------------------------------------------------------------
Debian Security Advisory DSA-4769-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
October 02, 2020 https://www.debian.org/security/faq
- - -------------------------------------------------------------------------
Package : xen
CVE ID : CVE-2020-25595 CVE-2020-25596 CVE-2020-25597
CVE-2020-25599 CVE-2020-25600 CVE-2020-25601
CVE-2020-25602 CVE-2020-25603 CVE-2020-25604
Multiple vulnerabilities have been discovered in the Xen hypervisor,
which could result in denial of service, guest-to-host privilege
escalation or information leaks.
For the stable distribution (buster), these problems have been fixed in
version 4.11.4+37-g3263f257ca-1.
We recommend that you upgrade your xen packages.
For the detailed security status of xen please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/xen
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl93YAEACgkQEMKTtsN8
TjY0MBAAhNI5m2Xr0uDfEROtBWOy5om8CNYJRnOH4cm4f6Nx9uCvNUDU+AvhS3Bk
67nVTbpJe6IP7jtYHh2YuIuJIz0iCbSxPrW5wlytA/HKnrqfFITD2SgwvQx4ncZU
iiJOn/LWDwxfsAMjZk01TboPEoefzOa8PsxprTUmfpbdCfr9uctQ6VMqDJGbQuTb
YZoNBn9p38t37HgI3JN2r43LXXawR9HU30NwTnL9H2ffRu/Rqz7aA+7sCjjbgJ85
7gEHix+lBvQmEc8qd6f/JkhSu1TCxvslL6MdGcCj9kYecW7g0Rme7A+TtEfdrfnK
zpKcoSDsp3VZUGvP4pV8aQ+ByV8A4CgCKJ9wchkwWNRCgDZaB/hn1FLSIG47cvAL
qOL/2cO456ZGtCadjYeO3JIKUlQtjwZafc5NRtI52YB13ZVQBblu2u+msnKkg7VD
Ba9P7M9QwWM37DmFwjyhxvWj52I/VLHZ4jsx2giRY+QhZ/FilkO1G3esBPVVtcrk
jReijuSE4r/7q9iwPsdAj03UevSzah/3kY2ZlNolQkBQcVUgXQluWuImBO3Fvn50
grFSMJTnrxfjcj3pLFEgHw7p+CJEM2Tv1a3QnoO6iQS0EH1tAnFUk3bHIvYg1fNk
o2jnKeLe9sUhtr3GXEhu3wv3eOq7zyg0IoocCo/tAOkl9bgWyI4=
=po/H
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBX3pjY+NLKJtyKPYoAQjzAg//Y50luRqf+KBbw9Jzqktt/v0/CJ+cx+51
TixmEgr4VxFA9eil78oh5P8g/Af66Pq/dknU1fu5rkbKdSpA2ZOjPVOnod0i5dCm
vSYu9ApocJDQXb+AYoq2hbcuhjG2qJ4n76RZlBuJ4IGuX7zU50YrGlwTYrQkjxOo
whfm5bO4Buxzq7T7YLGUd0C9c9P5M0v9Lv08dx5PJh/p65XQ4cYjl99uyNuqb1wm
bza11oVgvKH+q5/i+6hbqnXwTaTaPVMRmFo1NIlCkQHhKTC3eTrRVwmLrbP4kUaJ
Yq4fhHh418iYdfshllJtj4UrocL3i8DnB5PTFjqRvO6wtYTDMLndCTvbpP7jwqCq
yKFT0bwOci3srOTNbjM+dfGTMcETAYC1ukg1DyFkaIk2ShGjmOFM3kagjmCDw3te
DOFaaMH2iYriVH6XFQgBbxs1hLxjWDCL2wWWMba2QQsLob4UxXZeZKCQBIQQBdac
DR/j+gBffTOTum+Hs6bWD4B45/esszBzAplJ+rYYfYbon2+8vddPuWaaU2XKsctq
0St97Aq06IqrlkJ84QXDmauBsn+q7QSS/RR912SDvL085r4iLWaeLW4/z4x4QnqK
AzXbKtuH1u38aRZAEhSrA04/C5DqKpwJ6YsovSUvsHof50JK4qWSF4KKUGlZlv4n
YO0uILG8GGE=
=El3C
-----END PGP SIGNATURE-----