Debian DLA-783-1 : xen security update
Medium Nessus Plugin ID 96491
SynopsisThe remote Debian host is missing a security update.
DescriptionMultiple vulnerabilities have been discovered in the Xen hypervisor.
The Common Vulnerabilities and Exposures project identifies the following problems :
Xen mishandles SYSCALL singlestep during emulation which can lead to privilege escalation. The vulnerability is only exposed to 64-bit x86 HVM guests.
PV guests may be able to mask interrupts causing a Denial of Service.
For Debian 7 'Wheezy', these problems have been fixed in version 4.1.6.lts1-5.
We recommend that you upgrade your xen packages.
NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
SolutionUpgrade the affected packages.