similar to: CVE-2012-5620

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2012-4544,CVE-2012-2625 / XSA-25 version 2 Xen domain builder Out-of-memory due to malicious kernel/ramdisk UPDATES IN VERSION 2 ==================== Clarify that XSA-25 is reporting, via the Xen.org security process, both CVE-2012-4544 and CVE-2012-2625. Also we would like to

On 28 Apr 2015, at 11:35, Timo Sirainen <tss at iki.fi> wrote: > > On 28 Apr 2015, at 04:15, Edwardo Garcia <wdgarc88 at gmail.com> wrote: >> When can we expect 2.2.17 to resolve this? > > As far as I know this doesn't affect any of the major distributions where Dovecot is commonly used (Debian/Ubuntu/Redhat/CentOS). I've only heard it happening with some

Open-Xchange Security Advisory 2021-06-21 Product: Dovecot Vendor: OX Software GmbH Internal reference: DOV-4583 (Bug ID) Vulnerability type: CWE-74: Failure to Sanitize Data into a Different Plane ('Injection') Vulnerable version: 2.3.0-2.3.14 Vulnerable component: submission Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 2.3.14.1 Vendor notification:

Open-Xchange Security Advisory 2021-06-21 Product: Dovecot Vendor: OX Software GmbH Internal reference: DOV-4583 (Bug ID) Vulnerability type: CWE-74: Failure to Sanitize Data into a Different Plane ('Injection') Vulnerable version: 2.3.0-2.3.14 Vulnerable component: submission Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 2.3.14.1 Vendor notification:

Dear NUT users, I recently came across a MAJOR potential flaw in the network server (upsd), that results, when exploited, in a crash of this server [1] This is the first security flaw in this software, since it's very beginning (~15 years)! It is still potential, and not actual, since Sebastian's report is a first-timer. But it should be very seriously considered, and you should take all

Having finished a round of testing in my own lab, I''ve connected to my clients test lab, and reproduced my Xen Dom0. Upon trying a test creation of a DomU, I was intrigued to receive the message: ERROR POST operation failed: xend_post: error from xen daemon: (xend.err ''Error creating domain: Creating domain failed: name=snstest00'') Domain installation does not

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2012-4544 / XSA-25 Xen domain builder Out-of-memory due to malicious kernel/ramdisk ISSUE DESCRIPTION ================= The Xen PV domain builder contained no validation of the size of the supplied kernel or ramdisk either before or after decompression. This could cause the toolstack to consume all available RAM

When can we expect 2.2.17 to resolve this?

I think there is nothing FreeBSD can do about this besides making sure our users are aware of it. The situation in which this is a problem is specific but one you should consider if you are using TLS with compression. TLS 1.2 and earlier are vulnerable to an attack commonly known as CRIME. The attack involves TLS sessions using compression where an attacker is able to inject known plaintext into

Processing commands for control at bugs.debian.org: > retitle 770230 xen: CVE-2014-5146 CVE-2014-5149 CVE-2014-8594 CVE-2014-8595 CVE-2014-9030 Bug #770230 [src:xen] CVE-2014-5146 CVE-2014-5149 CVE-2014-8594 CVE-2014-8595 Changed Bug title to 'xen: CVE-2014-5146 CVE-2014-5149 CVE-2014-8594 CVE-2014-8595 CVE-2014-9030' from 'CVE-2014-5146 CVE-2014-5149 CVE-2014-8594

Any suggestions how user login/logouts should look like in log files? I was thinking: (connected to imaps port) Login: username [IP 1.2.3.4, imaps, compressed] Logout: username [IP 1.2.3.4, imaps, compressed] [1000/100000 bytes (50%), 00:00:12] Bytes being upload/download and the 50% meaning compression ratio for downloaded bytes, probably not worth it for upload. Or if uncompressed, it'd

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2012-4411 / XSA-19 version 2 guest administrator can access qemu monitor console UPDATES IN VERSION 2 ==================== We have now been issued with a CVE number. ISSUE DESCRIPTION ================= A guest administrator who is granted access to the graphical console of a Xen guest

Source: xen Version: 4.17.0+46-gaaf74a532c-1 Severity: grave Tags: security upstream X-Debbugs-Cc: carnil at debian.org, Debian Security Team <team at security.debian.org> Hi, The following vulnerabilities were published for xen. CVE-2022-42331[0]: | x86: speculative vulnerability in 32bit SYSCALL path Due to an | oversight in the very original Spectre/Meltdown security work | (XSA-254),

* Timo Sirainen schrieb am 28.04.15 um 11:35 Uhr: >On 28 Apr 2015, at 11:35, Timo Sirainen <tss at iki.fi> wrote: >> >> On 28 Apr 2015, at 04:15, Edwardo Garcia <wdgarc88 at gmail.com> wrote: >>> When can we expect 2.2.17 to resolve this? >> >> As far as I know this doesn't affect any of the major distributions where Dovecot is commonly used

On Wed, Nov 19, 2014 at 11:45:02PM +0100, Moritz Muehlenhoff wrote: > Source: xen > Severity: grave > Tags: security > > Hi, > the following security issues apply to Xen in jessie: > > CVE-2014-5146,CVE-2014-5149: > https://marc.info/?l=oss-security&m=140784877111813&w=2 > > CVE-2014-8594: >

Source: xen Version: 4.17.2+55-g0b56bed864-1 Severity: important Tags: security upstream X-Debbugs-Cc: carnil at debian.org, Debian Security Team <team at security.debian.org> Hi, The following vulnerabilities were published for xen. CVE-2023-46835[0]: | x86/AMD: mismatch in IOMMU quarantine page table levels CVE-2023-46836[1]: | x86: BTC/SRSO fixes not fully effective If you fix the

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Folks, As a small means of community service, I've decided to provide an unofficial patched version of 3.0.24 (tagged as 3.0.24-gc-1) to address the CVE-2007-2444, CVE-2007-2446, and CVE-2007-2447 security advisories. The bzr branch is hosted at http://people.samba.org/bzr/jerry/samba-3-0-24-gc.bzr/ The source tarball is available from

Hi, We are using Samba 3.4.2 on Oracle Solaris 10 UNIX server. I am looking at the samba site for patches for the CVE-2012-1182 vulnerability, but the closest patch versions I see are for samba 3.4.15 & 3.4.16. Is there a specific patch to fix samba 3.4.2? Also, since we are patching, is there a cluster of patches available specifically for samba 3.4.2? Can you please point me to the links

Package: xen-3 Version: 3.1.0-1 Severity: grave Tags: security patch Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for xen-3. CVE-2007-5907[0]: | Xen 3.1.1 does not prevent modification of the CR4 TSC from | applications, which allows pv guests to cause a denial of service | (crash). CVE-2007-5906[1]: | Xen 3.1.1 allows virtual guest system users to cause a |

Old versions of both virt-edit and the guestfish "edit" command created a new file containing the changes but did not set the permissions, etc of the new file to match the old one. The result of this was that if you edited a security sensitive file such as "/etc/shadow" then it would be left world-readable after the edit. This issue was assigned CVE-2012-2690, and is fixed in