OracleVM 3.1 : xen (OVMSA-2013-0071)

The remote OracleVM system is missing necessary patches to address critical security updates : - Rebuild correcting changelog - x86: properly set up fbld emulation operand address This is XSA-66. CVE-2013-4361 - x86: properly handle hvmcopyfromguestphys,virt errors Ignoring them generally implies...

openSUSE Security Update : xen (openSUSE-SU-2013:1636-1)

Xen was updated to 4.1.6 c/s 23588 to fix various bugs and security issues. Following changes are listed : - Comment out the -include directive in Config.mk as the build service build seems to error out not finding '.config' xen-config.diff - bnc845520 - CVE-2013-4416: xen: ocaml xenstored...

SuSE 11.2 / 11.3 Security Update : Xen (SAT Patch Numbers 8478 / 8479)

XEN has been updated to version 4.2.3 c/s 26170, fixing various bugs and security issues. - XSA-72: Fixed ocaml xenstored that mishandled oversized message replies. CVE-2013-4416 - XSA-63: Fixed information leaks through I/O instruction emulation. CVE-2013-4355 - XSA-66: Fixed information leak...

CVE-2013-4355

Xen 4.3.x and earlier does not properly handle certain errors, which allows local HVM guests to obtain hypervisor stack memory via a 1 port or 2 memory mapped I/O write or 3 other unspecified operations related to addresses without associated memory...