similar to: Re: [oss-security] Xen Security Advisory 41 (CVE-2012-6075) - qemu (e1000 device driver): Buffer overflow when processing large packets

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2013-2072 / XSA-56 version 2 Buffer overflow in xencontrol Python bindings affecting xend UPDATES IN VERSION 2 ==================== Public release. ISSUE DESCRIPTION ================= The Python bindings for the xc_vcpu_setaffinity call do not properly check their inputs. Systems

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 09/06/2012 10:13 AM, Xen.org security team wrote: > Xen Security Advisory XSA-19 > > guest administrator can access qemu monitor console > > > ISSUE DESCRIPTION > ================= > > A guest administrator who is granted access to the graphical console > of a Xen guest can access the qemu

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2012-4544,CVE-2012-2625 / XSA-25 version 2 Xen domain builder Out-of-memory due to malicious kernel/ramdisk UPDATES IN VERSION 2 ==================== Clarify that XSA-25 is reporting, via the Xen.org security process, both CVE-2012-4544 and CVE-2012-2625. Also we would like to

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2013-4494 / XSA-73 version 3 Lock order reversal between page allocation and grant table locks UPDATES IN VERSION 3 ==================== The issue has been assigned CVE-2013-4494. NOTE REGARDING LACK OF EMBARGO ============================== While the response to this issue

Hello! Greg MacManus, of iSIGHT Partners Labs, found a security problem in several recent versions of nginx. A stack-based buffer overflow might occur in a worker process while handling a specially crafted request, potentially resulting in arbitrary code execution (CVE-2013-2028). The problem affects nginx 1.3.9 - 1.4.0. The problem is fixed in nginx 1.5.0, 1.4.1. Patch for the problem can be

X.Org Security Advisory: Feb 10, 2015 - CVE-2015-0255 Information leak in the XkbSetGeometry request of X servers =========================================================== Description: ============ Olivier Fourdan from Red Hat has discovered a protocol handling issue in the way the X server code base handles the XkbSetGeometry request. The issue stems from the server trusting the client to

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2012-3496 / XSA-14 version 3 XENMEM_populate_physmap DoS vulnerability UPDATES IN VERSION 3 ==================== Public release. Credit Matthew Daley. ISSUE DESCRIPTION ================= XENMEM_populate_physmap can be called with invalid flags. By calling it with

X.Org Security Advisory: March 29, 2023 X.Org Server Overlay Window Use-After-Free ========================================== This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. ZDI-CAN-19866/CVE-2023-1393: X.Org Server Overlay Window Use-After-Free Local Privilege Escalation Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2013-4375 / XSA-71 version 2 qemu disk backend (qdisk) resource leak UPDATES IN VERSION 2 ==================== Public release Fix patch header corruption in xsa71-qemu-xen-unstable.patch. ISSUE DESCRIPTION ================= The qdisk PV disk backend in the

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2013-6885 / XSA-82 version 3 Guest triggerable AMD CPU erratum may cause host hang UPDATES IN VERSION 3 ==================== Early public release. This issue was predisclosed under embargo by the Xen Project Security team, on the 27th of November. We treated the issue

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2012-4544 / XSA-25 Xen domain builder Out-of-memory due to malicious kernel/ramdisk ISSUE DESCRIPTION ================= The Xen PV domain builder contained no validation of the size of the supplied kernel or ramdisk either before or after decompression. This could cause the toolstack to consume all available RAM

Good day. Spotted the CVE-2007-1870: the clamav 0.90.2 is already in the ports, but no sign of the issue in the VuXML. The entry is attached. One thing that is a bit strange is that the ChangeLog for the ClamAV (http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog) says about CVE-2007-1997 as the libclamav/cab.c log entry, but I think they are messed the numbers -- there is no such CVE, at

There's a heap overflow in qemu SLIRP which affects libguestfs, potentially allowing a malicious filesystem to take control of the confining qemu process and from there attack the host. It will affect libguestfs specifically when these two conditions are both met: - You're using the ‘direct’ backend. - Networking is enabled. The direct backend is the default upstream, but not in

On 3/28/2019 7:42 AM, Aki Tuomi via dovecot wrote: > olution: > Operators should update to the latest Patch Release. The only workaround > is to disable FTS and pop3-uidl plugin. Hi Aki, thanks for the CVE.? For quick mitigation, can you confirm how to disable these plugins and what they provide?? We'd like to assess if we are using them while we rollout the fix. Regards, KAM

On 3/28/2019 10:40 AM, Aki Tuomi wrote: > > check for fts in mail_plugins. pop3-uidl is used by pop3_migration > plugin. Sorry if I'm dense but can you be more specific?? Are you talking about checking conf files or binary files?? For example, does the existence of /usr/local/lib/dovecot/lib20_fts_plugin.so imply an exploitable situation?? Are their settings in a conf file that

X.Org Security Advisory: April 14, 2015 Buffer overflow in MakeBigReq macro in libX11 prior to 1.6 [CVE-2013-7439] ========================================================================== Description: ============ It's been brought to X.Org's attention that this commit: http://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=39547d600a13713e15429f49768e54c3173c828d which was included

Asterisk Project Security Advisory - AST-2007-024 +------------------------------------------------------------------------+ | Product | Zaptel | |--------------------+---------------------------------------------------| | Summary | Potential buffer overflow from command line | | |

Asterisk Project Security Advisory - AST-2007-024 +------------------------------------------------------------------------+ | Product | Zaptel | |--------------------+---------------------------------------------------| | Summary | Potential buffer overflow from command line | | |

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2012-4411 / XSA-19 version 2 guest administrator can access qemu monitor console UPDATES IN VERSION 2 ==================== We have now been issued with a CVE number. ISSUE DESCRIPTION ================= A guest administrator who is granted access to the graphical console of a Xen guest

<!doctype html> <html> <head> <meta charset="UTF-8"> </head> <body> <div> <br> </div> <blockquote type="cite"> <div> On 28 March 2019 16:37 Kevin A. McGrail via dovecot < <a href="mailto:dovecot@dovecot.org">dovecot@dovecot.org</a>> wrote: </div>