lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Tue, 28 Nov 2017 20:47:47 +0100
From: Moritz Muehlenhoff <jmm@...ian.org>
To: bugtraq@...urityfocus.com
Subject: [SECURITY] [DSA 4050-1] xen security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4050-1                   security@...ian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
November 28, 2017                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : xen
CVE ID         : CVE-2017-14316 CVE-2017-14317 CVE-2017-14318 CVE-2017-14319 
                 CVE-2017-15588 CVE-2017-15589 CVE-2017-15590 CVE-2017-15592 
                 CVE-2017-15593 CVE-2017-15594 CVE-2017-15595 CVE-2017-15597

Multiple vulnerabilities have been discovered in the Xen hypervisor, which
could result in denial of service, information leaks, privilege escalation
or the execution of arbitrary code.

For the oldstable distribution (jessie) a separate update will be
released.

For the stable distribution (stretch), these problems have been fixed in
version 4.8.2+xsa245-0+deb9u1.

We recommend that you upgrade your xen packages.

For the detailed security status of xen please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/xen

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@...ts.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlodvOQACgkQEMKTtsN8
TjYK5BAAuPtJpa3G/+6/wZARyJh3v5ljkm7kZpKK2WTEe4EOC5TgMdkfCDjLTbV9
yCV3gwI5n3ePlnjGDHN3X1KDRbLSaMjt0vbJcrMcIuRFcGixN7Fhj5r+e3M7hmDG
HUZ+a+ifj9jJ3cqXqYm07KfXH7qxyf/NgD4IfH2IEc3BT6qdJihw+fNTt/Q2z3a5
rgeDUIbLof1zVoA0qGUUg2kbmmCQxKyPtBMG7rRLakBidjl4xu/QCT7vKbl0hubp
3ectK5Zypq3kAAn3J/i7K6yclyXoP+nrQwM+euVV44aLcAx8c0ajfwKI5vXf10JG
Km5pL42ZV0RwL6A6FBDu2zN+ZpReWNgA6OBC6t0RNCtPiJAkt8Jd0F8/Leg1iXOq
LB/jqLF3X9qLmlI1VOOThQVsgN1oKzpiP/aELUw+l+iChH4WYuGjiyUVs4D+T9k0
Wlxdgbd3bpG4NYZ4+M6vAit55VRsML8vCM5mhiPaTTz/VwcdEBEMfuZ/Q9ct2EIu
dl04xkcqfN1BqtfB7weQqG9WssiJTO/fphVxbbDaCZWT4pXcmlpy1Ct9ALWXwjjC
PtmwOmR0O6OQs9IrypmztgC0qsM8K5/duZj21ocai4Lnk/HEwXmu4IH7DL85akkJ
3pMQSwVFO3rcJoZIkPreddbCY1Xn9KXWnCsQX9BNd9Mr5GBgASs=
=kwuz
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