CVE-2016-9380

CVE-2016-9380 affects the Xen pygrub boot loader emulator. When nul-delimited output is requested, a local pygrub-using guest OS administrator can read or delete arbitrary files on the host by manipulating the bootloader configuration with NUL bytes. The vulnerability arises from how pygrub outpu...

CVE-2016-9379

The pygrub boot loader emulator in Xen, when S-expression output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via string quotes and S-expressions in the bootloader configuration file...

CVE-2016-9379

The CVE-2016-9379 issue affects the Xen pygrub boot loader emulator: when S-expression output is requested, string quotes and S-expressions in the bootloader config can cause information disclosure (read/delete host files) and potential privilege escalation. The vulnerability is caused by delimit...

CVE-2016-9380

The pygrub boot loader emulator in Xen, when nul-delimited output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via NUL bytes in the bootloader configuration file...

CVE-2016-9379

The pygrub boot loader emulator in Xen, when S-expression output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via string quotes and S-expressions in the bootloader configuration file...

CVE-2016-9380

The pygrub boot loader emulator in Xen, when nul-delimited output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via NUL bytes in the bootloader configuration file...

Security update for xen (important)

This updates xen to version 4.4.406 to fix the following issues: - An unprivileged user in a guest could gain guest could escalate privilege to that of the guest kernel, if it had could invoke the instruction emulator. Only 64-bit x86 HVM guest were affected. Linux guest have not been vulnerable...

Security update for xen (important)

This updates xen to version 4.5.5 to fix the following issues: - An unprivileged user in a guest could gain guest could escalate privilege to that of the guest kernel, if it had could invoke the instruction emulator. Only 64-bit x86 HVM guest were affected. Linux guest have not been vulnerable...

SUSE SLES11 Security Update : xen (SUSE-SU-2016:3273-1)

This update for xen fixes several issues. These security issues were fixed : - CVE-2016-9637: ioport array overflow allowing a malicious guest administrator can escalate their privilege to that of the host bsc1011652 - CVE-2016-9386: x86 null segments were not always treated as unusable allowing ...

openSUSE Security Update : xen (openSUSE-2016-1477)

xen was updated to version 4.7.1 to fix 17 security issues. These security issues were fixed : - CVE-2016-9637: ioport array overflow allowing a malicious guest administrator can escalate their privilege to that of the host bsc1011652. - CVE-2016-9386: x86 null segments were not always treated as...

Security update for xen (important)

xen was updated to version 4.7.1 to fix 17 security issues. These security issues were fixed: - CVE-2016-9637: ioport array overflow allowing a malicious guest administrator can escalate their privilege to that of the host bsc1011652. - CVE-2016-9386: x86 null segments were not always treated as...

Debian DSA-3729-1 : xen - security update

Multiple vulnerabilities have been discovered in the Xen hypervisor. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2016-7777 XSA-190 Jan Beulich from SUSE discovered that Xen does not properly honor CR0.TS and CR0.EM for x86 HVM guests, potentially...

Fedora 24 : xen (2016-95c104a4c6)

xen : various security flaws 1397383 x86 null segments not always treated as unusable XSA-191, CVE-2016-9386 x86 task switch to VM86 mode mis-handled XSA-192, CVE-2016-9382 x86 segment base write emulation lacking canonical address checks XSA-193, CVE-2016-9385 x86 64-bit bit test instruction...

FreeBSD : xen-tools -- delimiter injection vulnerabilities in pygrub (59f79c99-ba4d-11e6-ae1b-002590263bf5)

The Xen Project reports : pygrub, the boot loader emulator, fails to quote or sanity check its results when reporting them to its caller. A malicious guest administrator can obtain the contents of sensitive host files an information leak. Additionally, a malicious guest administrator can cause...

Citrix XenServer Multiple Vulnerabilities (CTX218775)

The version of Citrix XenServer running on the remote host is missing a security hotfix. It is, therefore, affected by multiple vulnerabilities : - A flaw exists in the sniffnetware function within file tools/pygrub/src/pygrub when handling string quotes and S-expressions in the bootloader whenev...

Fedora 23 : xen (2016-68b71978a1)

xen : various security flaws 1397383 x86 null segments not always treated as unusable XSA-191, CVE-2016-9386 x86 task switch to VM86 mode mis-handled XSA-192, CVE-2016-9382 x86 segment base write emulation lacking canonical address checks XSA-193, CVE-2016-9385 x86 64-bit bit test instruction...

Debian DLA-720-1 : xen security update

Multiple vulnerabilities have been discovered in the Xen hypervisor. The Common Vulnerabilities and Exposures project identifies the following problems : CVE-2016-9379, CVE-2016-9380 XSA-198 pygrub, the boot loader emulator, fails to quote or sanity check its results when reporting them to its...

DLA-720-1 xen - security update

Bulletin has no description...

CVE-2016-9379

The pygrub boot loader emulator in Xen, when S-expression output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via string quotes and S-expressions in the bootloader configuration file...

CVE-2016-9380

The pygrub boot loader emulator in Xen, when nul-delimited output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via NUL bytes in the bootloader configuration file...