[gentoo-announce] [ GLSA 201504-04 ] Xen: Multiple vulnerabilities - gentoo-announce

From:	Yury German <blueknight@g.o>
To:	gentoo-announce@l.g.o
Subject:	[gentoo-announce] [ GLSA 201504-04 ] Xen: Multiple vulnerabilities
Date:	Sat, 11 Apr 2015 20:17:35
Message-Id:	`552980D8.7070505@gentoo.org`

1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

2

Gentoo Linux Security Advisory                           GLSA 201504-04

3

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

4

                                           https://security.gentoo.org/

5

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

6

7

 Severity: High

8

    Title: Xen: Multiple vulnerabilities

9

     Date: April 11, 2015

10

     Bugs: #478280, #482138, #512294, #519800, #530182, #530980,

11

           #532030, #536220, #542266, #543304, #545144

12

       ID: 201504-04

13

14

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

15

16

Synopsis

17

========

18

19

Multiple vulnerabilities have been found in Xen, the worst of which can

20

allow remote attackers to cause a Denial of Service condition.

21

22

Background

23

==========

24

25

Xen is a bare-metal hypervisor.

26

27

Affected packages

28

=================

29

30

    -------------------------------------------------------------------

31

     Package              /     Vulnerable     /            Unaffected

32

    -------------------------------------------------------------------

33

  1  app-emulation/xen           < 4.4.2-r1               >= 4.4.2-r1

34

                                                         *>= 4.2.5-r8

35

36

Description

37

===========

38

39

Multiple vulnerabilities have been discovered in Xen.  Please review

40

the CVE identifiers referenced below for details.

41

42

Impact

43

======

44

45

A local attacker could possibly cause a Denial of Service condition or

46

obtain sensitive information.

47

48

Workaround

49

==========

50

51

There is no known workaround at this time.

52

53

Resolution

54

==========

55

56

All Xen 4.4 users should upgrade to the latest version:

57

58

  # emerge --sync

59

  # emerge --ask --oneshot --verbose ">=app-emulation/xen-4.4.2-r1"

60

61

All Xen 4.2 users should upgrade to the latest version:

62

63

  # emerge --sync

64

  # emerge --ask --oneshot --verbose ">=app-emulation/xen-4.2.5-r8"

65

66

References

67

==========

68

69

[  1 ] CVE-2013-2212

70

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2212

71

[  2 ] CVE-2013-3495

72

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3495

73

[  3 ] CVE-2014-3967

74

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3967

75

[  4 ] CVE-2014-3968

76

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3968

77

[  5 ] CVE-2014-5146

78

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5146

79

[  6 ] CVE-2014-5149

80

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5149

81

[  7 ] CVE-2014-8594

82

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8594

83

[  8 ] CVE-2014-8595

84

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8595

85

[  9 ] CVE-2014-8866

86

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8866

87

[ 10 ] CVE-2014-8867

88

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8867

89

[ 11 ] CVE-2014-9030

90

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9030

91

[ 12 ] CVE-2014-9065

92

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9065

93

[ 13 ] CVE-2014-9066

94

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9066

95

[ 14 ] CVE-2015-0361

96

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0361

97

[ 15 ] CVE-2015-2044

98

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2044

99

[ 16 ] CVE-2015-2045

100

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2045

101

[ 17 ] CVE-2015-2152

102

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2152

103

[ 18 ] CVE-2015-2751

104

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2751

105

[ 19 ] CVE-2015-2752

106

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2752

107

[ 20 ] CVE-2015-2756

108

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2756

109

110

Availability

111

============

112

113

This GLSA and any updates to it are available for viewing at

114

the Gentoo Security Website:

115

116

 https://security.gentoo.org/glsa/201504-04

117

118

Concerns?

119

=========

120

121

Security is a primary focus of Gentoo Linux and ensuring the

122

confidentiality and security of our users' machines is of utmost

123

importance to us. Any security concerns should be addressed to

124

security@g.o or alternatively, you may file a bug at

125

https://bugs.gentoo.org.

126

127

License

128

=======

129

130

Copyright 2015 Gentoo Foundation, Inc; referenced text

131

belongs to its owner(s).

