Debian Security Advisory

DSA-4274-1 xen -- security update

Date Reported:
16 Aug 2018
Affected Packages:
Security database references:
In Mitre's CVE dictionary: CVE-2018-3620, CVE-2018-3646.
More information:

This update provides mitigations for the L1 Terminal Fault vulnerability affecting a range of Intel CPUs.

For additional information please refer to The microcode updates mentioned there are not yet available in a form distributable by Debian.

In addition two denial of service vulnerabilities have been fixed (XSA-268 and XSA-269).

For the stable distribution (stretch), these problems have been fixed in version 4.8.4+xsa273+shim4.10.1+xsa273-1+deb9u10.

We recommend that you upgrade your xen packages.

For the detailed security status of xen please refer to its security tracker page at: