Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:DLA-1132-1:FB7F1
HistoryOct 11, 2017 - 11:43 a.m.

[SECURITY] [DLA 1132-1] xen security update

2017-10-1111:43:46
lists.debian.org
16

9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

80.6%

JSON

Package : xen
Version : 4.1.6.lts1-9
CVE ID : CVE-2017-10912 CVE-2017-10913 CVE-2017-10914 CVE-2017-10915
CVE-2017-10918 CVE-2017-10920 CVE-2017-10921 CVE-2017-10922
CVE-2017-12135 CVE-2017-12137 CVE-2017-12855 CVE-2017-14316
CVE-2017-14317 CVE-2017-14318 CVE-2017-14319

Multiple vulnerabilities have been discovered in the Xen hypervisor:

CVE-2017-10912

Jann Horn discovered that incorrectly handling of page transfers might
result in privilege escalation.

CVE-2017-10913 / CVE-2017-10914

Jann Horn discovered that race conditions in grant handling might
result in information leaks or privilege escalation.

CVE-2017-10915

Andrew Cooper discovered that incorrect reference counting with
shadow paging might result in privilege escalation.

CVE-2017-10918

Julien Grall discovered that incorrect error handling in
physical-to-machine memory mappings may result in privilege
escalation, denial of service or an information leak.

CVE-2017-10920 / CVE-2017-10921 / CVE-2017-10922

Jan Beulich discovered multiple places where reference
counting on grant table operations was incorrect, resulting
in potential privilege escalation

CVE-2017-12135

Jan Beulich found multiple problems in the handling of
transitive grants which could result in denial of service
and potentially privilege escalation.

CVE-2017-12137

Andrew Cooper discovered that incorrect validation of
grants may result in privilege escalation.

CVE-2017-12855

Jan Beulich discovered that incorrect grant status handling, thus
incorrectly informing the guest that the grant is no longer in use.

CVE-2017-14316

Matthew Daley discovered that the NUMA node parameter wasn't
verified which which may result in privilege escalation.

CVE-2017-14317

Eric Chanudet discovered that a race conditions in cxenstored might
result in information leaks or privilege escalation.

CVE-2017-14318

Matthew Daley discovered that incorrect validation of
grants may result in a denial of service.

CVE-2017-14319

Andrew Cooper discovered that insufficient grant unmapping
checks may result in denial of service and privilege escalation.

For Debian 7 "Wheezy", these problems have been fixed in version
4.1.6.lts1-9.

We recommend that you upgrade your xen packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

OSVersionArchitecturePackageVersionFilename
Debian9arm64libxenstore3.0< 4.8.1-1+deb9u3libxenstore3.0_4.8.1-1+deb9u3_arm64.deb
Debian8arm64xenstore-utils< 4.4.1-9+deb8u10xenstore-utils_4.4.1-9+deb8u10_arm64.deb
Debian9armhfxenstore-utils-dbgsym< 4.8.1-1+deb9u3xenstore-utils-dbgsym_4.8.1-1+deb9u3_armhf.deb
Debian8amd64xen-hypervisor-4.4-amd64< 4.4.1-9+deb8u10xen-hypervisor-4.4-amd64_4.4.1-9+deb8u10_amd64.deb
Debian9i386libxenstore3.0-dbgsym< 4.8.1-1+deb9u3libxenstore3.0-dbgsym_4.8.1-1+deb9u3_i386.deb
Debian9amd64xen-system-amd64< 4.8.1-1+deb9u3xen-system-amd64_4.8.1-1+deb9u3_amd64.deb
Debian7i386xen-utils-4.1< 4.1.6.lts1-9xen-utils-4.1_4.1.6.lts1-9_i386.deb
Debian8i386libxen-dev< 4.4.1-9+deb8u10libxen-dev_4.4.1-9+deb8u10_i386.deb
Debian9arm64libxenstore3.0-dbgsym< 4.8.1-1+deb9u3libxenstore3.0-dbgsym_4.8.1-1+deb9u3_arm64.deb
Debian9allxen< 4.8.1-1+deb9u3xen_4.8.1-1+deb9u3_all.deb
Rows per page:
1-10 of 991

Related

nessus 39
openvas 26
osv 17
gentoo 1
debian 2
citrix 3
suse 16
fedora 8
xen 12
redhatcve 15
debiancve 15
cve 15
prion 15
ubuntucve 15
nessus
nessus
Debian DLA-1132-1 : xen security update
2017-10-12 00:00:00
GLSA-201710-17 : Xen: Multiple vulnerabilities
2017-10-18 00:00:00
Citrix XenServer Multiple Vulnerabilities (CTX224740)
2017-07-03 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-1132-1)
2018-02-06 00:00:00
Citrix XenServer Multiple Security Updates (CTX224740)
2017-06-30 00:00:00
Debian: Security Advisory (DSA-3969-1)
2017-09-11 00:00:00
osv
osv
xen - security update
2017-10-11 00:00:00
xen - security update
2017-09-12 00:00:00
CVE-2017-10922
2017-07-05 01:29:00
gentoo
gentoo
Xen: Multiple vulnerabilities
2017-10-18 00:00:00
debian
debian
[SECURITY] [DSA 3969-1] xen security update
2017-09-12 21:05:56
[SECURITY] [DSA 4050-1] xen security update
2017-11-28 19:48:09
citrix
citrix
Citrix XenServer Multiple Security Updates
2017-06-27 04:00:00
Citrix XenServer Multiple Security Updates
2017-09-14 04:00:00
Citrix XenServer Multiple Security Updates
2017-08-15 04:00:00
suse
suse
Security update for xen (important)
2017-07-08 15:12:52
Security update for xen (important)
2017-09-12 21:08:00
Security update for xen (important)
2017-09-18 00:10:01
fedora
fedora
[SECURITY] Fedora 25 Update: xen-4.7.3-5.fc25
2017-10-01 23:21:08
[SECURITY] Fedora 26 Update: xen-4.8.2-2.fc26
2017-09-15 22:26:00
[SECURITY] Fedora 27 Update: xen-4.9.0-10.fc27
2017-09-30 07:32:56
xen
xen
grant table operations mishandle reference counts
2017-06-20 11:58:00
Races in the grant table unmap code
2017-06-20 12:00:00
cxenstored: Race in domain cleanup
2017-09-12 12:00:00
redhatcve
redhatcve
CVE-2017-10922
2017-07-07 14:52:33
CVE-2017-10921
2017-07-07 14:52:19
CVE-2017-10920
2017-07-07 14:52:08
debiancve
debiancve
CVE-2017-10922
2017-07-05 01:29:00
CVE-2017-10921
2017-07-05 01:29:00
CVE-2017-14317
2017-09-12 15:29:00
cve
cve
CVE-2017-10921
2017-07-05 01:29:00
CVE-2017-10920
2017-07-05 01:29:00
CVE-2017-10922
2017-07-05 01:29:00
prion
prion
Memory corruption
2017-07-05 01:29:00
Information disclosure
2017-07-05 01:29:00
Design/Logic Flaw
2017-07-05 01:29:00
ubuntucve
ubuntucve
CVE-2017-10921
2017-07-05 00:00:00
CVE-2017-10922
2017-07-05 00:00:00
CVE-2017-14319
2017-09-12 00:00:00

9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

80.6%

JSON
Related for DEBIAN:DLA-1132-1:FB7F1
nessus39openvas26osv17gentoo1debian2citrix3suse16fedora8xen12redhatcve15debiancve15cve15prion15ubuntucve15