주의: 이 번역은 원문보다 오래되었습니다.

데비안 보안 권고

DSA-4602-1 xen -- 보안 업데이트

보고일:
2020년 01월 13일
영향 받는 패키지:
xen
위험성:
보안 데이터베이스 참조:
Mitre의 CVE 사전: CVE-2019-17349, CVE-2019-17350, CVE-2019-18420, CVE-2019-18421, CVE-2019-18422, CVE-2019-18423, CVE-2019-18424, CVE-2019-18425, CVE-2019-19577, CVE-2019-19578, CVE-2019-19579, CVE-2019-19580, CVE-2019-19581, CVE-2019-19582, CVE-2019-19583, CVE-2018-12207, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091, CVE-2019-11135, CVE-2019-17348, CVE-2019-17347, CVE-2019-17346, CVE-2019-17345, CVE-2019-17344, CVE-2019-17343, CVE-2019-17342, CVE-2019-17341, CVE-2019-17340.
추가 정보:

Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in denial of service, guest-to-host privilege escalation or information leaks.

In addition this update provides mitigations for the TSX Asynchronous Abort speculative side channel attack. For additional information please refer to https://xenbits.xen.org/xsa/advisory-305.html

For the oldstable distribution (stretch), these problems have been fixed in version 4.8.5.final+shim4.10.4-1+deb9u12. Note that this will be the last security update for Xen in the oldstable distribution; upstream support for the 4.8.x branch ended by the end of December 2019. If you rely on security support for your Xen installation an update to the stable distribution (buster) is recommended.

For the stable distribution (buster), these problems have been fixed in version 4.11.3+24-g14b62ab3e5-1~deb10u1.

xen 패키지를 업그레이드 하는 게 좋음.

xen의 자세한 보안 상태는 보안 추적 페이지 참조: https://security-tracker.debian.org/tracker/xen