Displaying 20 results from an estimated 4000 matches similar to: "Bug#688125: xen: CVE-2012-2625"
2012 Sep 05
1
Bug#686764: xen: Multiple security issues
Package: xen
Severity: grave
Tags: security
Justification: user security hole
Please see the following links:
http://www.openwall.com/lists/oss-security/2012/09/05/11
http://www.openwall.com/lists/oss-security/2012/09/05/10
http://www.openwall.com/lists/oss-security/2012/09/05/9
http://www.openwall.com/lists/oss-security/2012/09/05/8
http://www.openwall.com/lists/oss-security/2012/09/05/7
2015 Mar 31
1
Bug#781620: CVE-2015-2751 CVE-2015-2752 CVE-2015-2756
Source: xen
Severity: important
Tags: security
Please see
http://xenbits.xen.org/xsa/advisory-125.html
http://xenbits.xen.org/xsa/advisory-126.html
http://xenbits.xen.org/xsa/advisory-127.html
Cheers,
Moritz
2015 Mar 22
1
Bug#780975: CVE-2015-2152
Source: xen
Severity: important
Tags: security
http://xenbits.xen.org/xsa/advisory-119.html
Cheers,
Moritz
2012 Jul 30
5
Bug#683279: CVE-2012-3432
Package: xen
Severity: grave
Tags: security
Please see
http://www.openwall.com/lists/oss-security/2012/07/26/4
Cheers,
Moritz
2014 Aug 10
1
Bug#757724: Multiple security issues
Source: xen
Severity: grave
Tags: security
The following security issues are still open in 4.4.0-1:
Xen Security Advisory CVE-2014-2599 / XSA-89
https://marc.info/?l=oss-security&m=139643934717922&w=2
Xen Security Advisory CVE-2014-3124 / XSA-92
https://marc.info/?l=oss-security&m=139894169729664&w=2
Xen Security Advisory CVE-2014-3967,CVE-2014-3968 / XSA-96
2015 Mar 10
2
Bug#780227: XSA-123 / CVE-2015-2151 Hypervisor memory corruption due to x86 emulator flaw
Package: xen-hypervisor-4.1-amd64
Version: 4.1.4-3+deb7u4
Severity: critical
Hi,
Not sure how come I'm the first one to file this kind of a bug report :)
but here goes JFTR...
http://xenbits.xen.org/xsa/advisory-123.html was embargoed, but advance
warning was given to several big Xen VM farms, which led to e.g.
https://aws.amazon.com/premiumsupport/maintenance-2015-03/
2014 Aug 31
3
Bug#577788: dom0 kernels should suggest irqbalance
(copying debian-kernel for reasons which will hopefully become obvious)
On Mon, 8 Jul 2013 18:10:58 +0200 =?UTF-8?Q?Moritz_M=C3=BChlenhoff?= <jmm at inutil.org> wrote:
> In current Debian kernel there's no special Xen dom0 kernel image and depending
> on irqbalance in the kernel package would be overkill.
Would it? I thought irqbalance is actually required even for native with
2011 Jan 10
1
Bug#609531: CVE-2010-4255: 64-bit PV xen guest can crash host by accessing hypervisor per-domain memory area
Package: xen
Severity: grave
Tags: security
Please see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4255
for a description and a link to the upstream report/patch.
Cheers,
Moritz
2016 May 06
3
Bug#823620: Multiple security issues
Source: xen
Severity: grave
Tags: security
Multiple vulnerabilities are unfixed in xen:
CVE-2015-5307:
http://xenbits.xen.org/xsa/advisory-156.html
CVE-2016-3960
http://xenbits.xen.org/xsa/advisory-173.html
CVE-2016-3159 / CVE-2016-3158
http://xenbits.xen.org/xsa/advisory-172.html
CVE-2016-2271
http://xenbits.xen.org/xsa/advisory-170.html
CVE-2016-2270
2014 Sep 03
0
Bug#577788: dom0 kernels should suggest irqbalance
On Sun, 2014-08-31 at 03:10 +0100, Ian Campbell wrote:
> (copying debian-kernel for reasons which will hopefully become obvious)
>
> On Mon, 8 Jul 2013 18:10:58 +0200 =?UTF-8?Q?Moritz_M=C3=BChlenhoff?= <jmm at inutil.org> wrote:
> > In current Debian kernel there's no special Xen dom0 kernel image and depending
> > on irqbalance in the kernel package would be
2001 Feb 08
1
Uninstall mechanism for windows apps
Windows does have a utility that sums up all installed applications
und allows to remove selected ones.
