Debian DSA-4369-1 : xen - security update

High Nessus Plugin ID 121168

Synopsis

The remote Debian host is missing a security-related update.

Description

Multiple vulnerabilities have been discovered in the Xen hypervisor :

- CVE-2018-19961 / CVE-2018-19962 Paul Durrant discovered that incorrect TLB handling could result in denial of service, privilege escalation or information leaks.

- CVE-2018-19965 Matthew Daley discovered that incorrect handling of the INVPCID instruction could result in denial of service by PV guests.

- CVE-2018-19966 It was discovered that a regression in the fix to address CVE-2017-15595 could result in denial of service, privilege escalation or information leaks by a PV guest.

- CVE-2018-19967 It was discovered that an error in some Intel CPUs could result in denial of service by a guest instance.

Solution

Upgrade the xen packages.

For the stable distribution (stretch), these problems have been fixed in version 4.8.5+shim4.10.2+xsa282-1+deb9u11.

Debian DSA-4369-1 : xen - security update

Synopsis

Description

Solution

See Also

Plugin Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerability Information

Reference Information