The remote Debian host is missing a security-related update.
Multiple vulnerabilities have been discovered in the Xen hypervisor : - CVE-2018-7540 Jann Horn discovered that missing checks in page table freeing may result in denial of service. - CVE-2018-7541 Jan Beulich discovered that incorrect error handling in grant table checks may result in guest-to-host denial of service and potentially privilege escalation. - CVE-2018-7542 Ian Jackson discovered that insufficient handling of x86 PVH guests without local APICs may result in guest-to-host denial of service.
Upgrade the xen packages. For the stable distribution (stretch), these problems have been fixed in version 4.8.3+comet2+shim4.10.0+comet3-1+deb9u5.