VMware ESXi updates address critical and moderate security issues (VMSA-2017-0006)

VMware ESXi updates address critical and moderate security issues. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

ESXi 6.0 U1 < Build 5251621 / 6.0 U2 < Build 5251623 / 6.0 U3 < Build 5224934 Multiple Vulnerabilities (VMSA-2017-0006) (remote check)

The version of the remote VMware ESXi 6.0 host is 6.0 U1 prior to build 5251621, 6.0 U2 prior to build 5251623, or 6.0 U3 prior to build 5224934. It is, therefore, affected by multiple vulnerabilities : - A stack memory initialization flaw exists that allows an attacker on the guest to execute...

VMware ESXi updates address critical and moderate security issues (VMSA-2017-0006) - Remote Version Check

VMware ESXi updates address critical and moderate security issues. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

VMSA-2017-0006 : VMware ESXi, Workstation and Fusion updates address critical and moderate security issues

a. ESXi, Workstation, Fusion SVGA memory corruption ESXi, Workstation, Fusion have a heap buffer overflow and uninitialized stack memory usage in SVGA. These issues may allow a guest to execute code on the host. VMware would like to thank ZDI and Team 360 Security from Qihoo for reporting these...

VMware Workstation 12.x < 12.5.5 Multiple Vulnerabilities (VMSA-2017-0006) (Linux)

The version of VMware Workstation installed on the remote Linux host is 12.x prior to 12.5.5. It is, therefore, affected by multiple vulnerabilities : - A heap buffer overflow condition exists due to improper validation of certain input. An attacker on the guest can exploit this to cause a denial...

VMSA-2017-0006:VMware ESXi, Workstation and Fusion updates address CRITICAL and MEDIUM security issues

VMSA-2017-0006 VMware ESXi, Workstation and Fusion updates address critical and moderate security issues VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2017-0006 VMware Security Advisory Severity: Critical VMware Security Advisory Synopsis: VMware ESXi, Workstation and Fusion...

Information Disclosure

OpenSSL is vulnerable to information disclosure. When pretty printing through the OBJobj2txt function in crypto/objects/objdat.c is it possible for attackers to read from the process stack memory. This is caused because OpenSSL does not ensure the presence of \0 characters...

CVE-2016-9932

CMPXCHG8B emulation in Xen 3.3.x through 4.7.x on x86 systems allows local HVM guest OS users to obtain sensitive information from host stack memory via a "supposedly-ignored" operand size prefix...

CVE-2016-9932

CMPXCHG8B emulation in Xen 3.3.x through 4.7.x on x86 systems allows local HVM guest OS users to obtain sensitive information from host stack memory via a "supposedly-ignored" operand size prefix...

CVE-2016-9932

CVE-2016-9932 affects the Xen hypervisor (CMPXCHG8B emulation) from Xen 3.3.x through 4.7.x on x86. It allows local HVM guest OS users to disclose sensitive host stack memory via a supposedly-ignored operand size prefix. Connected advisories note this as XSA-200 and document patched versions in X...

DEBIAN-CVE-2016-9756

arch/x86/kvm/emulate.c in the Linux kernel before 4.8.12 does not properly initialize Code Segment CS in certain error cases, which allows local users to obtain sensitive information from kernel stack memory via a crafted application...

Design/Logic Flaw

arch/x86/kvm/emulate.c in the Linux kernel before 4.8.12 does not properly initialize Code Segment CS in certain error cases, which allows local users to obtain sensitive information from kernel stack memory via a crafted application...

UBUNTU-CVE-2016-9756

arch/x86/kvm/emulate.c in the Linux kernel before 4.8.12 does not properly initialize Code Segment CS in certain error cases, which allows local users to obtain sensitive information from kernel stack memory via a crafted application...

openSUSE Security Update : the Linux Kernel (openSUSE-2016-1426)

The openSUSE Leap 42.2 kernel was updated to 4.4.36 to receive various security and bugfixes. The following security bugs were fixed : - CVE-2015-1350: The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended...

MGASA-2016-0411 Updated kernel-linus-4.4.32 packages fix security vulnerability

This update is based on upstream 4.4.32 and fixes alteast the following security issues: Vladimir Bene discovered an unbounded recursion in the VLAN and TEB Generic Receive Offload GRO processing implementations in the Linux kernel, A remote attacker could use this to cause a stack corruption,...

Updated kernel-tmb-4.4.32 packages fix security vulnerability

This update is based on upstream 4.4.32 and fixes alteast the following security issues: The prockeysshow function in security/keys/proc.c in the Linux kernel through 4.8.2, when the GNU Compiler Collection gcc stack protector is enabled, uses an incorrect buffer size for certain timeout data,...

Security update for the Linux Kernel (important)

The openSUSE 13.1 kernel was updated to 3.12.67 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2013-5634: arch/arm/kvm/arm.c in the Linux kernel on the ARM platform, when KVM is used, allowed host OS users to cause a denial of service NULL pointer...

SUSE SLES11 Security Update : kernel (SUSE-SU-2016:2976-1)

The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. For the PowerPC64 a new 'bigmem' flavor has been added to support big Power machines. FATE319026 The following security bugs were fixed : - CVE-2016-7042: The prockeysshow function in security/keys/proc....

CVE-2016-9178

The getuserasmex macro in arch/x86/include/asm/uaccess.h in the Linux kernel before 4.7.5 does not initialize a certain integer variable, which allows local users to obtain sensitive information from kernel stack memory by triggering failure of a getuserex call...

CVE-2016-8650

CVE-2016-8650 affects the Linux kernel: the mpi_powm function in lib/mpi/mpi-pow.c can fail to allocate memory for limb data, permitting a local attacker to trigger a denial of service (stack memory corruption/panic) via an add_key RSA operation with a zero exponent. Public advisories (F5) confir...