similar to: Bug#560856: xen-3: embeds qemu

package: xen-unstable version: 3.3-unstable+hg17961-1 severity: important tags: security hi, your package embeds source code from both qemu, which makes security updates very cumbersome, difficult, and potentially error-prone. please update your package to make use of the existing packages if possible. thanks for your attention on this matter. best wishes, mike

Package: xen-hypervisor-3.0.2-1-i386 Version: 3.0.2-3+hg9762-1 Severity: grave Justification: renders package unusable When booting Xen Dom0 on my Dell 2950, the kernel panics. I have been unable to get the serial console working under xen (works under normal kernels), so the best debugging info I can provide is a screenshot of the console when it dies. I will attach that after the bug is

Package: xen-utils-3.2-1 Version: 3.2.0-3~bpo4+2 Severity: normal Hi, pygrub has problems parsing block devices partitioned with Lenny Beta 2 and ext3 on paravirt guests: # /usr/lib/xen-3.2-1/bin/pygrub /var/lib/xen/images/test2.img Traceback (most recent call last): File "/usr/lib/xen-3.2-1/bin/pygrub", line 653, in ? chosencfg = run_grub(file, entry, fs) File

Source: xen-unstable Version: 3.0-unstable+hg11561-1 Severity: grave Tags: security Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for xen-unstable. CVE-2007-3919[0]: | (1) xenbaked and (2) xenmon.py in Xen 3.1 and earlier allow local | users to truncate arbitrary files via a symlink attack on | /tmp/xenq-shm. If you fix this vulnerability please also include

Package: xen-hypervisor-3.2-1-i386 Version: 3.2.0-4 Severity: important in etch there was an automated generated entry in the menu-list of grub in this version the grub-menu is not updated also found following links: http://lists.xensource.com/archives/html/xen-users/2007-09/msg00328.html -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (500,

Source: xen-3 Version: 3.2.1-1 Severity: grave Tags: security, patch Hi, the following CVE (Common Vulnerabilities & Exposures) ids were published for xen-3. CVE-2008-1943[0]: | Buffer overflow in the backend of XenSource Xen Para Virtualized Frame | Buffer (PVFB) 3.0 through 3.1.2 allows local users to cause a denial | of service (crash) and possibly execute arbitrary code via a crafted |

Package: xen-utils-common Version: 3.4.2-3 Severity: minor Hi, I've just noticed that the xen-utils-common package instals the file xen-backend.rules both under /etc/udev/xen-backend.rules and /lib/udev/rules.d/xen-backend.rules I think the flormer is useless and is installed there by mistake. Kind Regards, Marco -- System Information: Debian Release: squeeze/sid APT prefers unstable

Package: xen-utils-common Version: 3.2.0-1~bpo4+1 Severity: minor I use the version from backports, but it's still present in sid. In /etc/xen/xend-config-sxp : #(xen-tcp-xmlrpc-server-address 'localhost') #(xen-tcp-xmlrpc-server-port 8006) should be #(xend-tcp-xmlrpc-server-address 'localhost') #(xend-tcp-xmlrpc-server-port 8006) Small typo in a commented line, but

Package: libxen-dev Version: 4.0.0-2 Severity: grave Hi Bastian, libxen-dev used to ship the following file: /usr/include/blktaplib.h but it has gone, I don't get why. The result is that I can't compile my xen-qemu-dm-4.0-4.0.0 in a normal SID system, while it was working perfectly with version 4.0.0-1~experimental.2 of libxen-dev. I had a look into the debian/changelog of xen 4.0.0-2,

Package: xen-hypervisor-3.2-1-amd64 Version: 3.2.1-2 Severity: serious After noting that this version supposedly loads bzImage kernels: | xen-3 (3.2.1-2) unstable; urgency=low | | * Use e2fslibs based ext2 support for pygrub. (closes: #476366) | * Fix missing checks in pvfb code. | See CVE-2008-1952. (closes: #487095) | * Add support for loading bzImage files. (closes: #474509) | *

