1. Home
  2. Security Advisories
  3. Gentoo
  4. GLSA-202011-06

[GLSA-202011-06] Xen: Multiple vulnerabilities

Severity Normal
Affected Packages 2
Unaffected Packages 2
CVEs 16
Info Packages References Vulnerabilities

Multiple vulnerabilities have been found in Xen, the worst of which could result in privilege escalation.

Background
Xen is a bare-metal hypervisor.

Description
Multiple vulnerabilities have been discovered in Xen. Please review the
CVE identifiers referenced below for details.

Impact
Please review the referenced CVE identifiers for details.

Workaround
There is no known workaround at this time.

Resolution
All Xen users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=app-emulation/xen-4.13.1-r5"

All Xen Tools users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose
">=app-emulation/xen-tools-4.13.1-r5"

Package Affected Version
pkg:ebuild/app-emulation/xen?distro=gentoo < 4.13.2
pkg:ebuild/app-emulation/xen-tools?distro=gentoo < 4.13.2
Package Unaffected Version
pkg:ebuild/app-emulation/xen?distro=gentoo >= 4.13.2
pkg:ebuild/app-emulation/xen-tools?distro=gentoo >= 4.13.2
ID
GLSA-202011-06
Severity
normal
URL
https://security.gentoo.org/glsa/202011-06
Published
2020-11-11T00:00:00
(3 years ago)
Modified
2020-11-11T00:00:00
(3 years ago)
Rights
Gentoo Foundation, Inc.
Other Advisories
Source # ID Name URL
CVE CVE-2020-25595 CVE-2020-25595 https://nvd.nist.gov/vuln/detail/CVE-2020-25595
CVE CVE-2020-25596 CVE-2020-25596 https://nvd.nist.gov/vuln/detail/CVE-2020-25596
CVE CVE-2020-25597 CVE-2020-25597 https://nvd.nist.gov/vuln/detail/CVE-2020-25597
CVE CVE-2020-25598 CVE-2020-25598 https://nvd.nist.gov/vuln/detail/CVE-2020-25598
CVE CVE-2020-25599 CVE-2020-25599 https://nvd.nist.gov/vuln/detail/CVE-2020-25599
CVE CVE-2020-25600 CVE-2020-25600 https://nvd.nist.gov/vuln/detail/CVE-2020-25600
CVE CVE-2020-25601 CVE-2020-25601 https://nvd.nist.gov/vuln/detail/CVE-2020-25601
CVE CVE-2020-25602 CVE-2020-25602 https://nvd.nist.gov/vuln/detail/CVE-2020-25602
CVE CVE-2020-25603 CVE-2020-25603 https://nvd.nist.gov/vuln/detail/CVE-2020-25603
CVE CVE-2020-25604 CVE-2020-25604 https://nvd.nist.gov/vuln/detail/CVE-2020-25604
CVE CVE-2020-27670 CVE-2020-27670 https://nvd.nist.gov/vuln/detail/CVE-2020-27670
CVE CVE-2020-27671 CVE-2020-27671 https://nvd.nist.gov/vuln/detail/CVE-2020-27671
CVE CVE-2020-27672 CVE-2020-27672 https://nvd.nist.gov/vuln/detail/CVE-2020-27672
CVE CVE-2020-27673 CVE-2020-27673 https://nvd.nist.gov/vuln/detail/CVE-2020-27673
CVE CVE-2020-27674 CVE-2020-27674 https://nvd.nist.gov/vuln/detail/CVE-2020-27674
CVE CVE-2020-27675 CVE-2020-27675 https://nvd.nist.gov/vuln/detail/CVE-2020-27675
Vendor XSA-345 https://xenbits.xen.org/xsa/advisory-345.html
Vendor XSA-346 https://xenbits.xen.org/xsa/advisory-346.html
Vendor XSA-347 https://xenbits.xen.org/xsa/advisory-347.html
Bugzilla 744202 Bugzilla #744202 https://bugs.gentoo.org/show_bug.cgi?id=744202
Bugzilla 750779 Bugzilla #750779 https://bugs.gentoo.org/show_bug.cgi?id=750779
Bugzilla 753692 Bugzilla #753692 https://bugs.gentoo.org/show_bug.cgi?id=753692
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:ebuild/app-emulation/xen?distro=gentoo app-emulation xen < 4.13.2 gentoo
Unaffected pkg:ebuild/app-emulation/xen?distro=gentoo app-emulation xen >= 4.13.2 gentoo
Affected pkg:ebuild/app-emulation/xen-tools?distro=gentoo app-emulation xen-tools < 4.13.2 gentoo
Unaffected pkg:ebuild/app-emulation/xen-tools?distro=gentoo app-emulation xen-tools >= 4.13.2 gentoo
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date