SUSE SLES12 Security Update : xen (SUSE-SU-2019:0827-1)

This update for xen fixes the following issues : Security issues fixed : CVE-2019-6778: Fixed a heap buffer overflow in tcpemu found in slirp bsc1123157. CVE-2017-13672: Fixed an out of bounds read access during display update bsc1056336. Fixed an issue which could allow malicious or buggy guests...

[SECURITY] Fedora 30 Update: xen-4.11.1-4.fc30

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...

SUSE-SU-2019:0784-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-2024: A use-after-free when disconnecting a source was fixed which could lead to crashes. bnc1129179. - CVE-2019-9213: expanddownwards in mm/mmap.c lacks a...

Fedora Update for xen FEDORA-2019-bce6498890

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SUSE-SU-2019:0767-1 Security update for the Linux Kernel

The SUSE Linux Enterprise Server 12 SP4 Azure kernel was updated to fix various issues. The following security bugs were fixed: - CVE-2019-2024: A use-after-free when disconnecting a source was fixed which could lead to crashes. bnc1129179. - CVE-2019-9213: expanddownwards in mm/mmap.c lacked a...

SUSE-SU-2019:0740-1 Security update for the Linux Kernel (Live Patch 1 for SLE 15)

This update for the Linux Kernel 4.12.14-253 fixes several issues. The following security issues were fixed: - CVE-2019-9213: Expanddownwards in mm/mmap.c lacked a check for the mmap minimum address, which made it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP...

SUSE SLES12 Security Update : kernel (SUSE-SU-2019:0722-1)

This update for the Linux Kernel 4.4.121-9295 fixes several issues. The following security issues were fixed : CVE-2019-9213: Expanddownwards in mm/mmap.c lacked a check for the mmap minimum address, which made it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP...

SUSE SLES12 Security Update : kernel (SUSE-SU-2019:0709-1)

This update for the Linux Kernel 4.4.121-9298 fixes several issues. The following security issues were fixed : CVE-2019-9213: Expanddownwards in mm/mmap.c lacked a check for the mmap minimum address, which made it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP...

Firefox and Edge Fall to Hackers on Day Two of Pwn2Own

Hackers took down the Mozilla Firefox and Microsoft Edge browsers on Thursday at Pwn2Own, the annual hacking conference held in tandem with CanSecWest, as the competition continued for a second day. The dynamic hacking duo of Amat Cama and Richard Zhu, which make up team Fluoroacetate, had anothe...

SUSE-SU-2019:0709-1 Security update for the Linux Kernel (Live Patch 24 for SLE 12 SP2)

This update for the Linux Kernel 4.4.121-9292 fixes several issues. The following security issues were fixed: - CVE-2019-9213: Expanddownwards in mm/mmap.c lacked a check for the mmap minimum address, which made it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP...

[SECURITY] Fedora 28 Update: xen-4.10.3-2.fc28

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...

Hackers Take Down Safari, VMware and Oracle at Pwn2Own

Hackers took down Apple Safari, VMware Workstation, and Oracle VirtualBox on Wednesday, the first day of Pwn2Own, the annual hacking competition held in tandem with the CanSecWest conference in Vancouver. Contestants with the team of Fluoroacetate Amat Cama and Richard Zhu were the first to hit p...

Information disclosure

hw/ppc/spapr.c in QEMU through 3.1.0 allows Information Exposure because the hypervisor shares the /proc/device-tree/system-id and /proc/device-tree/model system attributes with a guest...

UBUNTU-CVE-2019-8934

hw/ppc/spapr.c in QEMU through 3.1.0 allows Information Exposure because the hypervisor shares the /proc/device-tree/system-id and /proc/device-tree/model system attributes with a guest...

Citrix Hypervisor Export Running VM - Export snapshot to file through CLI

...

CVE-2019-8934

hw/ppc/spapr.c in QEMU through 3.1.0 allows Information Exposure because the hypervisor shares the /proc/device-tree/system-id and /proc/device-tree/model system attributes with a guest...

Xen Project PCI Pass-through DMA Privilege Escalation (XSA-288)

According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by a privilege escalation vulnerability. Only x86 systems are affected. Note that Nessus has checked the changeset versions based on the xen.git change log. Nessus did not check guest hardwa...

Xen Project PCI Pass-through Device Denial of Service Vulnerability (XSA-291)

According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by a denial of service vulnerability. Only x86 systems are affected. Note that Nessus has checked the changeset versions based on the xen.git change log. Nessus did not check guest hardware...

Xen Project Pass-through PCI Device Guest-to-Host Privilege Escalation (XSA-285)

According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by guest-to-host privilege escalation vulnerability. Only x86 systems are affected. Note that Nessus has checked the changeset versions based on the xen.git change log. Nessus did not check...

Xen Project fsgsbase CPU Feature Privilege Escalation Vulnerability (XSA-293)

According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by a privilege escalation vulnerability. Only x86 systems with the fsgsbase CPU feature are affected. Note that Nessus has checked the changeset versions based on the xen.git change log...