[SECURITY] [DSA 4274-1] xen security update

From: Moritz Muehlenhoff <jmm@debian.org>
To: bugtraq@securityfocus.com
Cc:
Subject: [SECURITY] [DSA 4274-1] xen security update
Date:


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4274-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
August 16, 2018                       https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : xen
CVE ID         : CVE-2018-3620 CVE-2018-3646

This update provides mitigations for the "L1 Terminal Fault"
vulnerability affecting a range of Intel CPUs.

For additional information please refer to
https://xenbits.xen.org/xsa/advisory-273.html. The microcode updates
mentioned there are not yet available in a form distributable by Debian.

In addition two denial of service vulnerabilities have been fixed
(XSA-268 and XSA-269).

For the stable distribution (stretch), these problems have been fixed in
version 4.8.4+xsa273+shim4.10.1+xsa273-1+deb9u10.

We recommend that you upgrade your xen packages.

For the detailed security status of xen please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/xen

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlt14mwACgkQEMKTtsN8
Tjb2LhAAokwmlGxyJPC3EGG9aOLKNv23G9OzLLNRm+cy150WAMgBio+bR2CAgkfX
qu/ftFPLeKfIRbo9nLBFHQLMKlmDdFzLeicXe7GtnKcAMkt0Wp+rYIj66TMkjrMg
2kJI68ECc5Rqj3fMZ+dgkxSHzhylUGG70mEIBf2D22Y72kkIfc3EzBuu2wxaaOTP
t7Q7JkYDv9WV/6gw8Ok2vIrQcq95jtZgDSL1ZHHg6VTukHnXP2SU1rMfRCguTCtc
5JYAgWJ1GWFWt3d6FQnk7SWwJf3pHEVNg0lGpRJdu4qperQ3EhQNeJlGq8adm/Zf
QQUT9T6vsU5cefgelIRSLxFZ9bDobxXXNaox3FqB4tslkJLhTRluCvilJpWuNpH5
7S6xti5neGuHORfIkcS1PmOEx2gDkKWTgotiBx04yU3q+/zr0Ob+K2jxZXe4z2uU
sqEq8pdjCnkE03cljPbfPeutyucS3xDFpFVoXlRqgRNMdZ7jzVSP6qayt3iQIa/E
djVQ2ptHxux5Zapg5Ngr2ASBdyIw+2GLVUKQCeqM+EjMXjRBaJv8DPxWwO4nkC4d
eliy9RxErtQpgHIZKHVmTjoRlh/OH4KAdHZT2Y+Gfv1DVA6TL5cPiQ9e0ZunNNaK
vtXyOzjNPVPZa+2MEq9FTFIkDsR8Ncl/JCzp0bx5uVaV/ovX0A8=
=reP+
-----END PGP SIGNATURE-----





Copyright © 1995-2018 LinuxRocket.net. All rights reserved.