CVE-2018-12892

An issue was discovered in Xen 4.7 through 4.10.x. libxl fails to pass the readonly flag to qemu when setting up a SCSI disk, due to what was probably an erroneous merge conflict resolution. Malicious guest administrators or in some situations users may be able to write to supposedly read-only di...

openSUSE Security Update : xen (openSUSE-2016-34)

This update for xen fixes the following security issues : - CVE-2015-8550: paravirtualized drivers incautious about shared memory contents XSA-155, boo957988 - CVE-2015-8558: qemu: usb: infinite loop in ehciadvancestate results in DoS boo959006 - CVE-2015-7549: qemu pci: NULL pointer dereference...

SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2015:2324-1)

This update fixes the following security issues : - bsc956832 - CVE-2015-8345: xen: qemu: net: eepro100: infinite loop in processing command block list - Revert x86/IO-APIC: don't create pIRQ mapping from masked RTE until kernel maintenance release goes out. - bsc956592 - xen: virtual PMU is...

SUSE SLED11 / SLES11 Security Update : xen (SUSE-SU-2015:2326-1)

This update fixes the following security issues : - bsc956832 - CVE-2015-8345: xen: qemu: net: eepro100: infinite loop in processing command block list - bsc956592 - xen: virtual PMU is unsupported XSA-163 - bsc956408 - CVE-2015-8339, CVE-2015-8340: xen: XENMEMexchange error handling issues XSA-1...

Fedora 21 : xen-4.4.3-3.fc21 (2015-15946)

libxl fails to honour readonly flag on disks with qemu-xen XSA-142 possible fix ---- update to xen-4.4.3, including Use after free in QEMU/Xen block unplug protocol XSA-139, CVE-2015-5166, QEMU leak of uninitialized heap memory in rtl8139 device model XSA-140, CVE-2015-5165 Note that Tenable...