Debian Security Advisory DSA 2582-1 (xen - several vulnerabilities)

Multiple denial of service vulnerabilities have been discovered in the Xen Hypervisor. One of the issue CVE-2012-5513 could even lead to privilege escalation from guest to host. Some of the recently published Xen Security Advisories XSA 25 and 28 are not fixed by this update and should be fixed i...

SuSE 10 Security Update : Xen (ZYPP Patch Number 8379)

This update fixes the following security issues in xen : - XENMEMexchange may overwrite hypervisor memory XSA-29. CVE-2012-5513 - Several memory hypercall operations allow invalid extent order values XSA-31. CVE-2012-5515 Also the following bugs have been fixed and upstream patches have been...

Several memory hypercall operations allow invalid extent order values

ISSUE DESCRIPTION Allowing arbitrary extentorder input values for XENMEMdecreasereservation, XENMEMpopulatephysmap, and XENMEMexchange can cause arbitrarily long time being spent in loops without allowing vital other code to get a chance to execute. This may also cause inconsistent state resultin...