데비안 보안 권고
DSA-4602-1 xen -- 보안 업데이트
- 2020년 01월 13일
- 영향 받는 패키지:
- 보안 데이터베이스 참조:
- Mitre의 CVE 사전: CVE-2019-17349, CVE-2019-17350, CVE-2019-18420, CVE-2019-18421, CVE-2019-18422, CVE-2019-18423, CVE-2019-18424, CVE-2019-18425, CVE-2019-19577, CVE-2019-19578, CVE-2019-19579, CVE-2019-19580, CVE-2019-19581, CVE-2019-19582, CVE-2019-19583, CVE-2018-12207, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091, CVE-2019-11135, CVE-2019-17348, CVE-2019-17347, CVE-2019-17346, CVE-2019-17345, CVE-2019-17344, CVE-2019-17343, CVE-2019-17342, CVE-2019-17341, CVE-2019-17340.
- 추가 정보:
Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in denial of service, guest-to-host privilege escalation or information leaks.
In addition this update provides mitigations for the
TSX Asynchronous Abortspeculative side channel attack. For additional information please refer to https://xenbits.xen.org/xsa/advisory-305.html
For the oldstable distribution (stretch), these problems have been fixed in version 4.8.5.final+shim4.10.4-1+deb9u12. Note that this will be the last security update for Xen in the oldstable distribution; upstream support for the 4.8.x branch ended by the end of December 2019. If you rely on security support for your Xen installation an update to the stable distribution (buster) is recommended.
For the stable distribution (buster), these problems have been fixed in version 4.11.3+24-g14b62ab3e5-1~deb10u1.
xen 패키지를 업그레이드 하는 게 좋음.
xen의 자세한 보안 상태는 보안 추적 페이지 참조: https://security-tracker.debian.org/tracker/xen