[SECURITY] [DLA 1300-1] xen security update

2018-03-0606:47:56

lists.debian.org

8.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

6.1 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:P/I:P/A:C

0.001 Low

EPSS

Percentile

25.6%

JSON

Package : xen
Version : 4.1.6.lts1-13
CVE ID : CVE-2018-7540 CVE-2018-7541

Multiple vulnerabilities have been discovered in the Xen hypervisor, which
could result in denial of service, informations leaks or privilege
escalation.

For Debian 7 "Wheezy", these problems have been fixed in version
4.1.6.lts1-13.

We recommend that you upgrade your xen packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

OSVersionArchitecturePackageVersionFilename
Debian9amd64libxen-4.8< 4.8.3+comet2+shim4.10.0+comet3-1+deb9u5libxen-4.8_4.8.3+comet2+shim4.10.0+comet3-1+deb9u5_amd64.deb
Debian7amd64xen-hypervisor-4.1-amd64< 4.1.6.lts1-13xen-hypervisor-4.1-amd64_4.1.6.lts1-13_amd64.deb
Debian9arm64xenstore-utils-dbgsym< 4.8.3+comet2+shim4.10.0+comet3-1+deb9u5xenstore-utils-dbgsym_4.8.3+comet2+shim4.10.0+comet3-1+deb9u5_arm64.deb
Debian8armhflibxen-4.4< 4.4.4lts4-0+deb8u1libxen-4.4_4.4.4lts4-0+deb8u1_armhf.deb
Debian8armhflibxen-dev< 4.4.4lts4-0+deb8u1libxen-dev_4.4.4lts4-0+deb8u1_armhf.deb
Debian8i386libxenstore3.0< 4.4.4lts4-0+deb8u1libxenstore3.0_4.4.4lts4-0+deb8u1_i386.deb
Debian7amd64libxen-ocaml-dev< 4.1.6.lts1-13libxen-ocaml-dev_4.1.6.lts1-13_amd64.deb
Debian7i386xenstore-utils< 4.1.6.lts1-13xenstore-utils_4.1.6.lts1-13_i386.deb
Debian9arm64xen-system-arm64< 4.8.3+comet2+shim4.10.0+comet3-1+deb9u5xen-system-arm64_4.8.3+comet2+shim4.10.0+comet3-1+deb9u5_arm64.deb
Debian8armhfxen-utils-4.4< 4.4.4lts4-0+deb8u1xen-utils-4.4_4.4.4lts4-0+deb8u1_armhf.deb

OS	Version	Architecture	Package	Version	Filename
Debian	9	amd64	libxen-4.8	< 4.8.3+comet2+shim4.10.0+comet3-1+deb9u5	libxen-4.8_4.8.3+comet2+shim4.10.0+comet3-1+deb9u5_amd64.deb
Debian	7	amd64	xen-hypervisor-4.1-amd64	< 4.1.6.lts1-13	xen-hypervisor-4.1-amd64_4.1.6.lts1-13_amd64.deb
Debian	9	arm64	xenstore-utils-dbgsym	< 4.8.3+comet2+shim4.10.0+comet3-1+deb9u5	xenstore-utils-dbgsym_4.8.3+comet2+shim4.10.0+comet3-1+deb9u5_arm64.deb
Debian	8	armhf	libxen-4.4	< 4.4.4lts4-0+deb8u1	libxen-4.4_4.4.4lts4-0+deb8u1_armhf.deb
Debian	8	armhf	libxen-dev	< 4.4.4lts4-0+deb8u1	libxen-dev_4.4.4lts4-0+deb8u1_armhf.deb
Debian	8	i386	libxenstore3.0	< 4.4.4lts4-0+deb8u1	libxenstore3.0_4.4.4lts4-0+deb8u1_i386.deb
Debian	7	amd64	libxen-ocaml-dev	< 4.1.6.lts1-13	libxen-ocaml-dev_4.1.6.lts1-13_amd64.deb
Debian	7	i386	xenstore-utils	< 4.1.6.lts1-13	xenstore-utils_4.1.6.lts1-13_i386.deb
Debian	9	arm64	xen-system-arm64	< 4.8.3+comet2+shim4.10.0+comet3-1+deb9u5	xen-system-arm64_4.8.3+comet2+shim4.10.0+comet3-1+deb9u5_arm64.deb
Debian	8	armhf	xen-utils-4.4	< 4.4.4lts4-0+deb8u1	xen-utils-4.4_4.4.4lts4-0+deb8u1_armhf.deb