openSUSE Security Update : xen (openSUSE-2015-129)

The XEN virtualization was updated to fix bugs and security issues : Security issues fixed: CVE-2015-0361: XSA-116: xen: xen crash due to use after free on hvm guest teardown CVE-2014-9065, CVE-2014-9066: XSA-114: xen: p2m lock starvation CVE-2014-9030: XSA-113: Guest effectable page reference le...

Security update for xen (important)

The XEN virtualization was updated to fix bugs and security issues: Security issues fixed: CVE-2015-0361: XSA-116: xen: xen crash due to use after free on hvm guest teardown CVE-2014-9065, CVE-2014-9066: XSA-114: xen: p2m lock starvation CVE-2014-9030: XSA-113: Guest effectable page reference lea...

OracleVM 3.2 : xen (OVMSA-2013-0040)

The remote OracleVM system is missing necessary patches to address critical security updates : - libxc: limit cpu values when setting vcpu affinity When support for pinning more than 64 cpus was added, check for cpu out-of-range values was removed. This can lead to subsequent out-of-bounds cpumap...

OracleVM 3.2 : xen (OVMSA-2014-0001)

The remote OracleVM system is missing necessary patches to address critical security updates : - flask: restrict allocations done by hypercall interface Other than in 4.2 and newer, we're not having an overflow issue here, but uncontrolled exposure of the operations opens the host to be driven ou...

OracleVM 3.1 : xen (OVMSA-2014-0002)

The remote OracleVM system is missing necessary patches to address critical security updates : - flask: restrict allocations done by hypercall interface Other than in 4.2 and newer, we're not having an overflow issue here, but uncontrolled exposure of the operations opens the host to be driven ou...

OracleVM 3.1 : xen (OVMSA-2013-0041)

The remote OracleVM system is missing necessary patches to address critical security updates : - libxc: limit cpu values when setting vcpu affinity When support for pinning more than 64 cpus was added, check for cpu out-of-range values was removed. This can lead to subsequent out-of-bounds cpumap...

OracleVM 2.2 : xen (OVMSA-2013-0074)

The remote OracleVM system is missing necessary patches to address critical security updates : - x86: check segment descriptor read result in 64-bit OUTS emulation XSA-67 Matthew Daley orabug 17571640 CVE-2013-4368 - x86: properly set up fbld emulation operand address XSA-66 Jan Beulich orabug...

OracleVM 2.2 : xen (OVMSA-2014-0028)

The remote OracleVM system is missing necessary patches to address critical security updates : - Backport xend: disable sslv3 due to CVE-2014-356 19831405 - libxc: Support set affinity for more than 64 CPUs 18938789 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The package checks in this...

Oracle Linux 5 : xen (ELSA-2013-0241)

The remote Oracle Linux 5 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2013-0241 advisory. 3.0.3-142.el59.1 - libxc: move error checking next to the function which returned the error rhbz 876997 - libxc: builder: limit maximum size of kernel/ramdisk...

Buffer overflow in xencontrol Python bindings affecting xend

ISSUE DESCRIPTION The Python bindings for the xcvcpusetaffinity call do not properly check their inputs. Systems which allow untrusted administrators to configure guest vcpu affinity may be exploited to trigger a buffer overrun and corrupt memory. IMPACT An attacker who is able to configure a...

CentOS 5 : xen (CESA-2013:0241)

Updated xen packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availab...

RHEL 5 : xen (RHSA-2013:0241)

Updated xen packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availab...

Moderate: Red Hat Security Advisory: xen security update

Updated xen packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availab...

xen security update

3.0.3-142.el59.1 - libxc: move error checking next to the function which returned the error rhbz 876997 - libxc: builder: limit maximum size of kernel/ramdisk rhbz 876997...