1. Home
  2. Security Advisories
  3. Gentoo
  4. GLSA-201407-03

[GLSA-201407-03] Xen: Multiple Vunlerabilities

Severity High
Affected Packages 3
Unaffected Packages 6
CVEs 30
Info Packages References Vulnerabilities

Multiple vulnerabilities have been found in Xen, the worst of which could lead to arbitrary code execution.

Background
Xen is a bare-metal hypervisor.

Description
Multiple vulnerabilities have been discovered in Xen. Please review the
CVE identifiers referenced below for details.

Impact
A remote attacker can utilize multiple vectors to execute arbitrary
code, cause Denial of Service, or gain access to data on the host.

Workaround
There is no known workaround at this time.

Resolution
All Xen 4.3 users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=app-emulations/xen-4.3.2-r2"

All Xen 4.2 users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=app-emulations/xen-4.2.4-r2"

All xen-tools 4.3 users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose
">=app-emulations/xen-tools-4.3.2-r2"

All xen-tools 4.2 users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose
">=app-emulations/xen-tools-4.2.4-r2"

All Xen PVGRUB 4.3 users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=app-emulations/xen-pvgrub-4.3.2"

All Xen PVGRUB 4.2 users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=app-emulations/xen-pvgrub-4.2.4"

Package Affected Version
pkg:ebuild/app-emulations/xen?distro=gentoo < 4.3.2-r4
pkg:ebuild/app-emulations/xen-tools?distro=gentoo < 4.3.2-r5
pkg:ebuild/app-emulations/xen-pvgrub?distro=gentoo < 4.3.2
Package Unaffected Version
pkg:ebuild/app-emulations/xen?distro=gentoo >= 4.3.2-r4
pkg:ebuild/app-emulations/xen?distro=gentoo >= 4.2.4-r4
pkg:ebuild/app-emulations/xen-tools?distro=gentoo >= 4.3.2-r5
pkg:ebuild/app-emulations/xen-tools?distro=gentoo >= 4.2.4-r6
pkg:ebuild/app-emulations/xen-pvgrub?distro=gentoo >= 4.3.2
pkg:ebuild/app-emulations/xen-pvgrub?distro=gentoo >= 4.2.4
ID
GLSA-201407-03
Severity
high
URL
https://security.gentoo.org/glsa/201407-03
Published
2014-07-16T00:00:00
(10 years ago)
Modified
2014-07-16T00:00:00
(10 years ago)
Rights
Gentoo Foundation, Inc.
Other Advisories
Source # ID Name URL
CVE CVE-2013-1442 CVE-2013-1442 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1442
CVE CVE-2013-4329 CVE-2013-4329 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4329
CVE CVE-2013-4355 CVE-2013-4355 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4355
CVE CVE-2013-4356 CVE-2013-4356 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4356
CVE CVE-2013-4361 CVE-2013-4361 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4361
CVE CVE-2013-4368 CVE-2013-4368 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4368
CVE CVE-2013-4369 CVE-2013-4369 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4369
CVE CVE-2013-4370 CVE-2013-4370 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4370
CVE CVE-2013-4371 CVE-2013-4371 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4371
CVE CVE-2013-4375 CVE-2013-4375 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4375
CVE CVE-2013-4416 CVE-2013-4416 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4416
CVE CVE-2013-4494 CVE-2013-4494 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4494
CVE CVE-2013-4551 CVE-2013-4551 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4551
CVE CVE-2013-4553 CVE-2013-4553 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4553
CVE CVE-2013-4554 CVE-2013-4554 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4554
