198 matches found
openSUSE Security Update : libvirt (openSUSE-2019-1294)
This update for libvirt fixes the following issues : Security issues fixed : - CVE-2019-3840: Fixed a NULL pointer dereference vulnerability in virJSONValueObjectHasKey function which could have resulted in a remote denial of service via the guest agent bsc1127458. - CVE-2019-3886: Fixed an...
SUSE SLED12 / SLES12 Security Update : libvirt (SUSE-SU-2019:1042-1)
This update for libvirt fixes the following issues : Security issues fixed : CVE-2019-3840: Fixed a NULL pointer dereference vulnerability in virJSONValueObjectHasKey function which could have resulted in a remote denial of service via the guest agent bsc1127458. CVE-2019-3886: Fixed an informati...
SUSE SLED12 / SLES12 Security Update : libvirt (SUSE-SU-2019:0948-1)
This update for libvirt fixes the following issues : Security issue fixed : CVE-2019-3840: Fixed a NULL pointer dereference vulnerability in virJSONValueObjectHasKey function which could have resulted in a remote denial of service via the guest agent bsc1127458. CVE-2019-3886: Fixed an informatio...
Downloads Resources over HTTP in libxl
Affected versions of libxl insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the system...
GHSA-7VRQ-VG6P-32FW Downloads Resources over HTTP in libxl
Affected versions of libxl insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the system...
Fedora 28 : xen (2018-a7862a75f5)
preemption checks bypassed in x86 PV MM handling XSA-264, CVE-2018-12891 1595959 x86: DB exception safety check can be triggered by a guest XSA-265, CVE-2018-12893 1595958 libxl fails to honour readonly flag on HVM emulated SCSI disks XSA-266, CVE-2018-12892 1595957 Note that Tenable Network...
SUSE-SU-2018:2081-2 Security update for xen
This update for xen fixes the following issues: Security issues fixed: - CVE-2018-12891: Fix preemption checks bypass in x86 PV MM handling XSA-264 bsc1097521. - CVE-2018-12892: Fix libxl failure to honour readonly flag on HVM emulated SCSI disks XSA-266 bsc1097523. - CVE-2018-12893: Fix DB...
SUSE SLES12 Security Update : libvirt (SUSE-SU-2018:2631-1) (Spectre)
This update for libvirt fixes the following issues : This new feature was added : bsc1094325, bsc1094725: libxl: Enable virsh blockresize for XEN guests This security issue was fixed: CVE-2017-5715: Additional fixes for the Spectre patches bsc1079869 The update package also includes non-security...
SUSE SLES12 Security Update : xen (SUSE-SU-2018:2081-1)
This update for xen fixes the following issues: Security issues fixed : - CVE-2018-12891: Fix preemption checks bypass in x86 PV MM handling XSA-264 bsc1097521. - CVE-2018-12892: Fix libxl failure to honour readonly flag on HVM emulated SCSI disks XSA-266 bsc1097523. - CVE-2018-12893: Fix DB...
Fedora 27 : xen (2018-1a467757ce)
preemption checks bypassed in x86 PV MM handling XSA-264, CVE-2018-12891 x86: DB exception safety check can be triggered by a guest XSA-265, CVE-2018-12893 libxl fails to honour readonly flag on HVM emulated SCSI disks XSA-266, CVE-2018-12892 ---- Speculative register leakage from lazy FPU contex...
SUSE-SU-2018:1981-1 Security update for xen
This update for xen fixes the following issues: Security issues fixed: - CVE-2018-3665: Fix Lazy FP Save/Restore issue XSA-267 bsc1095242. - CVE-2018-12891: Fix possible Denial of Service DoS via certain PV MMU operations that affect the entire host XSA-264 bsc1097521. - CVE-2018-12892: Fix libxl...
CVE-2018-12892
An issue was discovered in Xen 4.7 through 4.10.x. libxl fails to pass the readonly flag to qemu when setting up a SCSI disk, due to what was probably an erroneous merge conflict resolution. Malicious guest administrators or in some situations users may be able to write to supposedly read-only di...
UBUNTU-CVE-2018-12892
An issue was discovered in Xen 4.7 through 4.10.x. libxl fails to pass the readonly flag to qemu when setting up a SCSI disk, due to what was probably an erroneous merge conflict resolution. Malicious guest administrators or in some situations users may be able to write to supposedly read-only di...
Design/Logic Flaw
An issue was discovered in Xen 4.7 through 4.10.x. libxl fails to pass the readonly flag to qemu when setting up a SCSI disk, due to what was probably an erroneous merge conflict resolution. Malicious guest administrators or in some situations users may be able to write to supposedly read-only di...
CVE-2018-12892
An issue was discovered in Xen 4.7 through 4.10.x. libxl fails to pass the readonly flag to qemu when setting up a SCSI disk, due to what was probably an erroneous merge conflict resolution. Malicious guest administrators or in some situations users may be able to write to supposedly read-only di...
DEBIAN-CVE-2018-12892
An issue was discovered in Xen 4.7 through 4.10.x. libxl fails to pass the readonly flag to qemu when setting up a SCSI disk, due to what was probably an erroneous merge conflict resolution. Malicious guest administrators or in some situations users may be able to write to supposedly read-only di...
ALPINE-CVE-2018-12892
An issue was discovered in Xen 4.7 through 4.10.x. libxl fails to pass the readonly flag to qemu when setting up a SCSI disk, due to what was probably an erroneous merge conflict resolution. Malicious guest administrators or in some situations users may be able to write to supposedly read-only di...
CVE-2018-12892
Concretely, CVE-2018-12892 affects Xen 4.7–4.10.x when using libxl with qemu-xen: libxl fails to pass the readonly flag to QEMU for emulated SCSI disks (disk type sd) due to an erroneous merge conflict resolution. This can allow malicious guest administrators or certain users to write to original...
CVE-2018-12892
An issue was discovered in Xen 4.7 through 4.10.x. libxl fails to pass the readonly flag to qemu when setting up a SCSI disk, due to what was probably an erroneous merge conflict resolution. Malicious guest administrators or in some situations users may be able to write to supposedly read-only di...
CVE-2018-12892
An issue was discovered in Xen 4.7 through 4.10.x. libxl fails to pass the readonly flag to qemu when setting up a SCSI disk, due to what was probably an erroneous merge conflict resolution. Malicious guest administrators or in some situations users may be able to write to supposedly read-only di...