Xen: Multiple vulnerabilities

Xen: Multiple vulnerabilities Multiple vulnerabilities have been found in Xen, the worst of which could lead to the execution of arbitrary code on the host system. xen December 31, 2016 January 03, 2017: 2 600382 600662 601248 601250 601986 603420 local 4.7.1-r4 4.7.1-r4 4.7.1-r4 4.7.1-r4 4.7.1-r1 4.7.1-r1

Xen is a bare-metal hypervisor.

Multiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers referenced below for details.

A local attacker could possibly execute arbitrary code with the privileges of the process, could gain privileges on the host system, cause a Denial of Service condition, or obtain sensitive information.

There is no known workaround at this time.

All Xen users should upgrade to the latest version:


      # emerge --sync
      # emerge --ask --oneshot --verbose ">=app-emulation/xen-4.7.1-r4"

All Xen Tools users should upgrade to the latest version:


      # emerge --sync
      # emerge --ask --oneshot --verbose
      ">=app-emulation/xen-tools-4.7.1-r4"

All Xen PvGrub users should upgrade to the latest version:


      # emerge --sync
      # emerge --ask --oneshot --verbose
      ">=app-emulation/xen-pvgrub-4.7.1-r1"

CVE-2016-10024 CVE-2016-9377 CVE-2016-9378 CVE-2016-9379 CVE-2016-9380 CVE-2016-9381 CVE-2016-9382 CVE-2016-9383 CVE-2016-9384 CVE-2016-9385 CVE-2016-9386 CVE-2016-9637 CVE-2016-9815 CVE-2016-9816 CVE-2016-9817 CVE-2016-9818 CVE-2016-9932 b-man b-man