Displaying 20 results from an estimated 2000 matches similar to: "[holtmann@redhat.com: Re: [vendor-sec] CVE-2007-0998 HVM guest VNC server allows to compromise host]"
2012 Sep 19
5
Bug#688125: xen: CVE-2012-2625
Package: xen
Severity: important
Tags: security
Justification: user security hole
Hi,
This issue is still unfixed in Wheezy:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-2625
Patch:
http://xenbits.xensource.com/hg/xen-unstable.hg/rev/60f09d1ab1fe
Cheers,
Moritz
2007 Aug 06
0
Bug#436250: CVE-2007-0998: possible vulnerability
Package: xen-3.0
Severity: important
Hi
The following CVE[0] was issued against xen. Can you please check, if
the Debian versions are affected?
The CVE says:
The VNC server implementation in QEMU, as used by Xen and possibly
other environments, allows local users of a guest operating system
to read arbitrary files on the host operating system via unspecified
vectors related to QEMU monitor
2012 Sep 06
0
Bug#686848: CVE-2007-0998: Qemu monitor can be used to access host resources
Package: xen-qemu-dm-4.0
Version: 4.0.1-2+squeeze1
Severity: grave
Tags: squeeze
Copying the Xen Security Advisory:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Xen Security Advisory XSA-19
guest administrator can access qemu monitor console
ISSUE DESCRIPTION
=================
A guest administrator who is granted access to the graphical console
of a Xen guest can
2011 Oct 16
0
**OT** Fwd: oFono 1.0 has been released
When oFono launched, I announced the project to other projects that it
may compliment.
oFono has hit the 1.0 Milestone and has some serious backing if you
missed my post a year or so ago and never heard of it.
Check it out...
Thanks,
Steve Totaro
---------- Forwarded message ----------
From: Marcel Holtmann <marcel at holtmann.org>
Date: Sun, Oct 16, 2011 at 2:25 PM
Subject: oFono 1.0
2012 Jul 30
5
Bug#683279: CVE-2012-3432
Package: xen
Severity: grave
Tags: security
Please see
http://www.openwall.com/lists/oss-security/2012/07/26/4
Cheers,
Moritz
2014 Aug 05
0
CEBA-2014:0998 CentOS 6 log4cpp Update
CentOS Errata and Bugfix Advisory 2014:0998
Upstream details at : https://rhn.redhat.com/errata/RHBA-2014-0998.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
71e97ffad8411de2b792f65efcdbc4692b0fecf17bc164ded045e4612a7195a1 log4cpp-1.0-13.el6_5.1.i686.rpm
2015 May 13
0
CESA-2015:0998 Important CentOS 6 qemu-kvm Security Update
CentOS Errata and Security Advisory 2015:0998 Important
Upstream details at : https://rhn.redhat.com/errata/RHSA-2015-0998.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
85cce3eefbd38e1e2e0ace1ebe9a50352eefd8d67d098106c7dc5df16aa92ce4 qemu-guest-agent-0.12.1.2-2.448.el6_6.3.i686.rpm
x86_64:
2011 Jan 10
1
Bug#609531: CVE-2010-4255: 64-bit PV xen guest can crash host by accessing hypervisor per-domain memory area
Package: xen
Severity: grave
Tags: security
Please see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4255
for a description and a link to the upstream report/patch.
Cheers,
Moritz
2015 Sep 02
2
yum list-sec CVE
Hi,
Is the command
#yum list-sec cves
still compatible with Centos7?
Or are there alternatives to list all CVE applicable to a CentOS without
the Satellite?
Thanks
2015 Sep 03
0
yum list-sec CVE
On 02/09/15 19:27, Raymond Durand wrote:
> Hi,
>
> Is the command
> #yum list-sec cves
>
> still compatible with Centos7?
>
this should not have worked with any version of CentOS, you can do some
scraping and feeding into a local repo instance, but please validate the
content and the checks reported therein - we do no CVE validation in
CentOS Buildsystems.
--
Karanbir
2015 Sep 09
1
yum list-sec CVE
2015-09-03 12:56 GMT+02:00 Karanbir Singh <mail-lists at karan.org>:
> On 02/09/15 19:27, Raymond Durand wrote:
> > Hi,
> >
> > Is the command
> > #yum list-sec cves
> >
> > still compatible with Centos7?
