similar to: Bug#444007: CVE-2007-1320 multiple heap based buffer overflows

Source: xen-unstable Version: 3.0-unstable+hg11561-1 Severity: grave Tags: security Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for xen-unstable. CVE-2007-3919[0]: | (1) xenbaked and (2) xenmon.py in Xen 3.1 and earlier allow local | users to truncate arbitrary files via a symlink attack on | /tmp/xenq-shm. If you fix this vulnerability please also include

Package: xen-unstable Severity: grave Tags: security patch Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for xen-unstable. CVE-2008-0928[0]: | Qemu 0.9.1 and earlier does not perform range checks for block device | read or write requests, which allows guest host users with root | privileges to access arbitrary memory and escape the virtual machine. If you fix

Package: xen-3 Version: 3.1.0-1 Severity: grave Tags: security patch Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for xen-3. CVE-2007-5907[0]: | Xen 3.1.1 does not prevent modification of the CR4 TSC from | applications, which allows pv guests to cause a denial of service | (crash). CVE-2007-5906[1]: | Xen 3.1.1 allows virtual guest system users to cause a |

Package: xen-3.0 Version: 3.0.3-0-2 Severity: grave Tags: security Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for xen-3.0. CVE-2007-4993[0]: | pygrub (tools/pygrub/src/GrubConf.py) in Xen 3.0.3, when booting a guest | domain, allows local users with elevated privileges in the guest domain to | execute arbitrary commands in domain 0 via a crafted grub.conf

tags 446771 + patch thanks Hi, attached is a patch to fix this if you don't already have one. Kind regards Nico -- Nico Golde - http://ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. -------------- next part -------------- A non-text attachment was scrubbed... Name: CVE-2007-4993.patch Type: text/x-diff Size: 4742

Hi, an insecure temporary file creation was reported to the xen-3 some time ago. This is Debian bug #496367. Unfortunately the vulnerability is not important enough to get it fixed via regular security update in Debian stable. It does not warrant a DSA. However it would be nice if this could get fixed via a regular point update[0]. Please contact the release team for this. This is an

reopen 487095 reopen 487097 thanks Hi, since you thought it's necessary to complain to me about this bug report on IRC I'm replying to this bug now as well. > On Thu, Jun 19, 2008 at 04:56:54PM +0200, Thomas Bl?sing wrote: > > CVE-2008-1943[0]: > > | Buffer overflow in the backend of XenSource Xen Para Virtualized Frame > > | Buffer (PVFB) 3.0 through 3.1.2 allows

Processing commands for control at bugs.debian.org: > # Automatically generated email from bts, devscripts version 2.9.26 > reassign 444430 xen-3.0 3.0.3-0-2 Bug#444430: CVE-2007-4993 privilege escalation Bug reassigned from package `xen-3' to `xen-3.0'. > clone 444430 -1 Bug#444430: CVE-2007-4993 privilege escalation Bug 444430 cloned as bug 446771. > reassign -1 xen-3

Processing commands for control at bugs.debian.org: > # Automatically generated email from bts, devscripts version 2.9.26 > close 446771 3.1.1-1 Bug#446771: CVE-2007-4993 privilege escalation 'close' is deprecated; see http://www.debian.org/Bugs/Developer#closing. Bug marked as fixed in version 3.1.1-1, send any further explanations to Nico Golde <nion at debian.org> > End

Processing commands for control at bugs.debian.org: > # Automatically generated email from bts, devscripts version 2.9.26 > reassign 469662 xen-unstable Bug#469662: xen-3: CVE-2008-0928 privilege escalation Bug reassigned from package `xen-3' to `xen-unstable'. > close 469662 3.3-unstable+hg17192-1 Bug#469662: xen-3: CVE-2008-0928 privilege escalation 'close' is

Source: xen-unstable Version: 3.3-unstable+hg17602-1 Severity: grave Tags: security, patch Hi, the following CVE (Common Vulnerabilities & Exposures) ids were published for xen-unstable. CVE-2008-1943[0]: | Buffer overflow in the backend of XenSource Xen Para Virtualized Frame | Buffer (PVFB) 3.0 through 3.1.2 allows local users to cause a denial | of service (crash) and possibly execute

Hi, just pushed to testing a new build of qemu-kvm-ev, here's the ChangeLog: * Thu Apr 20 2017 Sandro Bonazzola <sbonazzo at redhat.com> - ev-2.6.0-28.el7_3.9.1 - Removing RH branding from package name * Fri Mar 24 2017 Miroslav Rezanina <mrezanin at redhat.com> - rhev-2.6.0-28.el7_3.9 - kvm-block-gluster-memory-usage-use-one-glfs-instance-per.patch [bz#1413044] -

Hi all, I think I have asked about this before but I do not know whats happening. I have problems booting syslinux in my GPT disk which I have asked in a separate topic "Boot Error GPT partition" . I loaded https://github.com/skodabenz/Tianocore_DUET_memdisk_compiled (append options - floppy ro nopass) . Using syslinux when it was booting properly, did not lead to loss of RAM.

See previous version: https://www.redhat.com/archives/libguestfs/2016-April/msg00021.html The formatting in this second version isn't too bad. Still a few corner cases to sort out. Rich.

In theory this patch depends on this series: https://www.redhat.com/archives/libguestfs/2020-August/msg00021.html In practice I believe they're independent of each other, but the above series makes it easier to test. Rich.

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ========================================================== == == Subject: Multiple Heap Overflows Allow Remote == Code Execution == CVE ID#: CVE-2007-2446 == == Versions: Samba 3.0.0 - 3.0.25rc3 (inclusive) == == Summary: Various bugs in Samba's NDR parsing == can allow a user to send specially ==

Spam detection software, running on the system "mail.montanhydraulik.com", has identified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn't spam) or label similar future email. If you have any questions, see postmaster for details. Content preview: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Dear Jeremy: We use samba 2.2.12 as our samba server, and it worked perfectly before, but now there is one security problem found in samba 3.0 now, so we worry about our samba server, but for some reason we can't update to samba 3.0.25, so can you tell us whether the problem be existent in samba 2.2.12, or how can I test our samba server with some tools software?

See this thread: https://www.redhat.com/archives/libguestfs/2020-June/thread.html#00012 This commit also adds a regression test of vddk password=- and password=-FD. --- tests/Makefile.am | 4 ++ plugins/vddk/vddk.h | 1 + plugins/vddk/reexec.c | 43 ++++++++++++- plugins/vddk/vddk.c | 2 +-

On Tue, Sep 22, 2020 at 10:58:43AM +0800, Jie Deng wrote: > Add an I2C bus driver for virtio para-virtualization. > > The controller can be emulated by the backend driver in > any device model software by following the virtio protocol. > > This driver communicates with the backend driver through a > virtio I2C message structure which includes following parts: > > -