Important: Red Hat Security Advisory: rhev-hypervisor6 security update

An updated rhev-hypervisor6 package that fixes multiple security issues is now available. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available for eac...

[SECURITY] Fedora 20 Update: openstack-nova-2013.2.1-2.fc20

OpenStack Compute codename Nova is open source software designed to provision and manage large networks of virtual machines, creating a redundant and scalable cloud computing platform. It gives you the software, control panels, and APIs required to orchestrate a cloud, including running instances...

Weak Password Used to Access Hypervisor, Deface OpenSSL Site

The OpenSSL Project blames a weak password used at its hosting provider for its recent site defacement. The organization that hosts the ubiquitous open source encryption implementation updated a notice on its website yesterday informing users that attackers used the weak credential to gain contro...

OpenSSL Hacked and Defaced

UPDATE: A Turkish hacking group compromised and defaced over the weekend the website of OpenSSL, an open-source SSL and TLS encryption implementation resource. The website Zone-H is hosting a mirror of the defacement, in which the hacking group responsible for the attack posted the following...

Fedora Update for xen FEDORA-2013-23466

Check for the Version of xen OpenVAS Vulnerability Test Fedora Update for xen FEDORA-2013-23466 Authors: System Generated Check Copyright: Copyright C 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of...

libvirt "lxcDomainGetMemoryParameters()"拒绝服务漏洞

CVE ID:CVE-2013-6436 Libvirt库是一款实现Linux虚拟化功能的Linux API，它支持各种Hypervisor，包括Xen和KVM，以及QEMU和用于其他操作系统的一些虚拟产品。 Libvirt中"lxcDomainGetMemoryParameters"函数lxc/lxcdriver.c存在一些错误，允许攻击者利用漏洞向没有运行的LXC域发送"virsh memtune"命令触发空指针引用，造成拒绝服务攻击。 0 libvirt 1.x 厂商补丁： Libvirt ----- 用户可参考如下厂商提供的安全公告获得补丁信息：...

Fedora Update for xen FEDORA-2013-23457

Check for the Version of xen OpenVAS Vulnerability Test Fedora Update for xen FEDORA-2013-23457 Authors: System Generated Check Copyright: Copyright C 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of...

Design/Logic Flaw

libspice, as used in QEMU-KVM in Red Hat Enterprise Virtualization Hypervisor aka RHEV-H or rhev-hypervisor before 5.5-2.2 and possibly other products, allows guest OS users to read from or write to arbitrary QEMU memory by modifying the address that is used by Cairo for memory mappings...

CVE-2010-0430

libspice, as used in QEMU-KVM in Red Hat Enterprise Virtualization Hypervisor aka RHEV-H or rhev-hypervisor before 5.5-2.2 and possibly other products, allows guest OS users to read from or write to arbitrary QEMU memory by modifying the address that is used by Cairo for memory mappings...

Null pointer dereference

Xen in the Linux kernel, when running a guest on a host without hardware assisted paging HAP, allows guest users to cause a denial of service invalid pointer dereference and hypervisor crash via the SAHF instruction...

CVE-2011-2519

Xen in the Linux kernel, when running a guest on a host without hardware assisted paging HAP, allows guest users to cause a denial of service invalid pointer dereference and hypervisor crash via the SAHF instruction...

CVE-2010-0430

libspice, as used in QEMU-KVM in Red Hat Enterprise Virtualization Hypervisor aka RHEV-H or rhev-hypervisor before 5.5-2.2 and possibly other products, allows guest OS users to read from or write to arbitrary QEMU memory by modifying the address that is used by Cairo for memory mappings...

[SECURITY] Fedora 19 Update: xen-4.2.3-12.fc19

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...

[SECURITY] Fedora 18 Update: xen-4.2.3-12.fc18

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...

CVE-2013-4553

The XENDOMCTLgetmemlist hypercall in Xen 3.4.x through 4.3.x possibly 4.3.1 does not always obtain the pagealloclock and mmrwlock in the same order, which allows local guest administrators to cause a denial of service host deadlock...

Code injection

Xen 3.0.3 through 4.1.x possibly 4.1.6.1, 4.2.x possibly 4.2.3, and 4.3.x possibly 4.3.1 does not properly prevent access to hypercalls, which allows local guest users to gain privileges via a crafted application running in ring 1 or 2...

CVE-2013-4553

The XENDOMCTLgetmemlist hypercall in Xen 3.4.x through 4.3.x possibly 4.3.1 does not always obtain the pagealloclock and mmrwlock in the same order, which allows local guest administrators to cause a denial of service host deadlock...

[SECURITY] Fedora 20 Update: xen-4.3.1-6.fc20

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...

SuSE 11.3 Security Update : Xen (SAT Patch Number 8588)

The Xen hypervisor and tool-suite have been updated to fix security issues and bugs : - XSA-73: A lock order reversal between page allocation and grant table locks could lead to host crashes or even host code execution. CVE-2013-4494 - XSA-74: A lock order reversal between pagealloclock and...

Fedora Update for xen FEDORA-2013-22312

Check for the Version of xen OpenVAS Vulnerability Test Fedora Update for xen FEDORA-2013-22312 Authors: System Generated Check Copyright: Copyright C 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of...