similar to: [holtmann@redhat.com: Re: [vendor-sec] CVE-2007-0998 HVM guest VNC server allows to compromise host]

Package: xen Severity: important Tags: security Justification: user security hole Hi, This issue is still unfixed in Wheezy: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-2625 Patch: http://xenbits.xensource.com/hg/xen-unstable.hg/rev/60f09d1ab1fe Cheers, Moritz

Package: xen-3.0 Severity: important Hi The following CVE[0] was issued against xen. Can you please check, if the Debian versions are affected? The CVE says: The VNC server implementation in QEMU, as used by Xen and possibly other environments, allows local users of a guest operating system to read arbitrary files on the host operating system via unspecified vectors related to QEMU monitor

Package: xen-qemu-dm-4.0 Version: 4.0.1-2+squeeze1 Severity: grave Tags: squeeze Copying the Xen Security Advisory: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory XSA-19 guest administrator can access qemu monitor console ISSUE DESCRIPTION ================= A guest administrator who is granted access to the graphical console of a Xen guest can

When oFono launched, I announced the project to other projects that it may compliment. oFono has hit the 1.0 Milestone and has some serious backing if you missed my post a year or so ago and never heard of it. Check it out... Thanks, Steve Totaro ---------- Forwarded message ---------- From: Marcel Holtmann <marcel at holtmann.org> Date: Sun, Oct 16, 2011 at 2:25 PM Subject: oFono 1.0

Package: xen Severity: grave Tags: security Please see http://www.openwall.com/lists/oss-security/2012/07/26/4 Cheers, Moritz

CentOS Errata and Bugfix Advisory 2014:0998 Upstream details at : https://rhn.redhat.com/errata/RHBA-2014-0998.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 71e97ffad8411de2b792f65efcdbc4692b0fecf17bc164ded045e4612a7195a1 log4cpp-1.0-13.el6_5.1.i686.rpm

CentOS Errata and Security Advisory 2015:0998 Important Upstream details at : https://rhn.redhat.com/errata/RHSA-2015-0998.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 85cce3eefbd38e1e2e0ace1ebe9a50352eefd8d67d098106c7dc5df16aa92ce4 qemu-guest-agent-0.12.1.2-2.448.el6_6.3.i686.rpm x86_64:

Package: xen Severity: grave Tags: security Please see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4255 for a description and a link to the upstream report/patch. Cheers, Moritz

Hi, Is the command #yum list-sec cves still compatible with Centos7? Or are there alternatives to list all CVE applicable to a CentOS without the Satellite? Thanks

On 02/09/15 19:27, Raymond Durand wrote: > Hi, > > Is the command > #yum list-sec cves > > still compatible with Centos7? > this should not have worked with any version of CentOS, you can do some scraping and feeding into a local repo instance, but please validate the content and the checks reported therein - we do no CVE validation in CentOS Buildsystems. -- Karanbir

2015-09-03 12:56 GMT+02:00 Karanbir Singh <mail-lists at karan.org>: > On 02/09/15 19:27, Raymond Durand wrote: > > Hi, > > > > Is the command > > #yum list-sec cves > > > > still compatible with Centos7? > > > this should not have worked with any version of CentOS, you can do some > scraping and feeding into a local repo instance, but

Source: xen Severity: grave Tags: security Hi, the following security issues apply to Xen in jessie: CVE-2014-5146,CVE-2014-5149: https://marc.info/?l=oss-security&m=140784877111813&w=2 CVE-2014-8594: https://marc.info/?l=oss-security&m=141631359901060&w=2 CVE-2014-8595: https://marc.info/?l=oss-security&m=141631352601020&w=2 Cheers, Moritz

On Wed, Nov 19, 2014 at 11:45:02PM +0100, Moritz Muehlenhoff wrote: > Source: xen > Severity: grave > Tags: security > > Hi, > the following security issues apply to Xen in jessie: > > CVE-2014-5146,CVE-2014-5149: > https://marc.info/?l=oss-security&m=140784877111813&w=2 > > CVE-2014-8594: >

Source: xen Severity: important Tags: security Please see http://xenbits.xen.org/xsa/advisory-125.html http://xenbits.xen.org/xsa/advisory-126.html http://xenbits.xen.org/xsa/advisory-127.html Cheers, Moritz

Source: xen Severity: important Tags: security Hi, please see http://xenbits.xen.org/xsa/advisory-116.html for details and a patch. Cheers, Moritz

retitle 776319 xen: CVE-2015-0361 CVE-2015-1563 thanks On Mon, Jan 26, 2015 at 08:52:53PM +0100, Moritz Muehlenhoff wrote: > Source: xen > Severity: important > Tags: security > > Hi, > please see http://xenbits.xen.org/xsa/advisory-116.html > for details and a patch. Also http://xenbits.xen.org/xsa/advisory-118.html needs to be fixed in jessie. Cheers, Moritz

Source: xen Severity: important Tags: security http://xenbits.xen.org/xsa/advisory-119.html Cheers, Moritz

Package: xen-hypervisor-4.1-amd64 Version: 4.1.4-3+deb7u4 Severity: critical Hi, Not sure how come I'm the first one to file this kind of a bug report :) but here goes JFTR... http://xenbits.xen.org/xsa/advisory-123.html was embargoed, but advance warning was given to several big Xen VM farms, which led to e.g. https://aws.amazon.com/premiumsupport/maintenance-2015-03/

FYI >Mailing-List: contact vulnwatch-help@vulnwatch.org; run by ezmlm >List-Post: <mailto:vulnwatch@vulnwatch.org> >List-Help: <mailto:vulnwatch-help@vulnwatch.org> >List-Unsubscribe: <mailto:vulnwatch-unsubscribe@vulnwatch.org> >List-Subscribe: <mailto:vulnwatch-subscribe@vulnwatch.org> >Delivered-To: mailing list vulnwatch@vulnwatch.org

Package: xen Severity: grave Tags: security Justification: user security hole Please see the following links: http://www.openwall.com/lists/oss-security/2012/09/05/11 http://www.openwall.com/lists/oss-security/2012/09/05/10 http://www.openwall.com/lists/oss-security/2012/09/05/9 http://www.openwall.com/lists/oss-security/2012/09/05/8 http://www.openwall.com/lists/oss-security/2012/09/05/7