Source: xen Version: 4.14.0+80-gd101b417b7-1 Severity: grave Tags: security upstream Justification: user security hole X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi, The following vulnerability was published for xen. CVE-2020-29040[0]: | An issue was discovered in Xen through 4.14.x allowing x86 HVM guest | OS users to cause a denial of service (stack corruption), cause a data | leak, or possibly gain privileges because of an off-by-one error. | NOTE: this issue is caused by an incorrect fix for CVE-2020-27671. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-29040 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29040 [1] https://xenbits.xen.org/xsa/advisory-355.html Regards, Salvatore