CVE CVE-2013-6375 CVE-2013-6375 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6375
CVE CVE-2013-6400 CVE-2013-6400 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6400
CVE CVE-2013-6885 CVE-2013-6885 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6885
CVE CVE-2013-6885 CVE-2013-6885 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6885
CVE CVE-2014-1642 CVE-2014-1642 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1642
CVE CVE-2014-1666 CVE-2014-1666 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1666
CVE CVE-2014-1891 CVE-2014-1891 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1891
CVE CVE-2014-1892 CVE-2014-1892 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1892
CVE CVE-2014-1893 CVE-2014-1893 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1893
CVE CVE-2014-1894 CVE-2014-1894 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1894
CVE CVE-2014-1895 CVE-2014-1895 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1895
CVE CVE-2014-1896 CVE-2014-1896 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1896
CVE CVE-2014-2599 CVE-2014-2599 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2599
CVE CVE-2014-3124 CVE-2014-3124 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3124
CVE CVE-2014-4021 CVE-2014-4021 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4021
Bugzilla 440768 Bugzilla #440768 https://bugs.gentoo.org/show_bug.cgi?id=440768
Bugzilla 484478 Bugzilla #484478 https://bugs.gentoo.org/show_bug.cgi?id=484478
Bugzilla 486354 Bugzilla #486354 https://bugs.gentoo.org/show_bug.cgi?id=486354
Bugzilla 497082 Bugzilla #497082 https://bugs.gentoo.org/show_bug.cgi?id=497082
Bugzilla 497084 Bugzilla #497084 https://bugs.gentoo.org/show_bug.cgi?id=497084
Bugzilla 497086 Bugzilla #497086 https://bugs.gentoo.org/show_bug.cgi?id=497086
Bugzilla 499054 Bugzilla #499054 https://bugs.gentoo.org/show_bug.cgi?id=499054
Bugzilla 499124 Bugzilla #499124 https://bugs.gentoo.org/show_bug.cgi?id=499124
Bugzilla 500528 Bugzilla #500528 https://bugs.gentoo.org/show_bug.cgi?id=500528
Bugzilla 500530 Bugzilla #500530 https://bugs.gentoo.org/show_bug.cgi?id=500530
Bugzilla 500536 Bugzilla #500536 https://bugs.gentoo.org/show_bug.cgi?id=500536
Bugzilla 501080 Bugzilla #501080 https://bugs.gentoo.org/show_bug.cgi?id=501080
Bugzilla 501906 Bugzilla #501906 https://bugs.gentoo.org/show_bug.cgi?id=501906
Bugzilla 505714 Bugzilla #505714 https://bugs.gentoo.org/show_bug.cgi?id=505714
Bugzilla 509054 Bugzilla #509054 https://bugs.gentoo.org/show_bug.cgi?id=509054
Bugzilla 513824 Bugzilla #513824 https://bugs.gentoo.org/show_bug.cgi?id=513824
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:ebuild/app-emulations/xen?distro=gentoo app-emulations xen < 4.3.2-r4 gentoo
Unaffected pkg:ebuild/app-emulations/xen?distro=gentoo app-emulations xen >= 4.3.2-r4 gentoo
Unaffected pkg:ebuild/app-emulations/xen?distro=gentoo app-emulations xen >= 4.2.4-r4 gentoo
Affected pkg:ebuild/app-emulations/xen-tools?distro=gentoo app-emulations xen-tools < 4.3.2-r5 gentoo
Unaffected pkg:ebuild/app-emulations/xen-tools?distro=gentoo app-emulations xen-tools >= 4.3.2-r5 gentoo
Unaffected pkg:ebuild/app-emulations/xen-tools?distro=gentoo app-emulations xen-tools >= 4.2.4-r6 gentoo
Affected pkg:ebuild/app-emulations/xen-pvgrub?distro=gentoo app-emulations xen-pvgrub < 4.3.2 gentoo
Unaffected pkg:ebuild/app-emulations/xen-pvgrub?distro=gentoo app-emulations xen-pvgrub >= 4.3.2 gentoo
Unaffected pkg:ebuild/app-emulations/xen-pvgrub?distro=gentoo app-emulations xen-pvgrub >= 4.2.4 gentoo
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date