SuSE 10 Security Update : Xen (ZYPP Patch Number 2155)

This update includes both bug fixes and security fixes for Xen. A summary of the fixes appears below: 151105 - Fix various 'leaks' of loopback devices w/ domUloader 162865 - Re-send all page tables when migrating to avoid oops 167145 - Add status messages during file backed disk creation 176369 -...

Xen mov_to_rr RID本地安全绕过漏洞

Xen是一款开放源代码虚拟机监视器。 Xen不正确验证用户输入，本地攻击者可以利用漏洞绕过安全，获得敏感信息。 针对movtorr的RID值缺少过滤，可允许一个VTi域读取其他域的内存信息，造成敏感信息泄露。 XenSource Xen 3.1.1 XenSource Xen 3.0.3 XenSource Xen 3.0 可参考如下地址获得补丁信息： http://xenbits.xensource.com/xen-3.1-testing.hg...

openSUSE 10 Security Update : kernel (kernel-4749)

This kernel update fixes the following security problems : ++ CVE-2007-5500: A buggy condition in the ptrace attach logic can be used by local attackers to hang the machine. ++ CVE-2007-5501: The tcpsacktagwritequeue function in net/ipv4/tcpinput.c allows remote attackers to cause a denial of...

QEMU virtual machine buffer overflow

Buffer overflow in TranslationBlock on application execution in Guest OS...

GLSA-200711-21 : Bochs: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200711-21 Bochs: Multiple vulnerabilities Tavis Ormandy of the Google Security Team discovered a heap-based overflow vulnerability in the NE2000 driver CVE-2007-2893. He also discovered a divide-by-zero error in the emulated flopp...

VMware Workstation and Player: Multiple vulnerabilities

Background VMware Workstation is a virtual machine for developers and system administrators. VMware Player is a freeware virtualization software that can run guests produced by other VMware products. Description Multiple vulnerabilities have been discovered in several VMware products. Neel Mehta...

[SECURITY] Fedora Core 6 Update: mono-1.1.17.1-5.fc6

The Mono runtime implements a JIT engine for the ECMA CLI virtual machine as well as a byte code interpreter, the class loader, the garbage collector, threading system and metadata access libraries...

Design/Logic Flaw

The Java Virtual Machine JVM in Sun Java Runtime Environment JRE in SDK and JRE 1.3.x through 1.3.120 and 1.4.x through 1.4.215, and JDK and JRE 5.x through 5.0 Update 12 and 6.x through 6 Update 2, allows remote attackers to execute arbitrary programs, or read or modify arbitrary files, via...

CVE-2007-5689

The Java Virtual Machine JVM in Sun Java Runtime Environment JRE in SDK and JRE 1.3.x through 1.3.120 and 1.4.x through 1.4.215, and JDK and JRE 5.x through 5.0 Update 12 and 6.x through 6 Update 2, allows remote attackers to execute arbitrary programs, or read or modify arbitrary files, via...

Design/Logic Flaw

Unspecified vulnerability in VMware Player 1.0.x before 1.0.5 and 2.0 before 2.0.1, and Workstation 5.x before 5.5.5 and 6.x before 6.0.1, prevents it from launching, which has unspecified impact, related to untrusted virtual machine images...

CVE-2007-5617

Unspecified vulnerability in VMware Player 1.0.x before 1.0.5 and 2.0 before 2.0.1, and Workstation 5.x before 5.5.5 and 6.x before 6.0.1, prevents it from launching, which has unspecified impact, related to untrusted virtual machine images...

CVE-2007-5617

Unspecified vulnerability in VMware Player 1.0.x before 1.0.5 and 2.0 before 2.0.1, and Workstation 5.x before 5.5.5 and 6.x before 6.0.1, prevents it from launching, which has unspecified impact, related to untrusted virtual machine images...

CVE-2007-5617

Unspecified vulnerability in VMware Player 1.0.x before 1.0.5 and 2.0 before 2.0.1, and Workstation 5.x before 5.5.5 and 6.x before 6.0.1, prevents it from launching, which has unspecified impact, related to untrusted virtual machine images...

CVE-2007-5617

CVE-2007-5617 concerns VMware Workstation/Player with an unspecified vulnerability in untrusted VM images that prevents launching. Affected products/versions: VMware Player 1.0.x before 1.0.5, 2.0 before 2.0.1; VMware Workstation 5.x before 5.5.5 and 6.x before 6.0.1. The impact is not detailed i...

CVE-2007-5375

Interpretation conflict in the Sun Java Virtual Machine JVM allows user-assisted remote attackers to conduct a multi-pin DNS rebinding attack and execute arbitrary JavaScript in an intranet context, when an intranet web server has an HTML document that references a "mayscript=true" Java applet...

CVE-2007-5375

Interpretation conflict in the Sun Java Virtual Machine JVM allows user-assisted remote attackers to conduct a multi-pin DNS rebinding attack and execute arbitrary JavaScript in an intranet context, when an intranet web server has an HTML document that references a "mayscript=true" Java applet...

CVE-2007-5375

CVE-2007-5375 describes an interpretation conflict in the Sun Java Virtual Machine (JVM) that can allow user-assisted remote attackers to perform a multi-pin DNS rebinding attack and execute arbitrary JavaScript within an intranet context. The issue arises when an intranet web server serves an HT...

CVE-2007-5274

Sun Java Runtime Environment JRE in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.215 and earlier, and SDK and JRE 1.3.120 and earlier, when Firefox or Opera is used, allows remote attackers to violate the security model for JavaScript outbound...

Design/Logic Flaw

Sun Java Runtime Environment JRE in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.215 and earlier, and SDK and JRE 1.3.120 and earlier, when Firefox or Opera is used, allows remote attackers to violate the security model for JavaScript outbound...

RHEL 5 : xen (RHSA-2007:0323)

An updated Xen package to fix multiple security issues is now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The Xen package contains the tools for managing the virtual machine monitor in Red Hat...