132

133

The contents of this document are licensed under the

134

Creative Commons - Attribution / Share Alike license.

135

136

http://creativecommons.org/licenses/by-sa/2.5

Gentoo Archives: gentoo-announce

Attachments

1	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2	Gentoo Linux Security Advisory GLSA 201504-04
3	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4	https://security.gentoo.org/
5	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7	Severity: High
8	Title: Xen: Multiple vulnerabilities
9	Date: April 11, 2015
10	Bugs: #478280, #482138, #512294, #519800, #530182, #530980,
11	#532030, #536220, #542266, #543304, #545144
12	ID: 201504-04
13
14	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
15
16	Synopsis
17	========
18
19	Multiple vulnerabilities have been found in Xen, the worst of which can
20	allow remote attackers to cause a Denial of Service condition.
21
22	Background
23	==========
24
25	Xen is a bare-metal hypervisor.
26
27	Affected packages
28	=================
29
30	-------------------------------------------------------------------
31	Package / Vulnerable / Unaffected
32	-------------------------------------------------------------------
33	1 app-emulation/xen < 4.4.2-r1 >= 4.4.2-r1
34	*>= 4.2.5-r8
35
36	Description
37	===========
38
39	Multiple vulnerabilities have been discovered in Xen. Please review
40	the CVE identifiers referenced below for details.
41
42	Impact
43	======
44
45	A local attacker could possibly cause a Denial of Service condition or
46	obtain sensitive information.
47
48	Workaround
49	==========
50
51	There is no known workaround at this time.
52
53	Resolution
54	==========
55
56	All Xen 4.4 users should upgrade to the latest version:
57
58	# emerge --sync
59	# emerge --ask --oneshot --verbose ">=app-emulation/xen-4.4.2-r1"
60
61	All Xen 4.2 users should upgrade to the latest version:
62
63	# emerge --sync
64	# emerge --ask --oneshot --verbose ">=app-emulation/xen-4.2.5-r8"
65
66	References
67	==========
68
69	[ 1 ] CVE-2013-2212
70	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2212
71	[ 2 ] CVE-2013-3495
72	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3495
73	[ 3 ] CVE-2014-3967
74	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3967
75	[ 4 ] CVE-2014-3968
76	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3968
77	[ 5 ] CVE-2014-5146
78	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5146
79	[ 6 ] CVE-2014-5149
80	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5149
81	[ 7 ] CVE-2014-8594
82	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8594
83	[ 8 ] CVE-2014-8595
84	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8595
85	[ 9 ] CVE-2014-8866
86	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8866
87	[ 10 ] CVE-2014-8867
88	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8867
89	[ 11 ] CVE-2014-9030
90	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9030
91	[ 12 ] CVE-2014-9065
92	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9065
93	[ 13 ] CVE-2014-9066
94	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9066
95	[ 14 ] CVE-2015-0361
96	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0361
97	[ 15 ] CVE-2015-2044
98	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2044
99	[ 16 ] CVE-2015-2045
100	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2045
101	[ 17 ] CVE-2015-2152
102	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2152
103	[ 18 ] CVE-2015-2751
104	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2751
105	[ 19 ] CVE-2015-2752
106	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2752
107	[ 20 ] CVE-2015-2756
108	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2756
109
110	Availability
111	============
112
113	This GLSA and any updates to it are available for viewing at
114	the Gentoo Security Website:
115
116	https://security.gentoo.org/glsa/201504-04
117
118	Concerns?
119	=========
120
121	Security is a primary focus of Gentoo Linux and ensuring the
122	confidentiality and security of our users' machines is of utmost
123	importance to us. Any security concerns should be addressed to
124	security@g.o or alternatively, you may file a bug at
125	https://bugs.gentoo.org.
126
127	License
128	=======
129
130	Copyright 2015 Gentoo Foundation, Inc; referenced text
131	belongs to its owner(s).
132
133	The contents of this document are licensed under the
134	Creative Commons - Attribution / Share Alike license.
135
136	http://creativecommons.org/licenses/by-sa/2.5