[SECURITY] [DSA 3286-1] xen security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3286-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 13, 2015 https://www.debian.org/security/faq -...

CVE-2015-4164

The compatiret function in Xen 3.1 through 4.5 iterates the wrong way through a loop, which allows local 32-bit PV guest administrators to cause a denial of service large loop and system hang via a hypercalliret call with EFLAGS.VM set...

DEBIAN-CVE-2015-4164

The compatiret function in Xen 3.1 through 4.5 iterates the wrong way through a loop, which allows local 32-bit PV guest administrators to cause a denial of service large loop and system hang via a hypercalliret call with EFLAGS.VM set...

CVE-2015-4163

GNTTABOPswapgrantref in Xen 4.2 through 4.5 does not check the grant table operation version, which allows local guest domains to cause a denial of service NULL pointer dereference via a hypercall without a GNTTABOPsetuptable or GNTTABOPsetversion...

DEBIAN-CVE-2015-4163

GNTTABOPswapgrantref in Xen 4.2 through 4.5 does not check the grant table operation version, which allows local guest domains to cause a denial of service NULL pointer dereference via a hypercall without a GNTTABOPsetuptable or GNTTABOPsetversion...

CVE-2015-4163

GNTTABOPswapgrantref in Xen 4.2 through 4.5 does not check the grant table operation version, which allows local guest domains to cause a denial of service NULL pointer dereference via a hypercall without a GNTTABOPsetuptable or GNTTABOPsetversion...

CVE-2015-4163

GNTTABOPswapgrantref in Xen 4.2 through 4.5 does not check the grant table operation version, which allows local guest domains to cause a denial of service NULL pointer dereference via a hypercall without a GNTTABOPsetuptable or GNTTABOPsetversion...

Null pointer dereference

GNTTABOPswapgrantref in Xen 4.2 through 4.5 does not check the grant table operation version, which allows local guest domains to cause a denial of service NULL pointer dereference via a hypercall without a GNTTABOPsetuptable or GNTTABOPsetversion...

UBUNTU-CVE-2015-4164

The compatiret function in Xen 3.1 through 4.5 iterates the wrong way through a loop, which allows local 32-bit PV guest administrators to cause a denial of service large loop and system hang via a hypercalliret call with EFLAGS.VM set...

CVE-2015-4163

GNTTABOPswapgrantref in Xen 4.2 through 4.5 does not check the grant table operation version, which allows local guest domains to cause a denial of service NULL pointer dereference via a hypercall without a GNTTABOPsetuptable or GNTTABOPsetversion...

CVE-2015-4163

GNTTABOPswapgrantref in Xen 4.2 through 4.5 does not check the grant table operation version, which allows local guest domains to cause a denial of service NULL pointer dereference via a hypercall without a GNTTABOPsetuptable or GNTTABOPsetversion...

CVE-2015-4163

CVE-2015-4163 affects Xen 4.2–4.5 and stems from GNTTABOP_swap_grant_ref not checking the grant-table operation version, enabling a local guest to cause a denial of service via a NULL pointer dereference when a hypercall is issued without GNTTABOP_setup_table or GNTTABOP_set_version. Impact is li...

Debian DSA-3286-1 : xen - security update

Multiple security issues have been found in the Xen virtualisation solution : - CVE-2015-3209 Matt Tait discovered a flaw in the way QEMU's AMD PCnet Ethernet emulation handles multi-TMD packets with a length above 4096 bytes. A privileged guest user in a guest with an AMD PCNet ethernet card...

DSA-3286-1 xen - security update

Bulletin has no description...

Citrix XenServer Multiple Security Updates (CTX201145)

A number of security vulnerabilities have been identified in Citrix XenServer that may allow a malicious administrator of a guest VM to crash the host. These vulnerabilities affect all currently supported versions of Citrix XenServer up to and including Citrix XenServer 6.5 Service Pack 1...

vulnerability in the iret hypercall handler

ISSUE DESCRIPTION A buggy loop in Xen's compatiret function iterates the wrong way around a 32-bit index. Any 32-bit PV guest kernel can trigger this vulnerability by attempting a hypercalliret with EFLAGS.VM set. Given the use of get/putuser, and that the virtual addresses in question are...

xen-kernel -- vulnerability in the iret hypercall handler

The Xen Project reports: A buggy loop in Xen's compatiret function iterates the wrong way around a 32-bit index. Any 32-bit PV guest kernel can trigger this vulnerability by attempting a hypercalliret with EFLAGS.VM set. Given the use of get/putuser, and that the virtual addresses in question are...

SUSE SLES10 Security Update : Xen (SUSE-SU-2015:0744-1)

The Virtualization service XEN was updated to fix various bugs and security issues. The following security issues have been fixed : XSA-125: Long latency MMIO mapping operations were not preemptible. CVE-2015-2151: XSA-123: Instructions with register operands ignored eventual segment overrides...

SUSE SLED10 / SLES10 Security Update : Xen (SUSE-SU-2012:1606-1)

This update fixes the following security issues in xen : - CVE-2012-5513: XENMEMexchange may overwrite hypervisor memory XSA-29 - CVE-2012-5515: Several memory hypercall operations allow invalid extent order values XSA-31 Also the following bugs have been fixed and upstream patches have been...

OracleVM 3.2 : xen (OVMSA-2015-0058) (Venom)

The remote OracleVM system is missing necessary patches to address critical security updates : - force the fifo access to be in bounds of the allocated buffer This is CVE-2015-3456. bug 21078935 CVE-2015-3456 - xen: limit guest control of PCI command register Otherwise the guest can abuse that...