Package: xen-hypervisor-4.0-i386 Version: 4.0.1~rc3-1 Severity: critical Tags: upstream patch Justification: breaks the whole system Using 2.6.32 and xen 4.0, balloon driver crash Upstream patch seems to be available : http://lists.xensource.com/archives/html/xen-devel/2010-06/msg00601.html Thanks -- System Information: Debian Release: squeeze/sid APT prefers testing APT policy: (500,

Package: xen-utils-4.0 Version: 4.0.1-2 Right after another Wheezy distribution update I've faced the following issue with "xm". ===== host:~# xm new /etc/xen/domains/test.cfg Unexpected error: <type 'exceptions.ImportError'> Please report to xen-devel at lists.xensource.com Traceback (most recent call last): File "/usr/lib/xen-4.0/bin/xm", line 8, in

Package: xen-unstable Version: 3.0-unstable+hg11292-2 Your package fails to build with GCC 4.2. Version 4.2 has not been released yet but I'm building with a snapshot in order to find errors and give people an advance warning. The bug below is in your package though and not because I'm using a snapshot of the compiler so please take a look at it. You can reproduce this with the

Package: xen-hypervisor-3.2-1-amd64 Version: 3.2.1-2 Severity: normal I have a dual-core host. I wanted to give one of my guests use of 2 vcpus and use of both real cpus. I had the following in my config file for the guest: vcpus = 2 cpus = 0,1 This appeared to work correctly and I saw a big difference in the load average (the guest is monitored by munin-node). However after 12 hours or so,

Package: xen-utils-3.4 Version: 3.4.2-2 Severity: important *** Please type your report below this line The Package is fail cause the directoryname /usr/lib/xen-3.4 is wrong when i call the xm tool a wrapperscript searching for version 3.4.0 and dont find 3.4.0 it must be /usr/lib/xen-3.4.0 and all is fine *** -- System Information: Debian Release: squeeze/sid APT prefers testing APT

Package: xen-hypervisor-4.0-amd64 Version: 4.0.0-1 Severity: grave The only thing I can read is: ERROR: Unable to locate IOAPIC for GSI 2 ERROR: Unable to locate IOAPIC for GSI 9 ERROR: Unable to locate IOAPIC for GSI 9 cannot read /etc/fstab: no such file or directory mounting [...] failed: no such file or directory I boot with: moltiboot [xen] module [kernel] root=[uuid or device] ro quiet

Package: xen-utils-common Version: 4.0.0-1 Severity: important The xm utility requires python-xml but the package does not depend on it. # xm new --help_vars Unexpected error: <type 'exceptions.ImportError'> Please report to xen-devel at lists.xensource.com Traceback (most recent call last): File "/usr/lib/xen-4.0/bin/xm", line 8, in <module>

Package: xen-hypervisor-4.0-amd64 Version: 4.0.1-1 Severity: grave Tags: squeeze sid Justification: renders package unusable -- System Information: Debian Release: squeeze/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-xen-amd64 (SMP w/1 CPU core) Locale: LANG=de_CH.UTF-8, LC_CTYPE=de_CH.UTF-8

Package: xen-hypervisor-3.2-1-i386 Version: 3.2-1 Severity: critical Tags: security Justification: DoS of entire system regardless of privilege When running the exploit listed in bug 464953 [1], Xen's memory state becomes corrupted and the hypervisor eventually crashes, taking all of the domU's with it. As such, this breaks operational behaviour, so I have marked this as critical. [1]

Source: xen-unstable Version: 3.3-unstable+hg17602-1 Severity: grave Tags: security, patch Hi, the following CVE (Common Vulnerabilities & Exposures) ids were published for xen-unstable. CVE-2008-1943[0]: | Buffer overflow in the backend of XenSource Xen Para Virtualized Frame | Buffer (PVFB) 3.0 through 3.1.2 allows local users to cause a denial | of service (crash) and possibly execute