From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id C2B5C13933E for ; Mon, 12 Jul 2021 02:55:08 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id D293EE0E01; Mon, 12 Jul 2021 02:50:42 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id A761FE093D for ; Mon, 12 Jul 2021 02:49:21 +0000 (UTC) From: Sam James Content-Type: multipart/signed; boundary="Apple-Mail=_D3413D09-BC35-43D4-AF76-C450B9796336"; protocol="application/pgp-signature"; micalg=pgp-sha512 Reply-To: security@gentoo.org Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-announce@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.100.0.2.22\)) Subject: [gentoo-announce] [ GLSA 202107-30 ] Xen: Multiple vulnerabilities Message-Id: <63415772-9CEB-4535-A123-AC27A56D9FC1@gentoo.org> Date: Mon, 12 Jul 2021 03:49:18 +0100 To: gentoo-announce@lists.gentoo.org X-Mailer: Apple Mail (2.3654.100.0.2.22) X-Archives-Salt: 7ced9d68-e11e-48fd-b4eb-dfb99ce06640 X-Archives-Hash: b7c5407ea9c5d32b9d4f75451e20f52b --Apple-Mail=_D3413D09-BC35-43D4-AF76-C450B9796336 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202107-30 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Xen: Multiple vulnerabilities Date: July 12, 2021 Bugs: #760144, #766474, #783456, #795054 ID: 202107-30 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Xen, the worst of which could result in privilege escalation. Background ========== Xen is a bare-metal hypervisor. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-emulation/xen < 4.15.0-r1 >= 4.14.2-r1 >= 4.15.0-r1 Description =========== Multiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers referenced below for details. Impact ====== Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Xen 4.14.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-emulation/xen-4.14.2-r1" All Xen 4.15.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-emulation/xen-4.15.0-r1" References ========== [ 1 ] CVE-2020-29479 https://nvd.nist.gov/vuln/detail/CVE-2020-29479 [ 2 ] CVE-2020-29486 https://nvd.nist.gov/vuln/detail/CVE-2020-29486 [ 3 ] CVE-2020-29487 https://nvd.nist.gov/vuln/detail/CVE-2020-29487 [ 4 ] CVE-2020-29566 https://nvd.nist.gov/vuln/detail/CVE-2020-29566 [ 5 ] CVE-2020-29567 https://nvd.nist.gov/vuln/detail/CVE-2020-29567 [ 6 ] CVE-2020-29568 https://nvd.nist.gov/vuln/detail/CVE-2020-29568 [ 7 ] CVE-2020-29569 https://nvd.nist.gov/vuln/detail/CVE-2020-29569 [ 8 ] CVE-2020-29570 https://nvd.nist.gov/vuln/detail/CVE-2020-29570 [ 9 ] CVE-2020-29571 https://nvd.nist.gov/vuln/detail/CVE-2020-29571 [ 10 ] CVE-2021-0089 https://nvd.nist.gov/vuln/detail/CVE-2021-0089 [ 11 ] CVE-2021-26313 https://nvd.nist.gov/vuln/detail/CVE-2021-26313 [ 12 ] CVE-2021-28687 https://nvd.nist.gov/vuln/detail/CVE-2021-28687 [ 13 ] CVE-2021-28690 https://nvd.nist.gov/vuln/detail/CVE-2021-28690 [ 14 ] CVE-2021-28691 https://nvd.nist.gov/vuln/detail/CVE-2021-28691 [ 15 ] CVE-2021-28692 https://nvd.nist.gov/vuln/detail/CVE-2021-28692 [ 16 ] CVE-2021-28693 https://nvd.nist.gov/vuln/detail/CVE-2021-28693 [ 17 ] CVE-2021-3308 https://nvd.nist.gov/vuln/detail/CVE-2021-3308 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202107-30 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2021 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 --Apple-Mail=_D3413D09-BC35-43D4-AF76-C450B9796336 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP -----BEGIN PGP SIGNATURE----- iQGTBAEBCgB9FiEEYOpPv/uDUzOcqtTy9JIoEO6gSDsFAmDrra5fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYw RUE0RkJGRkI4MzUzMzM5Q0FBRDRGMkY0OTIyODEwRUVBMDQ4M0IACgkQ9JIoEO6g SDvgeggAsolhh+ws29OuA5tDUOVZapGLgGv7wBEwG+mH/bzXs6LYvYH5ZIt1puEo Vd2bYrE0/d3gnH9nwTamp0CymSV2iyFguD/7GHWrzyamShImtQMyYc4ZDZnPBO1E b4jctp9R0BK7fRO23Lb8r+PRV6X1YxUua1YyPXxgHzts9Y/CFFkXPk2jKBzUtgrt ngp53VgJe3Ws/4v9xOcTp2GWyyQ7MqbaUTGM5nOfrYvfP7l7l6+HFCkV8q7qxOK6 yhpyotDK/54zYmUHZwUcdKXW3hhA+UZTJtr3bz7LqgVUlQb5SiH7bEmaEJ33LXF4 LtjCrCBJW6qyZO2zIuhPGkdLKbhk3A== =/73r -----END PGP SIGNATURE----- --Apple-Mail=_D3413D09-BC35-43D4-AF76-C450B9796336--