Is a mechanism like that available for wine too?
2017 May 04
2
Bug#861660: Xen package security updates for jessie 4.4, XSA-213, XSA-214
Moritz Muehlenhoff writes ("Re: Xen package security updates for jessie 4.4, XSA-213, XSA-214"):
> On Thu, May 04, 2017 at 05:59:18PM +0100, Ian Jackson wrote:
> > Should I put jessie-security in the debian/changelog and dgit push it
> > (ie, from many people's pov, dput it) ?
>
> Yes, the distribution line should be jessie-security, but please send
> a
2007 Feb 02
1
Bug#409355: xen-utils-common: please make width of hostname column in xentop wider
Package: xen-utils-common
Version: 3.0.3-0-2
Severity: wishlist
Tags: patch
Currently when hostnames are wider than 10 chars, the xentop output is messed up.
Please add the following patch to support up to 20 chars, or better yet, allow the
columns to auto size :)
#! /bin/sh /usr/share/dpatch/dpatch-run
## xentop-name-width.dpatch by <apeeters@lashout.net>
##
## All lines beginning with
2014 Jun 17
1
Bug#751894: xen: CVE-2014-4021 / XSA-100
Package: xen
Version: 4.0.1-5.11
Severity: important
Tags: security, fixed-upstream
Please see for details: http://www.openwall.com/lists/oss-security/2014/06/17/6
Patch: http://seclists.org/oss-sec/2014/q2/att-549/xsa100.patch
---
Henri Salo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc:
2012 Jun 12
3
Bug#677221: xen: Xen PV privilege escalation (CVE-2012-0217)
Source: xen
Version: 4.1.2-2
Severity: critical
Tags: security
Justification: allows PV domains to escape into the dom0 context
Hi,
I realize you're most likely pretty well aware of that problem already, but
Debian's Xen versions are vulnerable to a PV privilege escalation [1]. The issue
is tracked as CVE-2012-0217 and public as of today.
Therefore I am filing this bug for coordination
2006 Oct 03
2
Bug#390927: xen-hypervisor-3.0.2-1-i386: Xen kernel panics when booting
Package: xen-hypervisor-3.0.2-1-i386
Version: 3.0.2-3+hg9762-1
Severity: grave
Justification: renders package unusable
When booting Xen Dom0 on my Dell 2950, the kernel panics. I have been
unable to get the serial console working under xen (works under normal
kernels), so the best debugging info I can provide is a screenshot of
the console when it dies. I will attach that after the bug is
2013 Nov 23
1
Bug#730254: xen: CVE-2013-6375: Insufficient TLB flushing in VT-d (iommu) code
Package: xen
Version: 4.0.1-5.11
Severity: important
Tags: security, patch, fixed-upstream
http://www.openwall.com/lists/oss-security/2013/11/21/2
Description:
An inverted boolean parameter resulted in TLB flushes not happening
upon clearing of a present translation table entry. Retaining stale
TLB entries could allow guests access to memory that ought to have
been revoked, or grant greater
2002 May 30
1
tty settings with rsync -e ssh interrupt
best described here:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=64689
Confirmed also present with the rpm build at
http://rsync.samba.org/ftp/rsync/binaries/redhat/rsync-2.4.6-1.i386.rpm
Please cc: me on replies (I'm not on the list, yet - my procmailrc's
in a major state of flux as I'm switching machines) and/or add comments
to the above bugzilla entry
James
--
James
2012 Nov 14
2
Bug#693217: Removal of xenstore tdb file before xenstored daemon
Package: xen-utils-common
Version: 4.0.0-1
Consider removal of xenstored tdb file (located at
/var/lib/xenstored/tdb) before start of xenstored daemon during the boot
(or removal during the shutdown/reboot of the server) as proposed by Ian
Campbell during our discussions [1].
[1] http://lists.xen.org/archives/html/xen-users/2012-11/msg00111.html
--
Peter Viskup
2014 Nov 19
2
Bug#770230: CVE-2014-5146 CVE-2014-5149 CVE-2014-8594 CVE-2014-8595
Source: xen
Severity: grave
Tags: security
Hi,
the following security issues apply to Xen in jessie:
CVE-2014-5146,CVE-2014-5149:
https://marc.info/?l=oss-security&m=140784877111813&w=2
CVE-2014-8594:
https://marc.info/?l=oss-security&m=141631359901060&w=2
CVE-2014-8595:
https://marc.info/?l=oss-security&m=141631352601020&w=2
Cheers,
Moritz