Debian Security Advisory
DLA-783-1 xen -- LTS security update
- Date Reported:
- 13 Jan 2017
- Affected Packages:
- xen
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2016-10013, CVE-2016-10024.
- More information:
-
Multiple vulnerabilities have been discovered in the Xen hypervisor. The Common Vulnerabilities and Exposures project identifies the following problems:
- CVE-2016-10013 (xsa-204)
Xen mishandles SYSCALL singlestep during emulation which can lead to privilege escalation. The vulnerability is only exposed to 64-bit x86 HVM guests.
- CVE-2016-10024 (xsa-202)
PV guests may be able to mask interrupts causing a Denial of Service.
For Debian 7
Wheezy
, these problems have been fixed in version 4.1.6.lts1-5.We recommend that you upgrade your xen packages.
Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS
- CVE-2016-10013 (xsa-204)