RHEL 7 : qemu-kvm-rhev (RHSA-2018:0028)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:0028 advisory. KVM Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the...

SA161: Local Information Disclosure Due to Meltdown and Spectre Attacks

SUMMARY Symantec Network Protection products, which run on an affected CPU chipset and execute arbitrary code from external sources, are susceptible to several information disclosure vulnerabilities aka Meltdown and Spectre attacks. A remote attacker, with the ability to execute arbitrary code...

Debian DLA-1230-1 : xen security update

Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in denial of service, information leaks, privilege escalation or the execution of arbitrary code. For Debian 7 'Wheezy', these problems have been fixed in version 4.1.6.lts1-11. We recommend that you upgrade...

VMSA-2018-0004:VMware vSphere, Workstation and Fusion updates add Hypervisor-Assisted Guest Remediation for speculative execution issue

VMSA-2018-0004.3 VMware vSphere, Workstation and Fusion updates add Hypervisor-Assisted Guest Mitigations for speculative execution issue VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2018-0005 VMware Security Advisory Severity: Critical VMware Security Advisory Synopsis:...

(RHSA-2018:0046) Important: rhev-hypervisor7 security update

The rhev-hypervisor7 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine KVM hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Re...

[SECURITY] [DLA 1230-1] xen security update

Package : xen Version : 4.1.6.lts1-11 CVE ID : CVE-2017-17044 CVE-2017-17045 CVE-2017-17563 CVE-2017-17564 CVE-2017-17565 CVE-2017-17566 Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in denial of service, information leaks, privilege escalation or the...

Impact of Meltdown and Spectre on Akamai

Overview On Wednesday, January 3rd, researchers from Google Project Zero, Cyberus Technology, Graz University of Technology, and other organizations released details about a pair of related vulnerabilities, dubbed Meltdown and Spectre. These vulnerabilities appear to affect all modern processors...

Information leak via side effects of speculative execution

ISSUE DESCRIPTION Processors give the illusion of a sequence of instructions executed one-by-one. However, in order to most efficiently use cpu resources, modern superscalar processors actually begin executing many instructions in parallel. In cases where instructions depend on the result of...

[SECURITY] Fedora 26 Update: xen-4.8.2-9.fc26

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...

Xen Function M2P Entry Access Handling Guest-to-Host DoS (XSA-251)

According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by a guest-to-host denial of service vulnerability. Note that x86 systems are vulnerable. ARM systems are not vulnerable. Note that Nessus has checked the changeset versions based on the...

Xen Shadow Mode Page Use Reference Counting Error Handling Guest-to-Host DoS (XSA-250)

According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by a guest-to-host denial of service vulnerability. Note that x86 systems are vulnerable. ARM systems are not vulnerable. Note that Nessus has checked the changeset versions based on the...

Xen PV Guests Internally Used Pages Access Handling Guest-to-Host Privilege Escalation (XSA-248)

According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by a guest-to-host privilege escalation vulnerability. Note that Nessus has checked the changeset versions based on the xen.git change log. Nessus did not check guest hardware configurations...

Xen Function Page Use Shadow Mode Reference Counting Improper Overflow Check Guest-to-Host DoS (XSA-249)

According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by a guest-to-host denial of service vulnerability. Note that x86 systems are vulnerable. ARM systems are not vulnerable. Note that Nessus has checked the changeset versions based on the...

[SECURITY] Fedora 27 Update: xen-4.9.1-4.fc27

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...

Xen 'Hypervisor' Memory Corruption Vulnerability

Xen is an open source virtual machine monitor product developed at the University of Cambridge, UK. The product enables different and incompatible operating systems to run on the same computer and supports runtime migration to ensure uptime and avoid downtime. A memory corruption vulnerability...

openSUSE Security Update : xen (openSUSE-2017-1321)

This update for xen to version 4.9.1 bsc1027519 fixes several issues. This new feature was added : - Support migration of HVM domains larger than 1 TB These security issues were fixed : - bsc1068187: Failure to recognize errors in the Populate on Demand PoD code allowed for DoS XSA-246 -...

The vulnerability of Xen hypervisors arises from errors in the permission copying process, which allow a violator to trigger a service failure, increase their privileges, or disclose sensitive information.

The vulnerability of Xen hypervisors is related to errors in the permission copying process. Exploiting this vulnerability can allow a malicious actor to cause service failures, increase their privileges, or expose sensitive information...

CVE-2017-17563

An issue was discovered in Xen through 4.9.x allowing guest OS users to cause a denial of service host OS crash or gain host OS privileges by leveraging an incorrect mask for reference-count overflow checking in shadow mode...

ALPINE-CVE-2017-17563

An issue was discovered in Xen through 4.9.x allowing guest OS users to cause a denial of service host OS crash or gain host OS privileges by leveraging an incorrect mask for reference-count overflow checking in shadow mode...

[SECURITY] Fedora 25 Update: xen-4.7.4-1.fc25

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...