OracleVM 3.1 : xen (OVMSA-2014-0002)

The remote OracleVM system is missing necessary patches to address critical security updates : - flask: restrict allocations done by hypercall interface Other than in 4.2 and newer, we're not having an overflow issue here, but uncontrolled exposure of the operations opens the host to be driven ou...

CVE-2014-1891

Multiple integer overflows in the 1 FLASKGETBOOL, 2 FLASKSETBOOL, 3 FLASKUSER, and 4 FLASKCONTEXTTOSID suboperations in the flask hypercall in Xen 4.3.x, 4.2.x, 4.1.x, 3.2.x, and earlier, when XSM is enabled, allow local users to cause a denial of service processor fault via unspecified vectors, ...

SuSE 11.3 Security Update : Xen (SAT Patch Number 8973)

The SUSE Linux Enterprise Server 11 Service Pack 3 Xen hypervisor and toolset has been updated to 4.2.4 to fix various bugs and security issues : The following security issues have been addressed : - XSA-60: CVE-2013-2212: The vmxsetucmode function in Xen 3.3 through 4.3, when disabling chaches,...

Fedora 20 : xen-4.3.1-9.fc20 (2014-2170)

three security fixes: integer overflow in several XSM/Flask hypercalls XSA-84, Off-by-one error in FLASKAVCCACHESTAT hypercall XSA-85, libvchan failure handling malicious ring indexes XSA-86 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora...