Debian Security Advisory
DSA-4369-1 xen -- security update
- Date Reported:
- 14 Jan 2019
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2018-19961, CVE-2018-19962, CVE-2018-19965, CVE-2018-19966, CVE-2018-19967.
- More information:
Multiple vulnerabilities have been discovered in the Xen hypervisor:
- CVE-2018-19961 /
Paul Durrant discovered that incorrect TLB handling could result in denial of service, privilege escalation or information leaks.
Matthew Daley discovered that incorrect handling of the INVPCID instruction could result in denial of service by PV guests.
It was discovered that a regression in the fix to address CVE-2017-15595 could result in denial of service, privilege escalation or information leaks by a PV guest.
It was discovered that an error in some Intel CPUs could result in denial of service by a guest instance.
For the stable distribution (stretch), these problems have been fixed in version 4.8.5+shim4.10.2+xsa282-1+deb9u11.
We recommend that you upgrade your xen packages.
For the detailed security status of xen please refer to its security tracker page at: https://security-tracker.debian.org/tracker/xen
- CVE-2018-19961 / CVE-2018-19962