Virtual PC Hypervisor Memory Protection Vulnerability

No description provided by source. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Virtual PC Hypervisor Memory Protection Vulnerability 1. Advisory Information Title: Virtual PC Hypervisor Memory Protection...

MS HyperV Persistent DoS Vulnerability

No description provided by source. Core Security Technologies - Corelabs Advisory http://corelabs.coresecurity.com/ MS HyperV Persistent DoS Vulnerability 1. Advisory Information Title: MS HyperV Persistent DoS Vulnerability Advisory ID: CORE-2011-0203 Advisory URL:...

Important: Red Hat Security Advisory: rhev-hypervisor6 security update

An updated rhev-hypervisor6 package that fixes several security issues is now available. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available for each...

[SECURITY] Fedora 19 Update: xen-4.2.4-5.fc19

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...

[SECURITY] Fedora 20 Update: xen-4.3.2-5.fc20

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...

information leak via gnttab_setup_table on ARM

ISSUE DESCRIPTION When initialising an internal data structure on ARM platform Xen was not correctly initialising the memory containing the list of a domain's grant table pages. This list is returned by the GNTTABOPsetuptable subhypercall, leading to an information leak. IMPACT Malicious guest...

[oss-security] Xen Security Advisory 100 (CVE-2014-4021) - Hypervisor heap contents leaked to guests

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2014-4021 / XSA-100 version 3 Hypervisor heap contents leaked to guests UPDATES IN VERSION 3 ==================== Public Release. CVE assigned. ISSUE DESCRIPTION ================= While memory pages recovered from dying guest...

[oss-security] Xen Security Advisory 96 (CVE-2014-3967,CVE-2014-3968) - Vulnerabilities in HVM MSI injection

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2014-3967,CVE-2014-3968 / XSA-96 version 3 Vulnerabilities in HVM MSI injection UPDATES IN VERSION 3 ==================== CVEs assigned. ISSUE DESCRIPTION ================= The implementation of the HVM control operation...

[oss-security] Xen Security Advisory 54 (CVE-2013-2078) - Hypervisor crash due to missing exception recovery on XSETBV

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2013-2078 / XSA-54 version 4 Hypervisor crash due to missing exception recovery on XSETBV UPDATES IN VERSION 4 ==================== Reduce vulnerable range of versions to 4.1 and onwards. ISSUE DESCRIPTION =================...

unexpected pitfall in xenaccess API

ISSUE DESCRIPTION A test/example program, for exercising the Xen memaccess API, does not take all necessary precautions against hostile guest behaviour. As a result, software developers using it as an example or template might have written and deployed vulnerable code. See the patch for technical...

Hypervisor heap contents leaked to guests

ISSUE DESCRIPTION While memory pages recovered from dying guests are being cleaned to avoid leaking sensitive information to other guests, memory pages that were in use by the hypervisor and are eligible to be allocated to guests weren't being properly cleaned. Such exposure of information would...

openSUSE Security Update : xen (openSUSE-SU-2013:1404-1)

XEN was updated to 4.2.2, fixing lots of bugs and several security issues. Various upstream patches were also merged into this version by our developers. Detailed buglist : - bnc824676 - Failed to setup devices for vm instance when start multiple vms simultaneously - bnc817799 - sles9sp4 guest...

openSUSE Security Update : xen (openSUSE-SU-2013:0636-1)

XEN was updated to fix various bugs and security issues : Security issues fixed : - bnc800275 - CVE-2013-0153: xen: interrupt remap entries shared and old ones not cleared on AMD IOMMUs - bnc797523 - CVE-2012-6075: qemu / kvm-qemu: e1000 overflows under some conditions - bnc797031 - Xen Security...

openSUSE Security Update : xen (openSUSE-SU-2013:1953-1)

Xen was updated to 4.2.3 c/s 26170 to fix various bugs and security issues. Following issues were fixed : - bnc845520 - CVE-2013-4416: xen: ocaml xenstored mishandles oversized message replies - bnc833483 - Boot Failure with xen kernel in UEFI mode with error 'No memory for trampoline' -...

openSUSE Security Update : kernel (openSUSE-SU-2011:0004-1)

The openSUSE 11.3 kernel was updated to fix various bugs and security issues. Following security issues have been fixed: CVE-2010-4347: A local user could inject ACPI code into the kernel via the world-writable 'customdebug' file, allowing local privilege escalation. CVE-2010-4258: A local attack...

openSUSE Security Update : xen (openSUSE-SU-2012:1685-1)

This update of XEN fixes various denial of service bugs. - bnc789945 - CVE-2012-5510: xen: Grant table version switch list corruption vulnerability XSA-26 - bnc789944 - CVE-2012-5511: xen: Several HVM operations do not validate the range of their inputs XSA-27 - bnc789940 - CVE-2012-5512: xen:...

Moderate: Red Hat Security Advisory: rhev-hypervisor6 3.4.0 security, bug fix, and enhancement update

Updated rhev-hypervisor6 packages that fix multiple security issues, several bugs, and add various enhancements are now available. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed...

Important: Red Hat Security Advisory: rhev-hypervisor6 security update

An updated rhev-hypervisor6 package that fixes two security issues is now available. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available for each...

Vulnerabilities in HVM MSI injection

ISSUE DESCRIPTION The implementation of the HVM control operation HVMOPinjectmsi, while checking whether a particular IRQ was already set up in the necessary way, fails to properly check all respective conditions. In particular it doesn't check the returned pointer for being non-NULL before de-...

[SECURITY] Fedora 19 Update: xen-4.2.4-4.fc19

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...