Important: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 7.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

RedHat Update for xen RHSA-2016:2963-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Scientific Linux Security Update : kernel on SL5.x i386/x86_64 (20161220)

Security Fixes : - A use-after-free vulnerability was found in the kernels socket recvmmsg subsystem. This may allows remote attackers to corrupt memory and may allow execution of arbitrary code. This corruption takes place during the error handling routines within sysrecvmmsg function...

CentOS 5 : xen (CESA-2016:2963)

An update for xen is now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

RHEL 5 : xen (RHSA-2016:2963)

An update for xen is now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

xen security update

CentOS Errata and Security Advisory CESA-2016:2963 An update for xen is now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

Important: Red Hat Security Advisory: xen security update

An update for xen is now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

Once due to bug fixes to trigger the vulnerability—CVE-2016-6309 vulnerability detailed analysis-vulnerability warning-the black bar safety net

openssl released a security level for”serious”UAF vulnerability, the exploit is simple, only need to send a tcp packet will trigger the vulnerability, but the consequences are serious, may result in TLS-related applications denial of service or even arbitrary code execution and other consequences...

Scientific Linux Security Update : nettle on SL7.x x86_64 (20161103)

Security Fixes : - Multiple flaws were found in the way nettle implemented elliptic curve scalar multiplication. These flaws could potentially introduce cryptographic weaknesses into nettle's functionality. CVE-2015-8803, CVE-2015-8804, CVE-2015-8805 - It was found that nettle's RSA and DSA...

Joyent SmartOS Hyprlofs FS IOCTL Add Entries 32-bit File System Denial of Service Vulnerability

Summary An exploitable denial of service exists in the the Joylent SmartOS OS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFSADDENTRIES when used with a 32 bit model. An attacker can cause a buffer to be allocated and never...

DEBIAN-CVE-2016-7170

The vmsvgafiforun function in hw/display/vmwarevga.c in QEMU aka Quick Emulator allows local guest OS administrators to cause a denial of service out-of-bounds write and QEMU process crash via vectors related to cursor.mask and cursor.image array sizes when processing a DEFINECURSOR svga command...

FreeBSD bhyve(8) Integer Overflow Vulnerability

bhyve, the FreeBSD hypervisor/virtual machine manager, reports the "POPCNT" POPulation Count processor feature in bhyve8. An integer overflow vulnerability exists in FreeBSD bhyve8. As the bhyve8 virtual machine is configured with more than 3GB of client memory, this could allow a malicious clien...

FreeBSD : FreeBSD -- bhyve(8) virtual machine escape (e722e3c6-bbee-11e6-b1cf-14dae9d210b8)

The bounds checking of accesses to guest memory greater than 4GB by device emulations is subject to integer overflow. Impact : For a bhyve virtual machine with more than 3GB of guest memory configured, a malicious guest could craft device descriptors that could give it access to the heap of the...

CVE-2016-9637

An out of bounds array access issue was found in the Xen virtual machine monitor, built with the QEMU ioport support. It could occur while doing ioport read/write operations, if guest was to supply a 32bit address parameter. A privileged guest user/process could use this flaw to potentially...

FreeBSD-SA-16:38.bhyve

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-16:38.bhyve Security Advisory The FreeBSD Project Topic: bhyve8 virtual machine escape Category: core Module: bhyve Announced: 2016-12-06 Credits: Felix Wilhelm...

FreeBSD -- bhyve(8) virtual machine escape

Problem Description: The bounds checking of accesses to guest memory greater than 4GB by device emulations is subject to integer overflow. Impact: For a bhyve virtual machine with more than 3GB of guest memory configured, a malicious guest could craft device descriptors that could give it access ...

PT-2016-3112 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.8.13 Description: The issue is related to a use-after-free vulnerability in the kvm ioctl create device function. This vulnerability can be exploited by host OS users to cause a denial of service, resulting in...

Xen elevation of privilege vulnerability (CNVD-2016-11705)

Xen is an open source virtual machine monitor product developed at the University of Cambridge, UK. The product enables different and incompatible operating systems to run on the same computer and supports runtime migration to ensure uptime and avoid downtime. Xen has an elevation of privilege...

Xen elevation of privilege vulnerability (CNVD-2016-11703)

Xen is an open source virtual machine monitor product developed at the University of Cambridge, UK. The product enables different and incompatible operating systems to run on the same computer and supports runtime migration to ensure uptime and avoid downtime. Xen suffers from an elevation of...

libguestfs, lua, ocaml, perl, python, ruby, virt security update

CentOS Errata and Security Advisory CESA-2016:2576 An update for libguestfs and virt-p2v is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a...