NIST Publishes Draft Hypervisor Security Guide

NIST has followed up a three-year-old virtualization security guide with recommendations for hypervisor security. A draft version of SP800-125a was released this week and a public comment period opened on Monday and ends Nov. 10. The guide targets enterprise security and IT management as well dat...

virt-who: plaintext hypervisor passwords in world-readable /etc/sysconfig/virt-who configuration file

It was discovered that the /etc/sysconfig/virt-who configuration file, which may contain hypervisor authentication credentials, was world-readable. A local user could use this flaw to obtain authentication credentials from this file...

[SECURITY] Fedora 19 Update: xen-4.2.5-3.fc19

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...

[SECURITY] Fedora 20 Update: xen-4.3.3-3.fc20

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...

Xen Hypervisor Installed

Binary data xenserverdetect.nbin...

[SECURITY] Fedora 21 Update: xen-4.4.1-6.fc21

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...

NEW VMSA-2014-0010 - VMware product updates address critical Bash security vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 VMware Security Advisory Advisory ID: VMSA-2014-0010 Synopsis: VMware product updates address critical Bash security vulnerabilities Issue date: 2014-09-30 Updated on: 2014-09-30 Initial Advisory CVE numbers: CVE-2014-6271, CVE-2014-7169, CVE-2014-718...

Critical: Red Hat Security Advisory: rhev-hypervisor6 security update

An updated rhev-hypervisor6 package that fixes several security issues is now available. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available for each...

Xen Bug Could cause Crashes, Expose Cloud Data

The Xen Project published a security advisory yesterday about a critical vulnerability in its virtual machine and hypervisor systems that could expose public cloud servers to attacks capable of crashing host machines and even stealing small amounts of random data. The fix was made available under...

CVE-2014-7188

The hvmmsrreadintercept function in arch/x86/hvm/hvm.c in Xen 4.1 through 4.4.x uses an improper MSR range for x2APIC emulation, which allows local HVM guests to cause a denial of service host crash or read data from the hypervisor or other guests via unspecified vectors...

DEBIAN-CVE-2014-7188

The hvmmsrreadintercept function in arch/x86/hvm/hvm.c in Xen 4.1 through 4.4.x uses an improper MSR range for x2APIC emulation, which allows local HVM guests to cause a denial of service host crash or read data from the hypervisor or other guests via unspecified vectors...

UBUNTU-CVE-2014-7154

Race condition in HVMOPtrackdirtyvram in Xen 4.0.0 through 4.4.x does not ensure possession of the guarding lock for dirty video RAM tracking, which allows certain local guest domains to cause a denial of service via unspecified vectors...

CVE-2014-7188

The hvmmsrreadintercept function in arch/x86/hvm/hvm.c in Xen 4.1 through 4.4.x uses an improper MSR range for x2APIC emulation, which allows local HVM guests to cause a denial of service host crash or read data from the hypervisor or other guests via unspecified vectors...

Design/Logic Flaw

The hvmmsrreadintercept function in arch/x86/hvm/hvm.c in Xen 4.1 through 4.4.x uses an improper MSR range for x2APIC emulation, which allows local HVM guests to cause a denial of service host crash or read data from the hypervisor or other guests via unspecified vectors...

UBUNTU-CVE-2014-7156

The x86emulate function in arch/x86/x86emulate/x86emulate.c in Xen 3.3.x through 4.4.x does not check the supervisor mode permissions for instructions that generate software interrupts, which allows local HVM guest users to cause a denial of service guest crash via unspecified vectors...

CVE-2014-7188

Technical details for CVE-2014-7188 are not publicly provided in the connected documents. No product/version/root-cause/impact is specified here. Monitor for updates in future disclosures.

CVE-2014-7188

The hvmmsrreadintercept function in arch/x86/hvm/hvm.c in Xen 4.1 through 4.4.x uses an improper MSR range for x2APIC emulation, which allows local HVM guests to cause a denial of service host crash or read data from the hypervisor or other guests via unspecified vectors...

CVE-2014-7188

The hvmmsrreadintercept function in arch/x86/hvm/hvm.c in Xen 4.1 through 4.4.x uses an improper MSR range for x2APIC emulation, which allows local HVM guests to cause a denial of service host crash or read data from the hypervisor or other guests via unspecified vectors...

VMSA-2014-0010 : VMware product updates address critical Bash security vulnerabilities (Shellshock)

a. Bash update for multiple products. Bash libraries have been updated in multiple products to resolve multiple critical security issues, also referred to as Shellshock. The Common Vulnerabilities and Exposures project cve.mitre.org has assigned the identifiers CVE-2014-6271, CVE-2014-7169,...

VMware Begins to Patch Bash Issues Across Product Line

Much like Heartbleed triggered vendors to issue out of band patches to remedy vulnerabilities that popped up earlier this year, Shellshock, the Bash vulnerability, has forced vendors’ hands in a similar fashion. Virtualization firm VMware issued a progress report on fixes for four different types...