OracleVM 3.1 : xen (OVMSA-2013-0071)

The remote OracleVM system is missing necessary patches to address critical security updates : - Rebuild correcting changelog - x86: properly set up fbld emulation operand address This is XSA-66. CVE-2013-4361 - x86: properly handle hvmcopyfromguestphys,virt errors Ignoring them generally implies...

openSUSE Security Update : xen (openSUSE-SU-2013:1636-1)

Xen was updated to 4.1.6 c/s 23588 to fix various bugs and security issues. Following changes are listed : - Comment out the -include directive in Config.mk as the build service build seems to error out not finding '.config' xen-config.diff - bnc845520 - CVE-2013-4416: xen: ocaml xenstored...

SuSE 11.2 / 11.3 Security Update : Xen (SAT Patch Numbers 8478 / 8479)

XEN has been updated to version 4.2.3 c/s 26170, fixing various bugs and security issues. - XSA-72: Fixed ocaml xenstored that mishandled oversized message replies. CVE-2013-4416 - XSA-63: Fixed information leaks through I/O instruction emulation. CVE-2013-4355 - XSA-66: Fixed information leak...

CVE-2013-4361

The fbld instruction emulation in Xen 3.3.x through 4.3.x does not use the correct variable for the source effective address, which allows local HVM guests to obtain hypervisor stack information by reading the values used by the instruction...