RHEL 6 : rhev-hypervisor6 3.4.0 (RHSA-2014:0674)

Updated rhev-hypervisor6 packages that fix multiple security issues, several bugs, and add various enhancements are now available. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed...

RHEL 6 : rhev-hypervisor6 (RHSA-2013:0579)

The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2013:0579 advisory. The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization...

RHEL 6 : rhev-hypervisor6 (RHSA-2014:0396) (Heartbleed)

An updated rhev-hypervisor6 package that fixes one security issue is now available for Red Hat Enterprise Virtualization Hypervisor 3.2. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives...

RHEL 6 : rhev-hypervisor6 (RHSA-2012:1505)

An updated rhev-hypervisor6 package that fixes one security issue, various bugs, and adds enhancements is now available. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

RHEL 6 : rhev-hypervisor6 (RHSA-2014:1354) (Shellshock)

An updated rhev-hypervisor6 package that fixes several security issues is now available. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available for each...

NIST Publishes Draft Hypervisor Security Guide

NIST has followed up a three-year-old virtualization security guide with recommendations for hypervisor security. A draft version of SP800-125a was released this week and a public comment period opened on Monday and ends Nov. 10. The guide targets enterprise security and IT management as well dat...

virt-who: plaintext hypervisor passwords in world-readable /etc/sysconfig/virt-who configuration file

It was discovered that the /etc/sysconfig/virt-who configuration file, which may contain hypervisor authentication credentials, was world-readable. A local user could use this flaw to obtain authentication credentials from this file...

[SECURITY] Fedora 19 Update: xen-4.2.5-3.fc19

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...

[SECURITY] Fedora 20 Update: xen-4.3.3-3.fc20

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...

Xen Hypervisor Installed

Binary data xenserverdetect.nbin...

[SECURITY] Fedora 21 Update: xen-4.4.1-6.fc21

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...

NEW VMSA-2014-0010 - VMware product updates address critical Bash security vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 VMware Security Advisory Advisory ID: VMSA-2014-0010 Synopsis: VMware product updates address critical Bash security vulnerabilities Issue date: 2014-09-30 Updated on: 2014-09-30 Initial Advisory CVE numbers: CVE-2014-6271, CVE-2014-7169, CVE-2014-718...

Critical: Red Hat Security Advisory: rhev-hypervisor6 security update

An updated rhev-hypervisor6 package that fixes several security issues is now available. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available for each...

Xen Bug Could cause Crashes, Expose Cloud Data

The Xen Project published a security advisory yesterday about a critical vulnerability in its virtual machine and hypervisor systems that could expose public cloud servers to attacks capable of crashing host machines and even stealing small amounts of random data. The fix was made available under...

CVE-2014-7188

The hvmmsrreadintercept function in arch/x86/hvm/hvm.c in Xen 4.1 through 4.4.x uses an improper MSR range for x2APIC emulation, which allows local HVM guests to cause a denial of service host crash or read data from the hypervisor or other guests via unspecified vectors...

DEBIAN-CVE-2014-7188

The hvmmsrreadintercept function in arch/x86/hvm/hvm.c in Xen 4.1 through 4.4.x uses an improper MSR range for x2APIC emulation, which allows local HVM guests to cause a denial of service host crash or read data from the hypervisor or other guests via unspecified vectors...

CVE-2014-7188

The hvmmsrreadintercept function in arch/x86/hvm/hvm.c in Xen 4.1 through 4.4.x uses an improper MSR range for x2APIC emulation, which allows local HVM guests to cause a denial of service host crash or read data from the hypervisor or other guests via unspecified vectors...

UBUNTU-CVE-2014-7156

The x86emulate function in arch/x86/x86emulate/x86emulate.c in Xen 3.3.x through 4.4.x does not check the supervisor mode permissions for instructions that generate software interrupts, which allows local HVM guest users to cause a denial of service guest crash via unspecified vectors...

Design/Logic Flaw

The hvmmsrreadintercept function in arch/x86/hvm/hvm.c in Xen 4.1 through 4.4.x uses an improper MSR range for x2APIC emulation, which allows local HVM guests to cause a denial of service host crash or read data from the hypervisor or other guests via unspecified vectors...

UBUNTU-CVE-2014-7154

Race condition in HVMOPtrackdirtyvram in Xen 4.0.0 through 4.4.x does not ensure possession of the guarding lock for dirty video RAM tracking, which allows certain local guest domains to cause a denial of service via unspecified vectors...