Debian Security Advisory
DSA-4369-1 xen -- security update
- Date Reported:
- 14 Jan 2019
- Affected Packages:
- xen
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2018-19961, CVE-2018-19962, CVE-2018-19965, CVE-2018-19966, CVE-2018-19967.
- More information:
-
Multiple vulnerabilities have been discovered in the Xen hypervisor:
- CVE-2018-19961 /
CVE-2018-19962
Paul Durrant discovered that incorrect TLB handling could result in denial of service, privilege escalation or information leaks.
- CVE-2018-19965
Matthew Daley discovered that incorrect handling of the INVPCID instruction could result in denial of service by PV guests.
- CVE-2018-19966
It was discovered that a regression in the fix to address CVE-2017-15595 could result in denial of service, privilege escalation or information leaks by a PV guest.
- CVE-2018-19967
It was discovered that an error in some Intel CPUs could result in denial of service by a guest instance.
For the stable distribution (stretch), these problems have been fixed in version 4.8.5+shim4.10.2+xsa282-1+deb9u11.
We recommend that you upgrade your xen packages.
For the detailed security status of xen please refer to its security tracker page at: https://security-tracker.debian.org/tracker/xen
- CVE-2018-19961 /
CVE-2018-19962