Moderate: Red Hat Security Advisory: kernel security and bug fix update

Updated kernel packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

[SECURITY] Fedora 20 Update: openstack-nova-2013.2.3-2.fc20

OpenStack Compute codename Nova is open source software designed to provision and manage large networks of virtual machines, creating a redundant and scalable cloud computing platform. It gives you the software, control panels, and APIs required to orchestrate a cloud, including running instances...

CVE-2014-4022

The allocdomainstruct function in arch/arm/domain.c in Xen 4.4.x, when running on an ARM platform, does not properly initialize the structure containing the grant table pages for a domain, which allows local guest administrators to obtain sensitive information via the GNTTABOPsetuptable...

Fedora 20 : xen-4.3.2-6.fc20 (2014-7722)

Hypervisor heap contents leaked to guest, with extra patch to avoid regression Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without...

[SECURITY] Fedora 19 Update: xen-4.2.4-6.fc19

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...

MS HyperV Persistent DoS Vulnerability

No description provided by source. Core Security Technologies - Corelabs Advisory http://corelabs.coresecurity.com/ MS HyperV Persistent DoS Vulnerability 1. Advisory Information Title: MS HyperV Persistent DoS Vulnerability Advisory ID: CORE-2011-0203 Advisory URL:...

Virtual PC Hypervisor Memory Protection Vulnerability

No description provided by source. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Virtual PC Hypervisor Memory Protection Vulnerability 1. Advisory Information Title: Virtual PC Hypervisor Memory Protection...

Important: Red Hat Security Advisory: rhev-hypervisor6 security update

An updated rhev-hypervisor6 package that fixes several security issues is now available. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available for each...

[SECURITY] Fedora 19 Update: xen-4.2.4-5.fc19

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...

[SECURITY] Fedora 20 Update: xen-4.3.2-5.fc20

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...

information leak via gnttab_setup_table on ARM

ISSUE DESCRIPTION When initialising an internal data structure on ARM platform Xen was not correctly initialising the memory containing the list of a domain's grant table pages. This list is returned by the GNTTABOPsetuptable subhypercall, leading to an information leak. IMPACT Malicious guest...

[oss-security] Xen Security Advisory 100 (CVE-2014-4021) - Hypervisor heap contents leaked to guests

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2014-4021 / XSA-100 version 3 Hypervisor heap contents leaked to guests UPDATES IN VERSION 3 ==================== Public Release. CVE assigned. ISSUE DESCRIPTION ================= While memory pages recovered from dying guest...

[oss-security] Xen Security Advisory 96 (CVE-2014-3967,CVE-2014-3968) - Vulnerabilities in HVM MSI injection

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2014-3967,CVE-2014-3968 / XSA-96 version 3 Vulnerabilities in HVM MSI injection UPDATES IN VERSION 3 ==================== CVEs assigned. ISSUE DESCRIPTION ================= The implementation of the HVM control operation...

[oss-security] Xen Security Advisory 54 (CVE-2013-2078) - Hypervisor crash due to missing exception recovery on XSETBV

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2013-2078 / XSA-54 version 4 Hypervisor crash due to missing exception recovery on XSETBV UPDATES IN VERSION 4 ==================== Reduce vulnerable range of versions to 4.1 and onwards. ISSUE DESCRIPTION =================...

unexpected pitfall in xenaccess API

ISSUE DESCRIPTION A test/example program, for exercising the Xen memaccess API, does not take all necessary precautions against hostile guest behaviour. As a result, software developers using it as an example or template might have written and deployed vulnerable code. See the patch for technical...

Hypervisor heap contents leaked to guests

ISSUE DESCRIPTION While memory pages recovered from dying guests are being cleaned to avoid leaking sensitive information to other guests, memory pages that were in use by the hypervisor and are eligible to be allocated to guests weren't being properly cleaned. Such exposure of information would...

openSUSE Security Update : xen (openSUSE-SU-2013:1404-1)

XEN was updated to 4.2.2, fixing lots of bugs and several security issues. Various upstream patches were also merged into this version by our developers. Detailed buglist : - bnc824676 - Failed to setup devices for vm instance when start multiple vms simultaneously - bnc817799 - sles9sp4 guest...

openSUSE Security Update : xen (openSUSE-SU-2013:0636-1)

XEN was updated to fix various bugs and security issues : Security issues fixed : - bnc800275 - CVE-2013-0153: xen: interrupt remap entries shared and old ones not cleared on AMD IOMMUs - bnc797523 - CVE-2012-6075: qemu / kvm-qemu: e1000 overflows under some conditions - bnc797031 - Xen Security...

openSUSE Security Update : kernel (openSUSE-SU-2011:0004-1)

The openSUSE 11.3 kernel was updated to fix various bugs and security issues. Following security issues have been fixed: CVE-2010-4347: A local user could inject ACPI code into the kernel via the world-writable 'customdebug' file, allowing local privilege escalation. CVE-2010-4258: A local attack...

openSUSE Security Update : xen (openSUSE-SU-2013:1953-1)

Xen was updated to 4.2.3 c/s 26170 to fix various bugs and security issues. Following issues were fixed : - bnc845520 - CVE-2013-4416: xen: ocaml xenstored mishandles oversized message replies - bnc833483 - Boot Failure with xen kernel in UEFI mode with error 'No memory for trampoline' -...