Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-announce

From: Yury German <blueknight@g.o>
To: gentoo-announce@l.g.o
Subject: [gentoo-announce] [ GLSA 201604-03 ] Xen: Multiple vulnerabilities
Date: Tue, 05 Apr 2016 06:48:43
Message-Id: 57035F2D.8090108@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 201604-03
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 https://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: Xen: Multiple vulnerabilities
9 Date: April 05, 2016
10 Bugs: #445254, #513832, #547202, #549200, #549950, #550658,
11 #553664, #553718, #555532, #556304, #561110, #564472,
12 #564932, #566798, #566838, #566842, #567962, #571552,
13 #571556, #574012
14 ID: 201604-03
15
16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
17
18 Synopsis
19 ========
20
21 Multiple vulnerabilities have been found in Xen, the worst of which
22 cause a Denial of Service.
23
24 Background
25 ==========
26
27 Xen is a bare-metal hypervisor.
28
29 Affected packages
30 =================
31
32 -------------------------------------------------------------------
33 Package / Vulnerable / Unaffected
34 -------------------------------------------------------------------
35 1 app-emulation/xen < 4.6.0-r9 >= 4.6.0-r9
36 *>= 4.5.2-r5
37 2 app-emulation/xen-pvgrub
38 < 4.6.0 Vulnerable!
39 3 app-emulation/xen-tools < 4.6.0-r9 >= 4.6.0-r9
40 *>= 4.5.2-r5
41 4 app-emulation/pvgrub >= 4.6.0
42 *>= 4.5.2
43 -------------------------------------------------------------------
44 NOTE: Certain packages are still vulnerable. Users should migrate
45 to another package if one is available or wait for the
46 existing packages to be marked stable by their
47 architecture maintainers.
48 -------------------------------------------------------------------
49 4 affected packages
50
51 Description
52 ===========
53
54 Multiple vulnerabilities have been discovered in Xen. Please review the
55 CVE identifiers referenced below for details.
56
57 Impact
58 ======
59
60 A local attacker could possibly cause a Denial of Service condition or
61 obtain sensitive information.
62
63 Workaround
64 ==========
65
66 There is no known workaround at this time.
67
68 Resolution
69 ==========
70
71 All Xen 4.5 users should upgrade to the latest version:
72
73 # emerge --sync
74 # emerge --ask --oneshot --verbose ">=app-emulation/xen-4.5.2-r5"
75
76 All Xen 4.6 users should upgrade to the latest version:
77
78 # emerge --sync
79 # emerge --ask --oneshot --verbose ">=app-emulation/xen-4.6.0-r9"
80
81 All Xen tools 4.5 users should upgrade to the latest version:
82
83 # emerge --sync
84 # emerge --ask --oneshot -v ">=app-emulation/xen-tools-4.5.2-r5"
85
86 All Xen tools 4.6 users should upgrade to the latest version:
87
88 # emerge --sync
89 # emerge --ask --oneshot -v ">=app-emulation/xen-tools-4.6.0-r9"
90
91 All Xen pvgrub users should upgrade to the latest version:
92
93 # emerge --sync
94 # emerge --ask --oneshot --verbose ">=app-emulation/xen-pvgrub-4.6.0"
95
96 References
97 ==========
98
99 [ 1 ] CVE-2012-3494
100 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3494
101 [ 2 ] CVE-2012-3495
102 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3495
103 [ 3 ] CVE-2012-3496
104 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3496
105 [ 4 ] CVE-2012-3497
106 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3497
107 [ 5 ] CVE-2012-3498
108 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3498
109 [ 6 ] CVE-2012-3515
110 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3515
111 [ 7 ] CVE-2012-4411
112 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4411
113 [ 8 ] CVE-2012-4535
114 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4535
115 [ 9 ] CVE-2012-4536
116 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4536
117 [ 10 ] CVE-2012-4537
118 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4537
119 [ 11 ] CVE-2012-4538
120 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4538
121 [ 12 ] CVE-2012-4539
122 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4539
123 [ 13 ] CVE-2012-6030
124 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6030
125 [ 14 ] CVE-2012-6031
126 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6031
127 [ 15 ] CVE-2012-6032
128 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6032
129 [ 16 ] CVE-2012-6033
130 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6033
131 [ 17 ] CVE-2012-6034
132 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6034
133 [ 18 ] CVE-2012-6035
134 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6035
135 [ 19 ] CVE-2012-6036
136 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6036
137 [ 20 ] CVE-2015-2151
138 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2151
139 [ 21 ] CVE-2015-3209
140 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3209
141 [ 22 ] CVE-2015-3259
142 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3259
143 [ 23 ] CVE-2015-3340
144 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3340
145 [ 24 ] CVE-2015-3456
146 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3456
147 [ 25 ] CVE-2015-4103
148 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4103
149 [ 26 ] CVE-2015-4104
150 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4104
151 [ 27 ] CVE-2015-4105
152 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4105
153 [ 28 ] CVE-2015-4106
154 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4106
155 [ 29 ] CVE-2015-4163
156 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4163
157 [ 30 ] CVE-2015-4164
158 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4164
159 [ 31 ] CVE-2015-5154
160 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5154
161 [ 32 ] CVE-2015-7311
162 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7311
163 [ 33 ] CVE-2015-7504
164 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7504
165 [ 34 ] CVE-2015-7812
166 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7812
167 [ 35 ] CVE-2015-7813
168 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7813
169 [ 36 ] CVE-2015-7814
170 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7814
171 [ 37 ] CVE-2015-7835
172 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7835
173 [ 38 ] CVE-2015-7871
174 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7871
175 [ 39 ] CVE-2015-7969
176 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7969
177 [ 40 ] CVE-2015-7970
178 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7970
179 [ 41 ] CVE-2015-7971
180 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7971
181 [ 42 ] CVE-2015-7972
182 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7972
183 [ 43 ] CVE-2015-8339
184 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8339
185 [ 44 ] CVE-2015-8340
186 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8340
187 [ 45 ] CVE-2015-8341
188 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8341
189 [ 46 ] CVE-2015-8550
190 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8550
191 [ 47 ] CVE-2015-8551
192 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8551
193 [ 48 ] CVE-2015-8552
194 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8552
195 [ 49 ] CVE-2015-8554
196 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8554
197 [ 50 ] CVE-2015-8555
198 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8555
199 [ 51 ] CVE-2016-2270
200 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2270
201 [ 52 ] CVE-2016-2271
202 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2271
203
204 Availability
205 ============
206
207 This GLSA and any updates to it are available for viewing at
208 the Gentoo Security Website:
209
210 https://security.gentoo.org/glsa/201604-03
211
212 Concerns?
213 =========
214
215 Security is a primary focus of Gentoo Linux and ensuring the
216 confidentiality and security of our users' machines is of utmost
217 importance to us. Any security concerns should be addressed to
218 security@g.o or alternatively, you may file a bug at
219 https://bugs.gentoo.org.
220
221 License
222 =======
223
224 Copyright 2016 Gentoo Foundation, Inc; referenced text
225 belongs to its owner(s).
226
227 The contents of this document are licensed under the
228 Creative Commons - Attribution / Share Alike license.
229
230 http://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature
Report Message
Find on MARC Find on Google Groups