Displaying 20 results from an estimated 4000 matches similar to: "Bug#609531: CVE-2010-4255: 64-bit PV xen guest can crash host by accessing hypervisor per-domain memory area"
2010 Sep 04
4
Bug#595490: [xen-hypervisor-4.0-i386] Booting up the Xen Dom0 fails with an error in "i387.c:159".
Package: xen-hypervisor-4.0-i386
Version: 4.0.1~rc6-1
Severity: important
--- Please enter the report below this line. ---
Booting up the Xen Dom0 fails with an error in "i387.c:159"
--- System information. ---
Architecture: i386
Kernel: Linux 2.6.32-5-686-bigmem
Kernel: Linux 2.6.32-5-xen-686
Debian Release: squeeze/sid
500 testing security.debian.org
500
2010 Oct 06
1
Bug#599243: xen-utils-4.0: pygrub does not understand grub2 partition types (e.g. (hd0, msdos1) instead of (hd0, 1))
Package: xen-utils-4.0
Version: 4.0.1-1
Severity: normal
Tags: patch
pygrub could not boot a newly-updated Debian/testing domU with a non-chained grub2. The traceback was:
Using <class 'grub.GrubConf.Grub2ConfigFile'> to parse /grub/grub.cfg
WARNING:root:Unknown directive load_video
WARNING:root:Unknown directive terminal_output
Traceback (most recent call last):
File
2011 Jan 02
3
Bug#608715: Recent hardware components render the xen-hyervisor unusable, fails completeley to boot due to kernel panic
Package: xen-hypervisor-4.0-amd64
Version: 4.0.1-1
Severity: grave
Tags: squeeze upstream
Some newer hardware components (it is unclear what exactly causes the issue) render xen-hyervisor unusable as it
crashes immediately after boot for the Debian out-of-box configuration. This results in a system rebooting all over
again if the hypervisor is choosen as default stanza to be booted by grub
2015 Mar 10
2
Bug#780227: XSA-123 / CVE-2015-2151 Hypervisor memory corruption due to x86 emulator flaw
Package: xen-hypervisor-4.1-amd64
Version: 4.1.4-3+deb7u4
Severity: critical
Hi,
Not sure how come I'm the first one to file this kind of a bug report :)
but here goes JFTR...
http://xenbits.xen.org/xsa/advisory-123.html was embargoed, but advance
warning was given to several big Xen VM farms, which led to e.g.
https://aws.amazon.com/premiumsupport/maintenance-2015-03/
2012 Jul 30
5
Bug#683279: CVE-2012-3432
Package: xen
Severity: grave
Tags: security
Please see
http://www.openwall.com/lists/oss-security/2012/07/26/4
Cheers,
Moritz
2012 Sep 19
5
Bug#688125: xen: CVE-2012-2625
Package: xen
Severity: important
Tags: security
Justification: user security hole
Hi,
This issue is still unfixed in Wheezy:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-2625
Patch:
http://xenbits.xensource.com/hg/xen-unstable.hg/rev/60f09d1ab1fe
Cheers,
Moritz
2014 Nov 19
2
Bug#770230: CVE-2014-5146 CVE-2014-5149 CVE-2014-8594 CVE-2014-8595
Source: xen
Severity: grave
Tags: security
Hi,
the following security issues apply to Xen in jessie:
CVE-2014-5146,CVE-2014-5149:
https://marc.info/?l=oss-security&m=140784877111813&w=2
CVE-2014-8594:
https://marc.info/?l=oss-security&m=141631359901060&w=2
CVE-2014-8595:
https://marc.info/?l=oss-security&m=141631352601020&w=2
Cheers,
Moritz
2015 Mar 31
1
Bug#781620: CVE-2015-2751 CVE-2015-2752 CVE-2015-2756
Source: xen
Severity: important
Tags: security
Please see
http://xenbits.xen.org/xsa/advisory-125.html
http://xenbits.xen.org/xsa/advisory-126.html
http://xenbits.xen.org/xsa/advisory-127.html
Cheers,
Moritz
2015 Jan 26
2
Bug#776319: CVE-2015-0361
Source: xen
Severity: important
Tags: security
Hi,
please see http://xenbits.xen.org/xsa/advisory-116.html
for details and a patch.
Cheers,
Moritz
2015 Mar 22
1
Bug#780975: CVE-2015-2152
Source: xen
Severity: important
Tags: security
http://xenbits.xen.org/xsa/advisory-119.html
Cheers,
Moritz
2017 Jul 17
2
Updated Xen packages for XSA 216..225
Salvatore Bonaccorso writes ("Re: Updated Xen packages for XSA 216..225"):
> On Tue, Jul 11, 2017 at 11:34:38PM +0200, Moritz Muehlenhoff wrote:
> > On Mon, Jul 03, 2017 at 12:33:54PM +0100, Ian Jackson wrote:
> > > Moritz M?hlenhoff writes ("Re: Updated Xen packages for XSA 216..225"):
> > > > Sorry for the late reply, was on vacation for a week.
