-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3847-1 security@xxxxxxxxxx https://www.debian.org/security/ Moritz Muehlenhoff May 09, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : xen CVE ID : CVE-2016-9932 CVE-2016-10013 CVE-2016-10024 CVE-2017-7228 Jan Beulich and Jann Horn discovered multiple vulnerabilities in the Xen hypervisor, which may lead to privilege escalation, guest-to-host breakout, denial of service or information leaks. In additional to the CVE identifiers listed above, this update also addresses the vulnerabilities announced as XSA-213, XSA-214 and XSA-215. For the stable distribution (jessie), these problems have been fixed in version 4.4.1-9+deb8u9. For the upcoming stable distribution (stretch), these problems have been fixed in version 4.8.1-1+deb9u1. For the unstable distribution (sid), these problems have been fixed in version 4.8.1-1+deb9u1. We recommend that you upgrade your xen packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx -----BEGIN PGP SIGNATURE----- iQIyBAEBCAAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlkSK5gACgkQEMKTtsN8 TjZA3w/1Eyg3QujmonzCNvLY6wBnA8B7yHCy3XrN5ITga6b+saOlhJVE3mtFkdOR uHNSlOaoD+eemIKLnUYuBk3AmKL/dDDhirhIGHmbcv64rneEJXWBPYdP/R7RcKvE 5qJLT7v6JPuSVRp+2IzaRDTLZX3iacN+WJCmJhRtZijpgrB+5aYu9XoV/b7OGUcj GZlZDn9orau5/fFKSvfNTNSauPpPjNizWofPcjbWshLYiH9iNht+d4FdbaG4sN01 vyxMcueLOkQKG2EAhQk7dUyDo9OHm6qd851ryIEVuUkT0uT2bB0+TmofJ32ng60Q qd/g4UwDXQ2RKeaTih5c9ZDjLqiyPPw4Dj3JAi+hJPsZNivUxPM8B0VhpYmFZWKA jErwBQ1JEpo1/Q7MFxIrMeTu5hiLqlD9Yj1MU1L0u+q1FysVA+U/cTMsRpM9vUlF DXohvxr/Jsi/lJQNSdXTQTQL61GsPj/bMSDWNB+FcYvQFvLiVM/+fmoBGGfLWfOQ eylemhkven7sOPkHDdDs4qZ17BFuc1ZVtmJCsd1J9KOlzb8dlaPrjUlUD2OJ89Q3 JaU05Sw0qbcO9vNfMkAIanyE8o1JzuRLLwWD58ZRxJPmlv5SUoL4bnSy5dypgWBa hmr6ufXgmJv0IC8tw6vQ5Urh+MNBnSbnDLM6ld4j+cmk6DrDxA== =CI1R -----END PGP SIGNATURE-----