OracleVM 3.4 : xen (OVMSA-2018-0246) (Foreshadow)

The remote OracleVM system is missing necessary patches to address critical security updates : - BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8 - BUILDINFO: xen commit=02cec92b3eb1612e37616b10400d82f1e3d8de85 - BUILDINFO: QEMU upstream...

OracleVM 3.2 : xen (OVMSA-2018-0225)

The remote OracleVM system is missing necessary patches to address critical security updates : - From: Jan Beulich Subject: x86/paging: don't unconditionally BUG on finding SHAREDM2PENTRY PV guests can fully control the values written into the P2M. This is XSA-251. CVE-2017-17565 - From: Jan...

OracleVM 3.2 : xen (OVMSA-2017-0149)

The remote OracleVM system is missing necessary patches to address critical security updates : - From e26560a4b056dad6d85ffd9ebfad9565f210a9cc Mon Sep 17 00:00:00 2001 From: Jan Beulich Date: Wed, 30 May 2012 09:22:17 +0100 Subject: PATCH gnttab: don't use domain lock for serialization Instead us...

Debian Security Advisory DSA 3554-1 (xen - security update)

Multiple vulnerabilities have been discovered in the Xen hypervisor. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2016-3158, CVE-2016-3159 XSA-172 Jan Beulich from SUSE discovered that Xen does not properly handle writes to the hardware FSW.ES bit when...

[USN-2630-1] QEMU vulnerabilities

========================================================================== Ubuntu Security Notice USN-2630-1 June 10, 2015 qemu, qemu-kvm vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivative...

Ubuntu 14.04 LTS : QEMU vulnerabilities (USN-2630-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2630-1 advisory. Matt Tait discovered that QEMU incorrectly handled the virtual PCNET driver. A malicious guest could use this issue to cause a denial of service, or...

Debian DSA-3259-1 : qemu - security update (Venom)

Several vulnerabilities were discovered in the qemu virtualisation solution : - CVE-2014-9718 It was discovered that the IDE controller emulation is susceptible to denial of service. - CVE-2015-1779 Daniel P. Berrange discovered a denial of service vulnerability in the VNC web socket decoder. -...

Debian DSA-3140-1 : xen - security update

Multiple security issues have been discovered in the Xen virtualisation solution which may result in denial of service, information disclosure or privilege escalation. - CVE-2014-8594 Roger Pau Monne and Jan Beulich discovered that incomplete restrictions on MMU update hypercalls may result in...

Debian Security Advisory DSA 3140-1 (xen - security update)

Multiple security issues have been discovered in the Xen virtualisation solution which may result in denial of service, information disclosure or privilege escalation. CVE-2014-8594 Roger Pau Monne and Jan Beulich discovered that incomplete restrictions on MMU update hypercalls may result in...

OracleVM 2.2 : xen (OVMSA-2013-0092)

The remote OracleVM system is missing necessary patches to address critical security updates : - x86/AMD: work around erratum 793 XSA-82 Jan Beulich 17884839 CVE-2013-6885 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The package checks in this plugin were extracted from OracleVM Security...

[oss-security] Xen Security Advisory 100 (CVE-2014-4021) - Hypervisor heap contents leaked to guests

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2014-4021 / XSA-100 version 3 Hypervisor heap contents leaked to guests UPDATES IN VERSION 3 ==================== Public Release. CVE assigned. ISSUE DESCRIPTION ================= While memory pages recovered from dying guest...

[oss-security] Xen Security Advisory 96 (CVE-2014-3967,CVE-2014-3968) - Vulnerabilities in HVM MSI injection

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2014-3967,CVE-2014-3968 / XSA-96 version 3 Vulnerabilities in HVM MSI injection UPDATES IN VERSION 3 ==================== CVEs assigned. ISSUE DESCRIPTION ================= The implementation of the HVM control operation...