[SECURITY] Fedora 20 Update: xen-4.3.2-3.fc20

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...

DEBIAN-CVE-2014-3124

The HVMOPsetmemtype control in Xen 4.1 through 4.4.x allows local guest HVM administrators to cause a denial of service hypervisor crash or possibly execute arbitrary code by leveraging a separate qemu-dm vulnerability to trigger invalid page table translations for unspecified memory page types...

CVE-2014-3124

The HVMOPsetmemtype control in Xen 4.1 through 4.4.x allows local guest HVM administrators to cause a denial of service hypervisor crash or possibly execute arbitrary code by leveraging a separate qemu-dm vulnerability to trigger invalid page table translations for unspecified memory page types...

CVE-2014-3124

The HVMOPsetmemtype control in Xen 4.1 through 4.4.x allows local guest HVM administrators to cause a denial of service hypervisor crash or possibly execute arbitrary code by leveraging a separate qemu-dm vulnerability to trigger invalid page table translations for unspecified memory page types...

CVE-2014-3124

The HVMOPsetmemtype control in Xen 4.1 through 4.4.x allows local guest HVM administrators to cause a denial of service hypervisor crash or possibly execute arbitrary code by leveraging a separate qemu-dm vulnerability to trigger invalid page table translations for unspecified memory page types...

UBUNTU-CVE-2014-3124

The HVMOPsetmemtype control in Xen 4.1 through 4.4.x allows local guest HVM administrators to cause a denial of service hypervisor crash or possibly execute arbitrary code by leveraging a separate qemu-dm vulnerability to trigger invalid page table translations for unspecified memory page types...

Design/Logic Flaw

The HVMOPsetmemtype control in Xen 4.1 through 4.4.x allows local guest HVM administrators to cause a denial of service hypervisor crash or possibly execute arbitrary code by leveraging a separate qemu-dm vulnerability to trigger invalid page table translations for unspecified memory page types...

CVE-2014-3124

The HVMOPsetmemtype control in Xen 4.1 through 4.4.x allows local guest HVM administrators to cause a denial of service hypervisor crash or possibly execute arbitrary code by leveraging a separate qemu-dm vulnerability to trigger invalid page table translations for unspecified memory page types...

CVE-2014-3124

CVE-2014-3124 affects the Xen hypervisor (versions 4.1–4.4.x). The HVMOP_set_mem_type control can cause invalid P2M entries, enabling a local guest HVM admin to trigger a hypervisor crash (DoS) and potentially execute arbitrary code via a separate qemu-dm vulnerability that leads to invalid page ...

CVE-2014-0189

The CVE-2014-0189 issue affects the virt-who utility, where /etc/sysconfig/virt-who was world-readable, enabling a local attacker to read credentials for hypervisors stored in that file. Publicly available connected sources (Red Hat/CentOS advisories and Nessus/NASL records) confirm the vulnerabi...

ARM hypervisor crash on guest interrupt controller access

ISSUE DESCRIPTION When handling a guest access to the virtual GIC distributor interrupt controller Xen could dereference a pointer before checking it for validity leading to a hypervisor crash and host Denial of Service. IMPACT A buggy or malicious guest can crash the host. VULNERABLE SYSTEMS Bot...

Fedora Update for xen FEDORA-2014-4424

Check for the Version of xen OpenVAS Vulnerability Test Fedora Update for xen FEDORA-2014-4424 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of t...

Fedora Update for xen FEDORA-2014-4458

Check for the Version of xen OpenVAS Vulnerability Test Fedora Update for xen FEDORA-2014-4458 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of t...

[SECURITY] Fedora 20 Update: xen-4.3.2-2.fc20

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...

[SECURITY] Fedora 19 Update: xen-4.2.4-3.fc19

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...

Buffer overflow

Off-by-one error in the flasksecurityavccachestats function in xsm/flask/flaskop.c in Xen 4.2.x and 4.3.x, when the maximum number of physical CPUs are in use, allows local users to cause a denial of service host crash or obtain sensitive information from hypervisor memory by leveraging a...

CVE-2014-1895

Off-by-one error in the flasksecurityavccachestats function in xsm/flask/flaskop.c in Xen 4.2.x and 4.3.x, when the maximum number of physical CPUs are in use, allows local users to cause a denial of service host crash or obtain sensitive information from hypervisor memory by leveraging a...

CVE-2014-1895

Technical details about CVE-2014-1895 are not publicly provided in the connected documents. While references to Xen vulnerabilities appear, there is no explicit information on affected versions, root cause specifics, impact, or fixes in the supplied material.

Important: Red Hat Security Advisory: rhev-hypervisor6 security update

An updated rhev-hypervisor6 package that fixes multiple security issues is now available. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available for eac...

CORE-2014-0002 - Oracle VirtualBox 3D Acceleration Multiple Memory Corruption Vulnerabilities

Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Oracle VirtualBox 3D Acceleration Multiple Memory Corruption Vulnerabilities 1. Advisory Information Title: Oracle VirtualBox 3D Acceleration Multiple Memory Corruption Vulnerabilities Advisory ID: CORE-2014-0002 Advisory URL:...