Information Disclosure in WildFire Appliance (WF-500)

Palo Alto Networks has determined that the WildFire Appliance WF-500 is affected by the vulnerability disclosure known as LazyFP and has completed an update to address these issues. The WildFire Appliance WF-500 software update is now available to customers that use the WildFire Appliance WF-500...

Carbon Black + VMware at RSA2019: Working Together to Secure the Digital Workspace

VMware and Carbon Black have a strong history of working together to fundamentally change the model for securing the virtualized data center, a concept that is resounding with attendees here at RSA2019 in San Francisco. A little more than a year ago, we announced a jointly developed, integrated...

Important: Red Hat Security Advisory: spice-server security update

An update for spice-server is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

Fuzzing para-virtualized devices in Hyper-V

Introduction Introduction Hyper-V is the backbone of Azure, running on its Hosts to provide efficient and fair sharing of resources, but also isolation. That’s why we, in the vulnerability research team for Windows, have been working in the background for years now helping secure Hyper-V. And why...

Fuzzing para-virtualized devices in Hyper-V

Introduction Hyper-V is the backbone of Azure, running on its Hosts to provide efficient and fair sharing of resources, but also isolation. That’s why we, in the vulnerability research team for Windows, have been working in the background for years now helping secure Hyper-V. And why Microsoft...

[SECURITY] Fedora 29 Update: cobbler-2.8.4-5.fc29

Cobbler is a network install server. Cobbler supports PXE, ISO virtualized installs, and re-installing existing Linux machines. The last two modes use a helper tool, 'koan', that integrates with cobbler. There is also a web interface 'cobbler-web'. Cobbler's advanced features include importing...

[SECURITY] Fedora 28 Update: cobbler-2.8.4-5.fc28

Cobbler is a network install server. Cobbler supports PXE, ISO virtualized installs, and re-installing existing Linux machines. The last two modes use a helper tool, 'koan', that integrates with cobbler. There is also a web interface 'cobbler-web'. Cobbler's advanced features include importing...

Virtuozzo 6 : spice-server / spice-server-devel (VZLSA-2018-3522)

An update for spice-server is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

spice security update

CentOS Errata and Security Advisory CESA-2018:3522 An update for spice-server is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

Oracle Solaris Denial of Service Vulnerability (CNVD-2018-21491)

Oracle Sun Systems Products Suite is a suite of Sun systems products from Oracle Corporation, of which Solaris is one of the computer operating system components. A security vulnerability exists in the Kernel Zones Virtualized NIC Driver subcomponent of version 11.3 of the Solaris component of th...

Oracle Solaris Critical Patch Update : oct2018_SRU11_4_0_0_0

This Solaris system is missing necessary patches to address critical security updates : - Vulnerability in the Solaris component of Oracle Sun Systems Products Suite subcomponent: Remote Administration Daemon RAD. The supported version that is affected is 11.3. Easily exploitable vulnerability...

CVE-2018-3272

CVE-2018-3272 affects the Solaris component of Oracle Sun Systems Products Suite, specifically the Kernel Zones Virtualized NIC Driver subcomponent in Solaris 11.3. The vulnerability allows an unauthenticated attacker with logon to the host environment to cause a hang or frequent, repeatable cras...

SUSE-SU-2018:2473-1 Security update for the Linux Kernel (Live Patch 2 for SLE 15)

This update for the Linux Kernel 4.12.14-256 fixes one issue. The following security issue was fixed: - CVE-2018-3646: Local attackers in virtualized guest systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads o...

SUSE-SU-2018:2414-1 Security update for the Linux Kernel (Live Patch 13 for SLE 12 SP3)

This update for the Linux Kernel 4.4.132-9433 fixes several issues. The following security issues were fixed: - CVE-2018-3646: Local attackers in virtualized guest systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other...

SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2358-1) (Foreshadow)

This update for the Linux Kernel 3.12.74-606496 fixes several issues. The following security issues were fixed : - CVE-2018-3646: Local attackers in virtualized guest systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other...

SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2345-1) (Foreshadow)

This update for the Linux Kernel 3.12.61-52128 fixes several issues. The following security issues were fixed : - CVE-2018-3646: Local attackers in virtualized guest systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other...

SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2389-1) (Foreshadow)

This update for the Linux Kernel 4.4.120-9270 fixes several issues. The following security issues were fixed : - CVE-2018-3646: Local attackers in virtualized guest systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other...

SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2369-1) (Foreshadow)

This update for the Linux Kernel 3.12.61-52136 fixes several issues. The following security issues were fixed : - CVE-2018-3646: Local attackers in virtualized guest systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other...

SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2359-1) (Foreshadow)

This update for the Linux Kernel 3.12.74-606469 fixes several issues. The following security issues were fixed : - CVE-2018-3646: Local attackers in virtualized guest systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other...

SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2342-1) (Foreshadow)

This update for the Linux Kernel 3.12.61-52133 fixes several issues. The following security issues were fixed : - CVE-2018-3646: Local attackers in virtualized guest systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other...