From 6b6f566821328534c52dea0b0a28c22977c701f1 Mon Sep 17 00:00:00 2001 From: Thomas Deutschmann Date: Fri, 26 May 2017 08:10:25 +0200 Subject: Add GLSA 201705-11 --- glsa-201705-11.xml | 75 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 75 insertions(+) create mode 100644 glsa-201705-11.xml (limited to 'glsa-201705-11.xml') diff --git a/glsa-201705-11.xml b/glsa-201705-11.xml new file mode 100644 index 00000000..1984fe58 --- /dev/null +++ b/glsa-201705-11.xml @@ -0,0 +1,75 @@ + + + + Xen: Multiple vulnerabilities + Multiple vulnerabilities have been found in Xen, the worst of which + could allow for privilege escalation. + + xen + 2017-05-26 + 2017-05-26: 1 + 615980 + local + + + 4.7.2-r1 + 4.7.2-r1 + + + 4.7.2 + 4.7.2 + + + 4.7.2 + 4.7.2 + + + +

Xen is a bare-metal hypervisor.

+ + +

Multiple vulnerabilities have been discovered in Xen. Please review the + CVE identifiers and Xen Security Advisory referenced below for details. +

+ + +

A local attacker could potentially execute arbitrary code with + privileges of Xen (QEMU) process on the host, gain privileges on the host + system, or cause a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All Xen users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-emulation/xen-4.7.2-r1:0" + + +

All Xen Tools users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-emulation/xen-tools-4.7.2:0" + + +

All Xen pvgrub users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=app-emulation/xen-pvgrub-4.7.2:0" + + + + + CVE-2017-8903 + CVE-2017-8904 + CVE-2017-8905 + + BlueKnight + BlueKnight + -- cgit v1.2.3-65-gdbad