The remote Debian host is missing a security-related update.
Multiple vulnerabilities have been discovered in the Xen hypervisor : - CVE-2018-19961 / CVE-2018-19962 Paul Durrant discovered that incorrect TLB handling could result in denial of service, privilege escalation or information leaks. - CVE-2018-19965 Matthew Daley discovered that incorrect handling of the INVPCID instruction could result in denial of service by PV guests. - CVE-2018-19966 It was discovered that a regression in the fix to address CVE-2017-15595 could result in denial of service, privilege escalation or information leaks by a PV guest. - CVE-2018-19967 It was discovered that an error in some Intel CPUs could result in denial of service by a guest instance.
Upgrade the xen packages. For the stable distribution (stretch), these problems have been fixed in version 4.8.5+shim4.10.2+xsa282-1+deb9u11.