[SECURITY] Fedora 21 Update: xen-4.4.2-5.fc21

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...

Debian Security Advisory DSA 3286-1 (xen - security update)

Multiple security issues have been found in the Xen virtualisation solution: CVE-2015-3209 Matt Tait discovered a flaw in the way QEMU OpenVAS Vulnerability Test $Id: deb3286.nasl 6609 2017-07-07 12:05:59Z cfischer $ Auto-generated from advisory DSA 3286-1 using nvtgen 1.0 Script version: 1.0...

Catastrophic vulnerability: Venom threat most of the data center-vulnerability warning-the black bar safety net

A security research firm alert, referring to a new Bug could allow a hacker from the inside of the ride unscathed in the data center solve most of the machine. The zero-day vulnerability from the extensive application virtualization software of the traditional General-purpose component that can b...

DEBIAN-CVE-2015-4103

Xen 3.3.x through 4.5.x does not properly restrict write access to the host MSI message data field, which allows local x86 HVM guest administrators to cause a denial of service host interrupt handling confusion via vectors related to qemu and accessing spanning multiple fields...

openSUSE Security Update : xen (openSUSE-2015-391) (Venom)

The XEN hypervisor was updated to fix two security issues : - Fixed a buffer overflow in the floppy drive emulation, which could be used to denial of service attacks or potential code execution against the host. CVE-2015-3456 - Xen did not initialize certain fields, which allowed certain remote...

PCI MSI mask bits inadvertently exposed to guests

ISSUE DESCRIPTION The mask bits optionally available in the PCI MSI capability structure are used by the hypervisor to occasionally suppress interrupt delivery. Unprivileged guests were, however, nevertheless allowed direct control of these bits. IMPACT Interrupts may be observed by Xen at...

Security update for xen (important)

The XEN hypervisor was updated to fix two security issues: - Fixed a buffer overflow in the floppy drive emulation, which could be used to denial of service attacks or potential code execution against the host. CVE-2015-3456 - Xen did not initialize certain fields, which allowed certain remote...

xen-tools -- PCI MSI mask bits inadvertently exposed to guests

The Xen Project reports: The mask bits optionally available in the PCI MSI capability structure are used by the hypervisor to occasionally suppress interrupt delivery. Unprivileged guests were, however, nevertheless allowed direct control of these bits. Interrupts may be observed by Xen at...

[SECURITY] Fedora 22 Update: xen-4.5.0-9.fc22

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...

[SECURITY] Fedora 20 Update: xen-4.3.4-4.fc20

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...

[SECURITY] Fedora 21 Update: xen-4.4.2-4.fc21

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...

SUSE SLES11 Security Update : Xen (SUSE-SU-2014:0372-1)

The SUSE Linux Enterprise Server 11 Service Pack 2 LTSS Xen hypervisor and toolset has been updated to fix various security issues and several bugs. The following security issues have been addressed : XSA-88: CVE-2014-1950: Use-after-free vulnerability in the xccpupoolgetinfo function in Xen 4.1....

SUSE SLED11 / SLES11 Security Update : Xen (SUSE-SU-2013:1774-1)

XEN has been updated to version 4.2.3 c/s 26170, fixing various bugs and security issues. - CVE-2013-4416: XSA-72: Fixed ocaml xenstored that mishandled oversized message replies - CVE-2013-4355: XSA-63: Fixed information leaks through I/O instruction emulation - CVE-2013-4361: XSA-66: Fixed...

SUSE SLED12 / SLES12 Security Update : Xen (SUSE-SU-2015:0613-1)

The XEN hypervisor received updates to fix various security issues and bugs. The following security issues were fixed : - CVE-2015-2151: XSA-123: A hypervisor memory corruption due to x86 emulator flaw. - CVE-2015-2045: XSA-122: Information leak through version information hypercall. -...

SUSE SLED11 / SLES11 Security Update : Xen (SUSE-SU-2015:0747-1)

The Virtualization service XEN was updated to fix various bugs and security issues. The following security issues have been fixed : CVE-2015-2756: XSA-126: Unmediated PCI command register access in qemu could have lead to denial of service attacks against the host, if PCI cards are passed through...

SUSE SLES11 Security Update : Xen (SUSE-SU-2015:0745-1)

The Virtualization service XEN was updated to fix various bugs and security issues. The following security issues have been fixed : CVE-2015-2756: XSA-126: Unmediated PCI command register access in qemu could have lead to denial of service attacks against the host, if PCI cards are passed through...

SUSE SLES10 Security Update : Xen (SUSE-SU-2014:0411-1)

The SUSE Linux Enterprise Server 10 Service Pack 4 LTSS Xen hypervisor and toolset have been updated to fix various security issues. The following security issues have been addressed : - XSA-82: CVE-2013-6885: The microcode on AMD 16h 00h through 0Fh processors does not properly handle the...

Oracle VM VirtualBox < 3.2.28 / 4.0.30 / 4.1.38 / 4.2.30 / 4.3.28 QEMU FDC Overflow RCE (VENOM)

The remote host contains a version of Oracle VM VirtualBox that is prior to 3.2.28 / 4.0.30 / 4.1.38 / 4.2.30 / 4.3.28. It is, therefore affected by a flaw in the Floppy Disk Controller FDC in the bundled QEMU software due to an overflow condition in 'hw/block/fdc.c' when handling certain command...

SUSE SLES11 Security Update : xen (SUSE-SU-2014:1732-1)

xen was updated to fix 10 security issues : - Guest effectable page reference leak in MMUMACHPHYSUPDATE handling CVE-2014-9030. - Insufficient bounding of 'REP MOVS' to MMIO emulated inside the hypervisor CVE-2014-8867. - Missing privilege level checks in x86 emulation of far branches...

SUSE SLES11 Security Update : Xen (SUSE-SU-2014:0446-1)

The SUSE Linux Enterprise Server 11 Service Pack 1 LTSS Xen hypervisor and toolset have been updated to fix various security issues and some bugs. The following security issues have been addressed : XSA-84: CVE-2014-1894: Xen 3.2 and presumably earlier exhibit both problems with the overflow issu...