[GLSA-201810-06] Xen: Multiple vulnerabilities

Severity Normal

Affected Packages 2

Unaffected Packages 2

CVEs 19

Multiple vulnerabilities have been found in Xen, the worst of which could cause a Denial of Service condition.

Background
Xen is a bare-metal hypervisor.

Description
Multiple vulnerabilities have been discovered in Xen. Please review the
referenced CVE identifiers for details.

Impact
A local attacker could cause a Denial of Service condition or disclose
sensitive information.

Workaround
There is no known workaround at this time.

Resolution
All Xen users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=app-emulation/xen-4.10.1-r2"

All Xen tools users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose
">=app-emulation/xen-tools-4.10.1-r2"

Package	Affected Version
pkg:ebuild/app-emulation/xen?distro=gentoo	< 4.10.1-r2
pkg:ebuild/app-emulation/xen-tools?distro=gentoo	< 4.10.1-r2

Package	Unaffected Version
pkg:ebuild/app-emulation/xen?distro=gentoo	>= 4.10.1-r2
pkg:ebuild/app-emulation/xen-tools?distro=gentoo	>= 4.10.1-r2

ID

GLSA-201810-06

Severity

normal

URL

https://security.gentoo.org/glsa/201810-06

Published

2018-10-30T00:00:00
(5 years ago)

Modified

2018-10-30T00:00:00
(5 years ago)

Rights

Gentoo Foundation, Inc.

Other Advisories

Source	# ID	Name	URL
CVE	CVE-2017-5715	CVE-2017-5715	https://nvd.nist.gov/vuln/detail/CVE-2017-5715
CVE	CVE-2017-5753	CVE-2017-5753	https://nvd.nist.gov/vuln/detail/CVE-2017-5753
CVE	CVE-2017-5754	CVE-2017-5754	https://nvd.nist.gov/vuln/detail/CVE-2017-5754
CVE	CVE-2018-10471	CVE-2018-10471	https://nvd.nist.gov/vuln/detail/CVE-2018-10471
CVE	CVE-2018-10472	CVE-2018-10472	https://nvd.nist.gov/vuln/detail/CVE-2018-10472
CVE	CVE-2018-10981	CVE-2018-10981	https://nvd.nist.gov/vuln/detail/CVE-2018-10981
CVE	CVE-2018-10982	CVE-2018-10982	https://nvd.nist.gov/vuln/detail/CVE-2018-10982
CVE	CVE-2018-12891	CVE-2018-12891	https://nvd.nist.gov/vuln/detail/CVE-2018-12891
CVE	CVE-2018-12892	CVE-2018-12892	https://nvd.nist.gov/vuln/detail/CVE-2018-12892
CVE	CVE-2018-12893	CVE-2018-12893	https://nvd.nist.gov/vuln/detail/CVE-2018-12893
CVE	CVE-2018-15468	CVE-2018-15468	https://nvd.nist.gov/vuln/detail/CVE-2018-15468
CVE	CVE-2018-15469	CVE-2018-15469	https://nvd.nist.gov/vuln/detail/CVE-2018-15469
CVE	CVE-2018-15470	CVE-2018-15470	https://nvd.nist.gov/vuln/detail/CVE-2018-15470
CVE	CVE-2018-3620	CVE-2018-3620	https://nvd.nist.gov/vuln/detail/CVE-2018-3620
CVE	CVE-2018-3646	CVE-2018-3646	https://nvd.nist.gov/vuln/detail/CVE-2018-3646
CVE	CVE-2018-5244	CVE-2018-5244	https://nvd.nist.gov/vuln/detail/CVE-2018-5244
CVE	CVE-2018-7540	CVE-2018-7540	https://nvd.nist.gov/vuln/detail/CVE-2018-7540
CVE	CVE-2018-7541	CVE-2018-7541	https://nvd.nist.gov/vuln/detail/CVE-2018-7541
CVE	CVE-2018-7542	CVE-2018-7542	https://nvd.nist.gov/vuln/detail/CVE-2018-7542
Bugzilla	643350	Bugzilla #643350	https://bugs.gentoo.org/show_bug.cgi?id=643350
Bugzilla	655188	Bugzilla #655188	https://bugs.gentoo.org/show_bug.cgi?id=655188
Bugzilla	655544	Bugzilla #655544	https://bugs.gentoo.org/show_bug.cgi?id=655544
Bugzilla	659442	Bugzilla #659442	https://bugs.gentoo.org/show_bug.cgi?id=659442

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform
Affected	pkg:ebuild/app-emulation/xen?distro=gentoo	app-emulation	xen	< 4.10.1-r2	gentoo
Unaffected	pkg:ebuild/app-emulation/xen?distro=gentoo	app-emulation	xen	>= 4.10.1-r2	gentoo
Affected	pkg:ebuild/app-emulation/xen-tools?distro=gentoo	app-emulation	xen-tools	< 4.10.1-r2	gentoo
Unaffected	pkg:ebuild/app-emulation/xen-tools?distro=gentoo	app-emulation	xen-tools	>= 4.10.1-r2	gentoo

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date