Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2017.1163
xen security update
10 May 2017
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: xen
Publisher: Debian
Operating System: Debian GNU/Linux 8
Impact/Access: Increased Privileges -- Existing Account
Denial of Service -- Existing Account
Access Confidential Data -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2017-7228 CVE-2016-10024 CVE-2016-10013
CVE-2016-9932
Reference: ESB-2017.1017
ESB-2017.0997
ESB-2017.0942
ESB-2017.0726
ESB-2016.3073
Original Bulletin:
http://www.debian.org/security/2017/dsa-3847
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
- - -------------------------------------------------------------------------
Debian Security Advisory DSA-3847-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
May 09, 2017 https://www.debian.org/security/faq
- - -------------------------------------------------------------------------
Package : xen
CVE ID : CVE-2016-9932 CVE-2016-10013 CVE-2016-10024
CVE-2017-7228
Jan Beulich and Jann Horn discovered multiple vulnerabilities in the Xen
hypervisor, which may lead to privilege escalation, guest-to-host
breakout, denial of service or information leaks.
In additional to the CVE identifiers listed above, this update also
addresses the vulnerabilities announced as XSA-213, XSA-214 and XSA-215.
For the stable distribution (jessie), these problems have been fixed in
version 4.4.1-9+deb8u9.
For the upcoming stable distribution (stretch), these problems have been
fixed in version 4.8.1-1+deb9u1.
For the unstable distribution (sid), these problems have been fixed in
version 4.8.1-1+deb9u1.
We recommend that you upgrade your xen packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
iQIyBAEBCAAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlkSK5gACgkQEMKTtsN8
TjZA3w/1Eyg3QujmonzCNvLY6wBnA8B7yHCy3XrN5ITga6b+saOlhJVE3mtFkdOR
uHNSlOaoD+eemIKLnUYuBk3AmKL/dDDhirhIGHmbcv64rneEJXWBPYdP/R7RcKvE
5qJLT7v6JPuSVRp+2IzaRDTLZX3iacN+WJCmJhRtZijpgrB+5aYu9XoV/b7OGUcj
GZlZDn9orau5/fFKSvfNTNSauPpPjNizWofPcjbWshLYiH9iNht+d4FdbaG4sN01
vyxMcueLOkQKG2EAhQk7dUyDo9OHm6qd851ryIEVuUkT0uT2bB0+TmofJ32ng60Q
qd/g4UwDXQ2RKeaTih5c9ZDjLqiyPPw4Dj3JAi+hJPsZNivUxPM8B0VhpYmFZWKA
jErwBQ1JEpo1/Q7MFxIrMeTu5hiLqlD9Yj1MU1L0u+q1FysVA+U/cTMsRpM9vUlF
DXohvxr/Jsi/lJQNSdXTQTQL61GsPj/bMSDWNB+FcYvQFvLiVM/+fmoBGGfLWfOQ
eylemhkven7sOPkHDdDs4qZ17BFuc1ZVtmJCsd1J9KOlzb8dlaPrjUlUD2OJ89Q3
JaU05Sw0qbcO9vNfMkAIanyE8o1JzuRLLwWD58ZRxJPmlv5SUoL4bnSy5dypgWBa
hmr6ufXgmJv0IC8tw6vQ5Urh+MNBnSbnDLM6ld4j+cmk6DrDxA==
=CI1R
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBWRJ2pox+lLeg9Ub1AQi3cw/+LzDuOvTmn51okgVJop5BJIFsmMaeYcgZ
NTg4ljSmAcvcZQSpQjnh8CW1N3r7AQEleo4dC6gn/d9lVtodeVBnoBeqBHnbKghb
rPZruTLz5Mrm0FPe+UXeIuoes1nFpskWJT1wL1NVvRobTMhuKDuo1/KqpO01ndBN
BNA8QvFZphN0wcBimyF782oPhYCTidd1CsVIgykukHdq/JoIdPEvREptDX5xYzUG
tHEUtRiNVP2aP4P8w4qQEhWiuFopJ0xm3Jaa3XnwUen5TzLyx+05aVIxcGgZBPXW
d+qMo6PbvuqJtGdmBCYEy5xmT6duym55UKtaa57xvo9+4ehnZFVOl254u2q0AWV+
smpDvnI9Hl1u7L3lXJoEUjXl7R2eNJGQ2xLyttEvymN9swlXqrzxWcunL6rLEg4r
ixEZ/7uyEEgbS4DN/eYdL44hnCjkOpUt5NGwDbvtl/O1qyvtJ9CeqdEHY4HYlVZE
DfQMoaLdW2AQepj1nc5LHsm0OJPu+qq1WWhSY6Yd2aKL61PqmUNgEg2n4QiIxsrS
BLZanIW7O6lo379JYQYiPtJAhRfdMorzzzbBxDbZpsh6De09FLrpNdKn9uGmnXSd
1MzWiPH5+TIRiCaFGPl2KeVYl4P1Crr9k7jJrhxZV1x/I7B0x06ES8/NJ19z3uUJ
1niqFuaP8vs=
=Q2LN
-----END PGP SIGNATURE-----