[SECURITY] [DLA 720-1] xen security update

Package : xen Version : 4.1.6.lts1-4 CVE ID : CVE-2016-9379 CVE-2016-9380 CVE-2016-9381 CVE-2016-9382 CVE-2016-9383 CVE-2016-9386 Multiple vulnerabilities have been discovered in the Xen hypervisor. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2016-9379,...

DLA-720-1 xen - security update

Bulletin has no description...

CVE-2016-9383

Xen, when running on a 64-bit hypervisor, allows local x86 guest OS users to modify arbitrary memory and consequently obtain sensitive information, cause a denial of service host crash, or execute arbitrary code on the host by leveraging broken emulation of bit test instructions...

x86 segment base write emulation lacking canonical address checks

ISSUE DESCRIPTION Both writes to the FS and GS register base MSRs as well as the WRFSBASE and WRGSBASE instructions require their input values to be canonical, or a GP fault will be raised. When the use of those instructions by the hypervisor was enabled, the previous guard against GP faults havi...

[SECURITY] Fedora 25 Update: xen-4.7.0-7.fc25

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...

VMware Patches Virtual Machine Escape Vulnerability

VMware quickly turned around a patch for a critical code execution flaw that was worth $150,000 to the researchers who found it. While there have been no reported public exploits, the vulnerability is serious because it could allow an attacker to access a virtual instance and run code on the host...

Xen: Multiple vulnerabilities

Background Xen is a bare-metal hypervisor. Description Multiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers referenced below for details. Impact A malicious guest administrator could escalate their privileges on the host system or cause a Denial of Service...

[SECURITY] Fedora 23 Update: xen-4.5.5-3.fc23

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...

[SECURITY] Fedora 24 Update: xen-4.6.3-7.fc24

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...

[SECURITY] [DLA 699-1] xen security update

Package : xen Version : 4.1.6.lts1-3 CVE ID : CVE-2016-7777 Xen does not properly honor CR0.TS and CR0.EM, which allows local x86 HVM guest OS users to read or modify FPU, MMX, or XMM register state information belonging to arbitrary tasks on the guest by modifying an instruction while the...

Kernel: powerpc: kvm: Infinite loop via H_CEDE hypercall when running under hypervisor-mode

arch/powerpc/kvm/book3shvrmhandlers.S in the Linux kernel through 4.7 on PowerPC platforms, when CONFIGKVMBOOK3S64HV is enabled, allows guest OS users to cause a denial of service host OS infinite loop by making a HCEDE hypercall during the existence of a suspended transaction...

FreeBSD-SA-16:32.bhyve

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-16:32.bhyve Security Advisory The FreeBSD Project Topic: bhyve - privilege escalation vulnerability Category: core Module: bhyve Announced: 2016-10-25 Credits:...

[SECURITY] Fedora 23 Update: xen-4.5.5-2.fc23

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...

[SECURITY] Fedora 24 Update: xen-4.6.3-6.fc24

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...

[SECURITY] Fedora 25 Update: xen-4.7.0-6.fc25

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...

DEBIAN-CVE-2016-7777

Xen 4.7.x and earlier does not properly honor CR0.TS and CR0.EM, which allows local x86 HVM guest OS users to read or modify FPU, MMX, or XMM register state information belonging to arbitrary tasks on the guest by modifying an instruction while the hypervisor is preparing to emulate it...

ALPINE-CVE-2016-7777

Xen 4.7.x and earlier does not properly honor CR0.TS and CR0.EM, which allows local x86 HVM guest OS users to read or modify FPU, MMX, or XMM register state information belonging to arbitrary tasks on the guest by modifying an instruction while the hypervisor is preparing to emulate it...

CVE-2016-7777

Xen 4.7.x and earlier does not properly honor CR0.TS and CR0.EM, which allows local x86 HVM guest OS users to read or modify FPU, MMX, or XMM register state information belonging to arbitrary tasks on the guest by modifying an instruction while the hypervisor is preparing to emulate it...

SUSE-SU-2016:2473-1 Security update for xen

This update for xen fixes several issues. These security issues were fixed: - CVE-2016-7092: The getpagefroml3e function in arch/x86/mm.c in Xen allowed local 32-bit PV guest OS administrators to gain host OS privileges via vectors related to L3 recursive pagetables bsc995785. - CVE-2016-7093: Xe...

High Availability Failovers Due to Missed HA HeartBeats of NetScaler VPX on VMware ESX Hypervisor

NetScaler VPX on VMWare hypervisor High Availability failsover due to missed HA heartbeats. Note : This article only pertains to NetScaler VPX on VMWare hypervisor. Background Root cause of the HA failovers is missing heartbeats due to VPX scheduling issues on the VMware host. The NetScaler’s...