similar to: Bug#688125: xen: CVE-2012-2625

Package: xen Severity: grave Tags: security Justification: user security hole Please see the following links: http://www.openwall.com/lists/oss-security/2012/09/05/11 http://www.openwall.com/lists/oss-security/2012/09/05/10 http://www.openwall.com/lists/oss-security/2012/09/05/9 http://www.openwall.com/lists/oss-security/2012/09/05/8 http://www.openwall.com/lists/oss-security/2012/09/05/7

Source: xen Severity: important Tags: security Please see http://xenbits.xen.org/xsa/advisory-125.html http://xenbits.xen.org/xsa/advisory-126.html http://xenbits.xen.org/xsa/advisory-127.html Cheers, Moritz

Source: xen Severity: important Tags: security http://xenbits.xen.org/xsa/advisory-119.html Cheers, Moritz

Package: xen Severity: grave Tags: security Please see http://www.openwall.com/lists/oss-security/2012/07/26/4 Cheers, Moritz

Source: xen Severity: grave Tags: security The following security issues are still open in 4.4.0-1: Xen Security Advisory CVE-2014-2599 / XSA-89 https://marc.info/?l=oss-security&m=139643934717922&w=2 Xen Security Advisory CVE-2014-3124 / XSA-92 https://marc.info/?l=oss-security&m=139894169729664&w=2 Xen Security Advisory CVE-2014-3967,CVE-2014-3968 / XSA-96

Package: xen-hypervisor-4.1-amd64 Version: 4.1.4-3+deb7u4 Severity: critical Hi, Not sure how come I'm the first one to file this kind of a bug report :) but here goes JFTR... http://xenbits.xen.org/xsa/advisory-123.html was embargoed, but advance warning was given to several big Xen VM farms, which led to e.g. https://aws.amazon.com/premiumsupport/maintenance-2015-03/

(copying debian-kernel for reasons which will hopefully become obvious) On Mon, 8 Jul 2013 18:10:58 +0200 =?UTF-8?Q?Moritz_M=C3=BChlenhoff?= <jmm at inutil.org> wrote: > In current Debian kernel there's no special Xen dom0 kernel image and depending > on irqbalance in the kernel package would be overkill. Would it? I thought irqbalance is actually required even for native with

Package: xen Severity: grave Tags: security Please see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4255 for a description and a link to the upstream report/patch. Cheers, Moritz

Source: xen Severity: grave Tags: security Multiple vulnerabilities are unfixed in xen: CVE-2015-5307: http://xenbits.xen.org/xsa/advisory-156.html CVE-2016-3960 http://xenbits.xen.org/xsa/advisory-173.html CVE-2016-3159 / CVE-2016-3158 http://xenbits.xen.org/xsa/advisory-172.html CVE-2016-2271 http://xenbits.xen.org/xsa/advisory-170.html CVE-2016-2270

On Sun, 2014-08-31 at 03:10 +0100, Ian Campbell wrote: > (copying debian-kernel for reasons which will hopefully become obvious) > > On Mon, 8 Jul 2013 18:10:58 +0200 =?UTF-8?Q?Moritz_M=C3=BChlenhoff?= <jmm at inutil.org> wrote: > > In current Debian kernel there's no special Xen dom0 kernel image and depending > > on irqbalance in the kernel package would be

Windows does have a utility that sums up all installed applications und allows to remove selected ones. Is a mechanism like that available for wine too?

Moritz Muehlenhoff writes ("Re: Xen package security updates for jessie 4.4, XSA-213, XSA-214"): > On Thu, May 04, 2017 at 05:59:18PM +0100, Ian Jackson wrote: > > Should I put jessie-security in the debian/changelog and dgit push it > > (ie, from many people's pov, dput it) ? > > Yes, the distribution line should be jessie-security, but please send > a

Package: xen-utils-common Version: 3.0.3-0-2 Severity: wishlist Tags: patch Currently when hostnames are wider than 10 chars, the xentop output is messed up. Please add the following patch to support up to 20 chars, or better yet, allow the columns to auto size :) #! /bin/sh /usr/share/dpatch/dpatch-run ## xentop-name-width.dpatch by <apeeters@lashout.net> ## ## All lines beginning with

Package: xen Version: 4.0.1-5.11 Severity: important Tags: security, fixed-upstream Please see for details: http://www.openwall.com/lists/oss-security/2014/06/17/6 Patch: http://seclists.org/oss-sec/2014/q2/att-549/xsa100.patch --- Henri Salo -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc:

Source: xen Version: 4.1.2-2 Severity: critical Tags: security Justification: allows PV domains to escape into the dom0 context Hi, I realize you're most likely pretty well aware of that problem already, but Debian's Xen versions are vulnerable to a PV privilege escalation [1]. The issue is tracked as CVE-2012-0217 and public as of today. Therefore I am filing this bug for coordination

Package: xen-hypervisor-3.0.2-1-i386 Version: 3.0.2-3+hg9762-1 Severity: grave Justification: renders package unusable When booting Xen Dom0 on my Dell 2950, the kernel panics. I have been unable to get the serial console working under xen (works under normal kernels), so the best debugging info I can provide is a screenshot of the console when it dies. I will attach that after the bug is

Package: xen Version: 4.0.1-5.11 Severity: important Tags: security, patch, fixed-upstream http://www.openwall.com/lists/oss-security/2013/11/21/2 Description: An inverted boolean parameter resulted in TLB flushes not happening upon clearing of a present translation table entry. Retaining stale TLB entries could allow guests access to memory that ought to have been revoked, or grant greater

best described here: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=64689 Confirmed also present with the rpm build at http://rsync.samba.org/ftp/rsync/binaries/redhat/rsync-2.4.6-1.i386.rpm Please cc: me on replies (I'm not on the list, yet - my procmailrc's in a major state of flux as I'm switching machines) and/or add comments to the above bugzilla entry James -- James

Source: xen Severity: grave Tags: security Hi, the following security issues apply to Xen in jessie: CVE-2014-5146,CVE-2014-5149: https://marc.info/?l=oss-security&m=140784877111813&w=2 CVE-2014-8594: https://marc.info/?l=oss-security&m=141631359901060&w=2 CVE-2014-8595: https://marc.info/?l=oss-security&m=141631352601020&w=2 Cheers, Moritz

Package: xen-utils-common Version: 4.0.0-1 Consider removal of xenstored tdb file (located at /var/lib/xenstored/tdb) before start of xenstored daemon during the boot (or removal during the shutdown/reboot of the server) as proposed by Ian Campbell during our discussions [1]. [1] http://lists.xen.org/archives/html/xen-users/2012-11/msg00111.html -- Peter Viskup