similar to: Bug#751894: xen: CVE-2014-4021 / XSA-100

Source: xen Severity: grave Tags: security The following security issues are still open in 4.4.0-1: Xen Security Advisory CVE-2014-2599 / XSA-89 https://marc.info/?l=oss-security&m=139643934717922&w=2 Xen Security Advisory CVE-2014-3124 / XSA-92 https://marc.info/?l=oss-security&m=139894169729664&w=2 Xen Security Advisory CVE-2014-3967,CVE-2014-3968 / XSA-96

Hi, i visited your homepage http://syslinux.zytor.com/iso.php and tried to find a downloadable Version of isolinux, but couldnt find it... I need it for mindi/mondo. So here is my question: where can I get it? with best regards Mario Caspari Salo Holding AG Spaldingstrasse 57-59 20097 HAMBURG fon: +49(040)23916-136 fax: +49(040)23916-228 mail: mariocaspari at salo-ag.de web: www.salo-ag.de

Processing commands for control at bugs.debian.org: > reassign 751894 src:xen Bug #751894 [xen] xen: CVE-2014-4021 / XSA-100 Bug reassigned from package 'xen' to 'src:xen'. No longer marked as found in versions 4.3.0-3. Ignoring request to alter fixed versions of bug #751894 to the same values previously set > merge 757724 751894 Bug #757724 [src:xen] Multiple security

Processing commands for control at bugs.debian.org: > found 751894 4.3.0-3 Bug #751894 [xen] xen: CVE-2014-4021 / XSA-100 There is no source info for the package 'xen' at version '4.3.0-3' with architecture '' Unable to make a source version for version '4.3.0-3' Marked as found in versions 4.3.0-3. > thanks Stopping processing here. Please contact me if you

Processing commands for control at bugs.debian.org: > notfound 751894 4.0.1-5.11 Bug #751894 [xen] xen: CVE-2014-4021 / XSA-100 There is no source info for the package 'xen' at version '4.0.1-5.11' with architecture '' Unable to make a source version for version '4.0.1-5.11' No longer marked as found in versions 4.0.1-5.11. > thanks Stopping processing here.

Hey, Has anyone managed to bypass or fix the ferret''s .dump method problem? When I include acts_as_ferret my whole rails app just blows up because of Ferret''s .dump method. Ex: --- print "\t hello".dump >> "\t hello">Exit code: 0 --- --- require ''ferret'' print "\t hello".dump >> " hello"(NUL

Hello, Are XSA-289 and XSA-274/CVE-2018-14678 fixed with Xen recent 4.8, 4.10 and kernel 4.9.177 packages ? Thank you

We just sent the message below to the security advisory predisclosure list, relating to the release of XSA-26 to XSA-32. As you will see, these have now been publicly released. We''ll have a proper conversation about this in a week or two. Thanks for your attention, Ian. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 We regret to announce that a member of the predisclosure list

Ian Jackson writes ("64bit PV guest breakout [XSA-213]"): > Source: xen > Version: 4.4.1-9 > Severity: important > Tags: security upstream fixed-upstream > > See > https://xenbits.xen.org/xsa/advisory-213.html Ian Jackson writes ("grant transfer allows PV guest to elevate privileges [XSA-214]"): > Source: xen > Version: 4.4.1-9 > Severity:

Moritz Muehlenhoff writes ("Re: Xen package security updates for jessie 4.4, XSA-213, XSA-214"): > On Thu, May 04, 2017 at 05:59:18PM +0100, Ian Jackson wrote: > > Should I put jessie-security in the debian/changelog and dgit push it > > (ie, from many people's pov, dput it) ? > > Yes, the distribution line should be jessie-security, but please send > a

Looks like this never got a response from anyone. On 6/25/19 10:15 AM, Yuriy Kohut wrote: > Hello, > > Are XSA-289 and XSA-274/CVE-2018-14678 fixed with Xen recent 4.8, 4.10 and kernel 4.9.177 packages ? XSA-289 is a tricky subject. In the end, it was effectively decided that these patches were not recommended until they were reviewed again and XSA-289 has no official list of flaws

On 02/17/2017 02:32 PM, Kevin Stange wrote: > Given the circumstances, might it make sense to offer formal advisories > of some type for these to indicate when the packages going to live are > for security or other reasons? > We release xen every 2nd (even numbered) release as a goal (4.4, 4.6, 4.8) We don't normally release anything other than security updates. This is a SIG

There are xen rpms in the testing repos for XSA 207 and 208 in the testing repos (xen-4.4.4-18.el6, xen-4.6.3-7.el6, xen-4.6.3-7.el7). You can enable the applicable centos-virt-xen-testing repo in your /etc/yum.repos.d/CentOS-Xen.repo file. Please report positive and negative tests to this list so we can promote the updates to the main repos. Thanks, Johnny Hughes -------------- next part

These updates have now been pushed to mirror.centos.org and you can get them from the main repos. On 02/15/2017 08:27 AM, Johnny Hughes wrote: > There are xen rpms in the testing repos for XSA 207 and 208 in the > testing repos (xen-4.4.4-18.el6, xen-4.6.3-7.el6, xen-4.6.3-7.el7). > > You can enable the applicable centos-virt-xen-testing repo in your >

Given the circumstances, might it make sense to offer formal advisories of some type for these to indicate when the packages going to live are for security or other reasons? On 02/17/2017 09:51 AM, Johnny Hughes wrote: > These updates have now been pushed to mirror.centos.org and you can get > them from the main repos. > > On 02/15/2017 08:27 AM, Johnny Hughes wrote: >> There

Processing commands for control at bugs.debian.org: > merge 757724 751894 Bug #757724 [src:xen] Multiple security issues Unable to merge bugs because: package of #751894 is 'xen' not 'src:xen' Failed to merge 757724: Did not alter merged bugs Debbugs::Control::set_merged('transcript', 'GLOB(0x34d0490)', 'requester', 'Ian Campbell <ijc at

Salvatore Bonaccorso writes ("Re: Updated Xen packages for XSA 216..225"): > On Tue, Jul 11, 2017 at 11:34:38PM +0200, Moritz Muehlenhoff wrote: > > On Mon, Jul 03, 2017 at 12:33:54PM +0100, Ian Jackson wrote: > > > Moritz M?hlenhoff writes ("Re: Updated Xen packages for XSA 216..225"): > > > > Sorry for the late reply, was on vacation for a week.

Moritz M?hlenhoff writes ("Re: Updated Xen packages for XSA 216..225"): > Since the queue was already quite big and this update was ready > I went ahead and released what we had for now. Yes, sorry, I should have been explicit that that's what I expected you to do... Ian.

Hello Debian Xen team, I have two questions regarding Xen vulnerability CVE-2015-3456 / XSA-133 / "Venom" in Debian [1]: * I noticed that [1] says 4.4.1-9 not to be vulnerable ("fixed") but according to the Debian Changelog [2] 4.4.1-9 appeared in Debian before XSA-133 was published and xen_4.4.1-9.debian.tar.xz [3] does not seem to contain any XSA-133 patch.

So... it is theorized that XSA-108 is why amazon is rebooting. Is there any way for me to know when this update hits CentOS5 or xen4centos6? Do we know that it is *not* included in one of the centos patches?