Test ID:	1.3.6.1.4.1.25623.1.0.704201
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DSA-4201-1)
Summary:	The remote host is missing an update for the Debian 'xen' package(s) announced via the DSA-4201-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'xen' package(s) announced via the DSA-4201-1 advisory. Vulnerability Insight: Multiple vulnerabilities have been discovered in the Xen hypervisor: CVE-2018-8897 Andy Lutomirski and Nick Peterson discovered that incorrect handling of debug exceptions could result in privilege escalation. CVE-2018-10471 An error was discovered in the mitigations against Meltdown which could result in denial of service. CVE-2018-10472 Anthony Perard discovered that incorrect parsing of CDROM images can result in information disclosure. CVE-2018-10981 Jan Beulich discovered that malformed device models could result in denial of service. CVE-2018-10982 Roger Pau Monne discovered that incorrect handling of high precision event timers could result in denial of service and potentially privilege escalation. For the stable distribution (stretch), these problems have been fixed in version 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u6. We recommend that you upgrade your xen packages. For the detailed security status of xen please refer to its security tracker page at: [link moved to references] Affected Software/OS: 'xen' package(s) on Debian 9. Solution: Please install the updated package(s). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2017-5715 BugTraq ID: 102376 http://www.securityfocus.com/bid/102376 Bugtraq: 20190624 [SECURITY] [DSA 4469-1] libvirt security update (Google Search) https://seclists.org/bugtraq/2019/Jun/36 Bugtraq: 20191112 FreeBSD Security Advisory FreeBSD-SA-19:26.mcu (Google Search) https://seclists.org/bugtraq/2019/Nov/16 CERT/CC vulnerability note: VU#180049 https://www.kb.cert.org/vuls/id/180049 CERT/CC vulnerability note: VU#584653 http://www.kb.cert.org/vuls/id/584653 Cisco Security Advisory: 20180104 CPU Side-Channel Information Disclosure Vulnerabilities https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel Debian Security Information: DSA-4120 (Google Search) https://www.debian.org/security/2018/dsa-4120 Debian Security Information: DSA-4187 (Google Search) https://www.debian.org/security/2018/dsa-4187 Debian Security Information: DSA-4188 (Google Search) https://www.debian.org/security/2018/dsa-4188 Debian Security Information: DSA-4213 (Google Search) https://www.debian.org/security/2018/dsa-4213 https://www.exploit-db.com/exploits/43427/ FreeBSD Security Advisory: FreeBSD-SA-19:26 https://security.FreeBSD.org/advisories/FreeBSD-SA-18:03.speculative_execution.asc https://security.FreeBSD.org/advisories/FreeBSD-SA-19:26.mcu.asc https://security.gentoo.org/glsa/201810-06 http://packetstormsecurity.com/files/145645/Spectre-Information-Disclosure-Proof-Of-Concept.html http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html https://spectreattack.com/ https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html https://lists.debian.org/debian-lts-announce/2020/03/msg00025.html https://lists.debian.org/debian-lts-announce/2021/08/msg00019.html RedHat Security Advisories: RHSA-2018:0292 https://access.redhat.com/errata/RHSA-2018:0292 http://www.securitytracker.com/id/1040071 SuSE Security Announcement: SUSE-SU-2018:0006 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00002.html SuSE Security Announcement: SUSE-SU-2018:0007 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00003.html SuSE Security Announcement: SUSE-SU-2018:0008 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00004.html SuSE Security Announcement: SUSE-SU-2018:0009 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00005.html SuSE Security Announcement: SUSE-SU-2018:0010 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.html SuSE Security Announcement: SUSE-SU-2018:0011 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html SuSE Security Announcement: SUSE-SU-2018:0012 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.html SuSE Security Announcement: SUSE-SU-2018:0019 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00012.html SuSE Security Announcement: SUSE-SU-2018:0020 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00013.html SuSE Security Announcement: openSUSE-SU-2018:0013 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00009.html SuSE Security Announcement: