Xen: Multiple Vunlerabilities Multiple vulnerabilities have been found in Xen, the worst of which could lead to arbitrary code execution. xen 2014-07-16 2014-07-16 440768 484478 486354 497082 497084 497086 499054 499124 500528 500530 500536 501080 501906 505714 509054 513824 remote 4.3.2-r4 4.2.4-r4 4.3.2-r4 4.3.2-r5 4.2.4-r6 4.3.2-r5 4.3.2 4.2.4 4.3.2

Xen is a bare-metal hypervisor.

Multiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers referenced below for details.

A remote attacker can utilize multiple vectors to execute arbitrary code, cause Denial of Service, or gain access to data on the host.

There is no known workaround at this time.

All Xen 4.3 users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=app-emulations/xen-4.3.2-r2"

All Xen 4.2 users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=app-emulations/xen-4.2.4-r2"

All xen-tools 4.3 users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=app-emulations/xen-tools-4.3.2-r2"

All xen-tools 4.2 users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=app-emulations/xen-tools-4.2.4-r2"

All Xen PVGRUB 4.3 users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=app-emulations/xen-pvgrub-4.3.2"

All Xen PVGRUB 4.2 users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=app-emulations/xen-pvgrub-4.2.4" CVE-2013-1442 CVE-2013-4329 CVE-2013-4355 CVE-2013-4356 CVE-2013-4361 CVE-2013-4368 CVE-2013-4369 CVE-2013-4370 CVE-2013-4371 CVE-2013-4375 CVE-2013-4416 CVE-2013-4494 CVE-2013-4551 CVE-2013-4553 CVE-2013-4554 CVE-2013-6375 CVE-2013-6400 CVE-2013-6885 CVE-2013-6885 CVE-2014-1642 CVE-2014-1666 CVE-2014-1891 CVE-2014-1892 CVE-2014-1893 CVE-2014-1894 CVE-2014-1895 CVE-2014-1896 CVE-2014-2599 CVE-2014-3124 CVE-2014-4021 BlueKnight BlueKnight