> >
> this should not have worked with any version of CentOS, you can do some
> scraping and feeding into a local repo instance, but
2014 Nov 19
2
Bug#770230: CVE-2014-5146 CVE-2014-5149 CVE-2014-8594 CVE-2014-8595
Source: xen
Severity: grave
Tags: security
Hi,
the following security issues apply to Xen in jessie:
CVE-2014-5146,CVE-2014-5149:
https://marc.info/?l=oss-security&m=140784877111813&w=2
CVE-2014-8594:
https://marc.info/?l=oss-security&m=141631359901060&w=2
CVE-2014-8595:
https://marc.info/?l=oss-security&m=141631352601020&w=2
Cheers,
Moritz
2014 Nov 21
0
Bug#770230: CVE-2014-5146 CVE-2014-5149 CVE-2014-8594 CVE-2014-8595
On Wed, Nov 19, 2014 at 11:45:02PM +0100, Moritz Muehlenhoff wrote:
> Source: xen
> Severity: grave
> Tags: security
>
> Hi,
> the following security issues apply to Xen in jessie:
>
> CVE-2014-5146,CVE-2014-5149:
> https://marc.info/?l=oss-security&m=140784877111813&w=2
>
> CVE-2014-8594:
>
2015 Mar 31
1
Bug#781620: CVE-2015-2751 CVE-2015-2752 CVE-2015-2756
Source: xen
Severity: important
Tags: security
Please see
http://xenbits.xen.org/xsa/advisory-125.html
http://xenbits.xen.org/xsa/advisory-126.html
http://xenbits.xen.org/xsa/advisory-127.html
Cheers,
Moritz
2015 Jan 26
2
Bug#776319: CVE-2015-0361
Source: xen
Severity: important
Tags: security
Hi,
please see http://xenbits.xen.org/xsa/advisory-116.html
for details and a patch.
Cheers,
Moritz
2015 Feb 18
0
Bug#776319: CVE-2015-0361
retitle 776319 xen: CVE-2015-0361 CVE-2015-1563
thanks
On Mon, Jan 26, 2015 at 08:52:53PM +0100, Moritz Muehlenhoff wrote:
> Source: xen
> Severity: important
> Tags: security
>
> Hi,
> please see http://xenbits.xen.org/xsa/advisory-116.html
> for details and a patch.
Also http://xenbits.xen.org/xsa/advisory-118.html needs to be fixed
in jessie.
Cheers,
Moritz
2015 Mar 22
1
Bug#780975: CVE-2015-2152
Source: xen
Severity: important
Tags: security
http://xenbits.xen.org/xsa/advisory-119.html
Cheers,
Moritz
2015 Mar 10
2
Bug#780227: XSA-123 / CVE-2015-2151 Hypervisor memory corruption due to x86 emulator flaw
Package: xen-hypervisor-4.1-amd64
Version: 4.1.4-3+deb7u4
Severity: critical
Hi,
Not sure how come I'm the first one to file this kind of a bug report :)
but here goes JFTR...
http://xenbits.xen.org/xsa/advisory-123.html was embargoed, but advance
warning was given to several big Xen VM farms, which led to e.g.
https://aws.amazon.com/premiumsupport/maintenance-2015-03/
2003 Apr 07
0
Fwd: [VulnWatch] [DDI-1013] Buffer Overflow in Samba allows remote root compromise
FYI
>Mailing-List: contact vulnwatch-help@vulnwatch.org; run by ezmlm
>List-Post: <mailto:vulnwatch@vulnwatch.org>
>List-Help: <mailto:vulnwatch-help@vulnwatch.org>
>List-Unsubscribe: <mailto:vulnwatch-unsubscribe@vulnwatch.org>
>List-Subscribe: <mailto:vulnwatch-subscribe@vulnwatch.org>
>Delivered-To: mailing list vulnwatch@vulnwatch.org
2012 Sep 05
1
Bug#686764: xen: Multiple security issues
Package: xen
Severity: grave
Tags: security
Justification: user security hole
Please see the following links:
http://www.openwall.com/lists/oss-security/2012/09/05/11
http://www.openwall.com/lists/oss-security/2012/09/05/10
http://www.openwall.com/lists/oss-security/2012/09/05/9
http://www.openwall.com/lists/oss-security/2012/09/05/8
http://www.openwall.com/lists/oss-security/2012/09/05/7