2017 May 04
2
Bug#861660: Xen package security updates for jessie 4.4, XSA-213, XSA-214
Moritz Muehlenhoff writes ("Re: Xen package security updates for jessie 4.4, XSA-213, XSA-214"):
> On Thu, May 04, 2017 at 05:59:18PM +0100, Ian Jackson wrote:
> > Should I put jessie-security in the debian/changelog and dgit push it
> > (ie, from many people's pov, dput it) ?
>
> Yes, the distribution line should be jessie-security, but please send
> a
2017 Jul 11
2
Updated Xen packages for XSA 216..225
On Mon, Jul 03, 2017 at 12:33:54PM +0100, Ian Jackson wrote:
> Moritz M?hlenhoff writes ("Re: Updated Xen packages for XSA 216..225"):
> > Sorry for the late reply, was on vacation for a week. What's the status
> > of jessie? Most of the XSAs seem to affect oldstable as well.
>
> Sorry, I forgot about them...
>
> I will see what I can do.
Did you look
2017 May 04
3
Bug#861660: Xen package security updates for jessie 4.4, XSA-213, XSA-214
Moritz Muehlenhoff writes ("Re: Xen package security updates for jessie 4.4, XSA-213, XSA-214"):
> On Thu, May 04, 2017 at 05:06:07PM +0100, Ian Jackson wrote:
> > I have fixed these in stretch but the jessie package remains unfixed.
> > I think I may be able to find some backports somewhere. Would that be
> > useful ? Is anyone else working on this ?
>
>
2014 Nov 21
0
Bug#770230: CVE-2014-5146 CVE-2014-5149 CVE-2014-8594 CVE-2014-8595
On Wed, Nov 19, 2014 at 11:45:02PM +0100, Moritz Muehlenhoff wrote:
> Source: xen
> Severity: grave
> Tags: security
>
> Hi,
> the following security issues apply to Xen in jessie:
>
> CVE-2014-5146,CVE-2014-5149:
> https://marc.info/?l=oss-security&m=140784877111813&w=2
>
> CVE-2014-8594:
>
2011 Jan 10
0
Processed: Security -ignores
Processing commands for control at bugs.debian.org:
> # As per Moritz, not blockers
> user release.debian.org at packages.debian.org
Setting user to release.debian.org at packages.debian.org (was adam at adam-barratt.org.uk).
> tag 609531 + squeeze-ignore
Bug #609531 [xen] CVE-2010-4255: 64-bit PV xen guest can crash host by accessing hypervisor per-domain memory area
Added tag(s)
2017 May 04
4
Xen package security updates for jessie 4.4, XSA-213, XSA-214
Moritz Muehlenhoff writes ("Re: Xen package security updates for jessie 4.4, XSA-213, XSA-214"):
> Yes, the distribution line should be jessie-security, but please send
> a debdiff to team at security.debian.org for a quick review before
> uploading (I have no idea whether dgit supports security-master).
Here is the proposed debdiff (actually, a git diff) for xen in jessie.
My
2006 Oct 26
2
32bit HVM PV drivers on 64bit hypervisor
Hi Steven,
I onced played with your PV-on-HVM driver before it is checked in into
unstable, I remember at that time, there is a XENFEAT_64bit_shared_info
flag to handle situation of 32bit guest on 64bit hypervisor, at least
vnif works fine with it.
Later, when the code is checked in, this flag is gone. At first I though
this was an effort to make hypervisor more transparent to HVM guest, but
now
2012 Jun 12
3
Bug#677221: xen: Xen PV privilege escalation (CVE-2012-0217)
Source: xen
Version: 4.1.2-2
Severity: critical
Tags: security
Justification: allows PV domains to escape into the dom0 context
Hi,
I realize you're most likely pretty well aware of that problem already, but
Debian's Xen versions are vulnerable to a PV privilege escalation [1]. The issue
is tracked as CVE-2012-0217 and public as of today.
Therefore I am filing this bug for coordination
2015 Feb 18
0
Bug#776319: CVE-2015-0361
retitle 776319 xen: CVE-2015-0361 CVE-2015-1563
thanks
On Mon, Jan 26, 2015 at 08:52:53PM +0100, Moritz Muehlenhoff wrote:
> Source: xen
> Severity: important
> Tags: security
>
> Hi,
> please see http://xenbits.xen.org/xsa/advisory-116.html
> for details and a patch.
Also http://xenbits.xen.org/xsa/advisory-118.html needs to be fixed
in jessie.
Cheers,
Moritz