openSUSE-SU-2018:0022 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.html SuSE Security Announcement: openSUSE-SU-2018:0023 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.html https://usn.ubuntu.com/usn/usn-3516-1/ https://usn.ubuntu.com/3531-1/ https://usn.ubuntu.com/3531-3/ https://usn.ubuntu.com/3540-2/ https://usn.ubuntu.com/3541-2/ https://usn.ubuntu.com/3542-2/ https://usn.ubuntu.com/3549-1/ https://usn.ubuntu.com/3560-1/ https://usn.ubuntu.com/3561-1/ https://usn.ubuntu.com/3580-1/ https://usn.ubuntu.com/3581-1/ https://usn.ubuntu.com/3581-2/ https://usn.ubuntu.com/3582-1/ https://usn.ubuntu.com/3582-2/ https://usn.ubuntu.com/3594-1/ https://usn.ubuntu.com/3597-1/ https://usn.ubuntu.com/3597-2/ https://usn.ubuntu.com/3620-2/ https://usn.ubuntu.com/3690-1/ https://usn.ubuntu.com/3777-3/ Common Vulnerability Exposure (CVE) ID: CVE-2018-10471 BugTraq ID: 104003 http://www.securityfocus.com/bid/104003 Debian Security Information: DSA-4201 (Google Search) https://www.debian.org/security/2018/dsa-4201 https://lists.debian.org/debian-lts-announce/2018/10/msg00009.html Common Vulnerability Exposure (CVE) ID: CVE-2018-10472 BugTraq ID: 104002 http://www.securityfocus.com/bid/104002 https://lists.debian.org/debian-lts-announce/2018/10/msg00021.html Common Vulnerability Exposure (CVE) ID: CVE-2018-10981 BugTraq ID: 104149 http://www.securityfocus.com/bid/104149 https://lists.debian.org/debian-lts-announce/2018/05/msg00015.html Common Vulnerability Exposure (CVE) ID: CVE-2018-10982 BugTraq ID: 104150 http://www.securityfocus.com/bid/104150 Common Vulnerability Exposure (CVE) ID: CVE-2018-8897 BugTraq ID: 104071 http://www.securityfocus.com/bid/104071 CERT/CC vulnerability note: VU#631579 https://www.kb.cert.org/vuls/id/631579 Debian Security Information: DSA-4196 (Google Search) https://www.debian.org/security/2018/dsa-4196 https://www.exploit-db.com/exploits/44697/ https://www.exploit-db.com/exploits/45024/ http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d8ba61ba58c88d5207c1ba2f7d9a2280e7d03be9 http://openwall.com/lists/oss-security/2018/05/08/1 http://openwall.com/lists/oss-security/2018/05/08/4 https://bugzilla.redhat.com/show_bug.cgi?id=1567074 https://github.com/can1357/CVE-2018-8897/ https://github.com/torvalds/linux/commit/d8ba61ba58c88d5207c1ba2f7d9a2280e7d03be9 https://patchwork.kernel.org/patch/10386677/ https://support.apple.com/HT208742 https://svnweb.freebsd.org/base?view=revision&revision=333368 https://www.freebsd.org/security/advisories/FreeBSD-SA-18:06.debugreg.asc https://www.triplefault.io/2018/05/spurious-db-exceptions-with-pop-ss.html https://xenbits.xen.org/xsa/advisory-260.html https://lists.debian.org/debian-lts-announce/2018/06/msg00000.html https://lists.debian.org/debian-lts-announce/2018/11/msg00013.html RedHat Security Advisories: RHSA-2018:1318 https://access.redhat.com/errata/RHSA-2018:1318 RedHat Security Advisories: RHSA-2018:1319 https://access.redhat.com/errata/RHSA-2018:1319 RedHat Security Advisories: RHSA-2018:1345 https://access.redhat.com/errata/RHSA-2018:1345 RedHat Security Advisories: RHSA-2018:1346 https://access.redhat.com/errata/RHSA-2018:1346 RedHat Security Advisories: RHSA-2018:1347 https://access.redhat.com/errata/RHSA-2018:1347 RedHat Security Advisories: RHSA-2018:1348 https://access.redhat.com/errata/RHSA-2018:1348 RedHat Security Advisories: RHSA-2018:1349 https://access.redhat.com/errata/RHSA-2018:1349 RedHat Security Advisories: RHSA-2018:1350 https://access.redhat.com/errata/RHSA-2018:1350 RedHat Security Advisories: RHSA-2018:1351 https://access.redhat.com/errata/RHSA-2018:1351 RedHat Security Advisories: RHSA-2018:1352 https://access.redhat.com/errata/RHSA-2018:1352 RedHat Security Advisories: RHSA-2018:1353 https://access.redhat.com/errata/RHSA-2018:1353 RedHat Security Advisories: RHSA-2018:1354 https://access.redhat.com/errata/RHSA-2018:1354 RedHat Security Advisories: RHSA-2018:1355 https://access.redhat.com/errata/RHSA-2018:1355 RedHat Security Advisories: RHSA-2018:1524 https://access.redhat.com/errata/RHSA-2018:1524 http://www.securitytracker.com/id/1040744 http://www.securitytracker.com/id/1040849 http://www.securitytracker.com/id/1040861 http://www.securitytracker.com/id/1040866 http://www.securitytracker.com/id/1040882 https://usn.ubuntu.com/3641-1/ https://usn.ubuntu.com/3641-2/
Copyright	Copyright (C) 2018 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.