Debian DLA-1270-1 : xen security update

Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in privilege escalation. For Debian 7 'Wheezy', these problems have been fixed in version 4.1.6.lts1-12. We recommend that you upgrade your xen packages. Please note that CVE-2017-15590 XSA-237 will not be fix...

[SECURITY] [DLA 1270-1] xen security update

Package : xen Version : 4.1.6.lts1-12 CVE ID : CVE-2016-9603 CVE-2016-9637 CVE-2017-2620 Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in privilege escalation. For Debian 7 "Wheezy", these problems have been fixed in version 4.1.6.lts1-12. We recommend th...

The vulnerability of the Core component of the Oracle VM VirtualBox allows a malicious attacker from the guest operating system to execute certain commands or copy data from the host operating system.

The vulnerability of the Core hypervisor component in Oracle VM VirtualBox is related to access control deficiencies. Exploiting this vulnerability allows a malicious individual operating locally on the guest operating system to execute certain commands or copy data from the guest operating syste...

SUSE-SU-2018:0279-1 Security update for libvirt

This update for libvirt provides several fixes. This security issue was fixed: - CVE-2018-5748: Prevent resource exhaustion via qemuMonitorIORead method which allowed to cause DoS bsc1076500. These security issues were fixed: - Add a qemu hook script providing functionality similar to Xen's...

Debian: Security Advisory (DLA-964-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle VirtualBox crUnpackTexGendv Stack-based Buffer Overflow Privilege Escalation Vulnerability

This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the...

Oracle VirtualBox crServerDispatchCallLists Integer Overflow Privilege Escalation Vulnerability

This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the...

Oracle VirtualBox crStatePixelMapuiv Stack-based Buffer Overflow Privilege Escalation Vulnerability

This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the...

Oracle VirtualBox crServerDispatchDeleteProgramsARB Integer Overflow Privilege Escalation Vulnerability

This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the...

Fedora 27 : xen (2017-c432db2971)

xen: various flaws 1501391 multiple MSI mapping issues on x86 XSA-237 DMOP map/unmap missing argument checks XSA-238 hypervisor stack leak in x86 I/O intercept code XSA-239 Unlimited recursion in linear pagetable de-typing XSA-240 Stale TLB entry due to page type release race XSA-241 page type...

Fedora 27 : xen (2017-c31799ee4a)

fix an issue in patch for XSA-240, CVE-2017-15595 that might be a security issue fix for XSA-243, CVE-2017-15592 could cause hypervisor crash DOS Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted ...

Xen: Multiple vulnerabilities

Background Xen is a bare-metal hypervisor. Description Multiple vulnerabilities have been discovered in Xen. Please review the referenced CVE identifiers for details. Impact A local attacker could potentially execute arbitrary code with the privileges of the Xen QEMU process on the host, gain...

VMware Fusion 8.x < 8.5.10 / 10.x < 10.1.1 Multiple Vulnerabilities (VMSA-2018-0004) (VMSA-2018-0005) (Spectre) (macOS)

The version of VMware Fusion installed on the remote macOS or Mac OS X host is 8.x prior to 8.5.10 or 10.x prior to 10.1.1. It is, therefore, missing security updates that add hypervisor-assisted guest remediation for a speculative execution vulnerability CVE-2017-5715. These updates will allow...

VMSA-2018-0004 : VMware vSphere, Workstation and Fusion updates add Hypervisor-Assisted Guest Remediation for speculative execution issue (Spectre)

New speculative-execution control mechanism for Virtual Machines Updates of vCenter Server, ESXi, Workstation and Fusion virtualize the new speculative-execution control mechanism for Virtual Machines VMs. As a result, a patched Guest Operating System Guest OS can remediate the Branch Target...

VMware vCenter Server 5.5.x < 5.5U3g / 6.0.x < 6.0U3d / 6.5.x < 6.5U1e Hypervisor-Assisted Guest Remediation (VMSA-2018-0004) (Spectre)

The version of VMware vCenter Server installed on the remote host is 5.5.x prior to 5.5U3g, 6.0.x prior to 6.0U3d, or 6.5.x prior to 6.5U1e. It is, therefore, missing security updates that add hypervisor-assisted guest remediation for a speculative execution vulnerability CVE-2017-5715. C Tenable...

VMware Player 12.x < 12.5.9 / 14.x < 14.1.1 Multiple Vulnerabilities (VMSA-2018-0004) (VMSA-2018-0005) (Spectre)

The version of VMware Player installed on the remote Windows host is 14.x prior to 14.1.1 or 12.x prior to 12.5.9. It is, therefore, missing security updates that add hypervisor-assisted guest remediation for a speculative execution vulnerability CVE-2017-5715. These updates will allow guest...

Xen vcpu Destruction Handling Memory Exhaustion Guest-to-Host DoS (XSA-253)

According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by a guest-to-host denial of service vulnerability. Note that Nessus has checked the changeset versions based on the xen.git change log. Nessus did not check guest hardware configurations or...

VMware Workstation 12.x < 12.5.9 / 14.x < 14.1.1 Multiple Vulnerabilities (VMSA-2018-0004) (VMSA-2018-0005) (Spectre)

The version of VMware Workstation installed on the remote Windows host is 14.x prior to 14.1.1 or 12.x prior to 12.5.9. It is, therefore, missing security updates that add hypervisor-assisted guest remediation for a speculative execution vulnerability CVE-2017-5715. These updates will allow guest...

VMware vSphere, Workstation and Fusion updates add Hypervisor-Assisted Guest Remediation for speculative execution issue

New speculative-execution control mechanism for Virtual Machines Updates of vCenter Server, ESXi, Workstation and Fusion virtualize the new speculative-execution control mechanism for Virtual Machines VMs. As a result, a patched Guest Operating System Guest OS can remediate the Branch Target...

Meltdown/Spectre and Qualys Cloud Platform

In light of the recently released information about two security vulnerabilities, Qualys has considered the impact on the Qualys Cloud Platform and associated services. Qualys released a detailed advisory for customers of the Qualys Cloud Platform to help customers identify these vulnerabilities...