Displaying 20 results from an estimated 1000 matches similar to: "Bug#781620: CVE-2015-2751 CVE-2015-2752 CVE-2015-2756"
2015 Mar 22
1
Bug#780975: CVE-2015-2152
Source: xen
Severity: important
Tags: security
http://xenbits.xen.org/xsa/advisory-119.html
Cheers,
Moritz
2015 Mar 31
0
Processed: tagging 781620, found 781620 in 4.4.1-8
Processing commands for control at bugs.debian.org:
> tags 781620 + upstream fixed-upstream
Bug #781620 [src:xen] CVE-2015-2751 CVE-2015-2752 CVE-2015-2756
Added tag(s) upstream and fixed-upstream.
> found 781620 4.4.1-8
Bug #781620 [src:xen] CVE-2015-2751 CVE-2015-2752 CVE-2015-2756
Marked as found in versions xen/4.4.1-8.
> thanks
Stopping processing here.
Please contact me if you
2015 Jan 26
2
Bug#776319: CVE-2015-0361
Source: xen
Severity: important
Tags: security
Hi,
please see http://xenbits.xen.org/xsa/advisory-116.html
for details and a patch.
Cheers,
Moritz
2012 Jul 30
5
Bug#683279: CVE-2012-3432
Package: xen
Severity: grave
Tags: security
Please see
http://www.openwall.com/lists/oss-security/2012/07/26/4
Cheers,
Moritz
2015 Mar 10
2
Bug#780227: XSA-123 / CVE-2015-2151 Hypervisor memory corruption due to x86 emulator flaw
Package: xen-hypervisor-4.1-amd64
Version: 4.1.4-3+deb7u4
Severity: critical
Hi,
Not sure how come I'm the first one to file this kind of a bug report :)
but here goes JFTR...
http://xenbits.xen.org/xsa/advisory-123.html was embargoed, but advance
warning was given to several big Xen VM farms, which led to e.g.
https://aws.amazon.com/premiumsupport/maintenance-2015-03/
2017 Jul 17
2
Updated Xen packages for XSA 216..225
Salvatore Bonaccorso writes ("Re: Updated Xen packages for XSA 216..225"):
> On Tue, Jul 11, 2017 at 11:34:38PM +0200, Moritz Muehlenhoff wrote:
> > On Mon, Jul 03, 2017 at 12:33:54PM +0100, Ian Jackson wrote:
> > > Moritz M?hlenhoff writes ("Re: Updated Xen packages for XSA 216..225"):
> > > > Sorry for the late reply, was on vacation for a week.
2012 Sep 19
5
Bug#688125: xen: CVE-2012-2625
Package: xen
Severity: important
Tags: security
Justification: user security hole
Hi,
This issue is still unfixed in Wheezy:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-2625
Patch:
http://xenbits.xensource.com/hg/xen-unstable.hg/rev/60f09d1ab1fe
Cheers,
Moritz
2011 Jan 10
1
Bug#609531: CVE-2010-4255: 64-bit PV xen guest can crash host by accessing hypervisor per-domain memory area
Package: xen
Severity: grave
Tags: security
Please see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4255
for a description and a link to the upstream report/patch.
Cheers,
Moritz
2017 May 04
2
Bug#861660: Xen package security updates for jessie 4.4, XSA-213, XSA-214
Moritz Muehlenhoff writes ("Re: Xen package security updates for jessie 4.4, XSA-213, XSA-214"):
> On Thu, May 04, 2017 at 05:59:18PM +0100, Ian Jackson wrote:
> > Should I put jessie-security in the debian/changelog and dgit push it
> > (ie, from many people's pov, dput it) ?
>
> Yes, the distribution line should be jessie-security, but please send
> a
2016 May 06
3
Bug#823620: Multiple security issues
Source: xen
Severity: grave
Tags: security
Multiple vulnerabilities are unfixed in xen:
CVE-2015-5307:
http://xenbits.xen.org/xsa/advisory-156.html
CVE-2016-3960
http://xenbits.xen.org/xsa/advisory-173.html
CVE-2016-3159 / CVE-2016-3158
http://xenbits.xen.org/xsa/advisory-172.html
CVE-2016-2271
http://xenbits.xen.org/xsa/advisory-170.html
CVE-2016-2270
2014 Nov 19
2
Bug#770230: CVE-2014-5146 CVE-2014-5149 CVE-2014-8594 CVE-2014-8595
Source: xen
Severity: grave
Tags: security
Hi,
the following security issues apply to Xen in jessie:
CVE-2014-5146,CVE-2014-5149:
https://marc.info/?l=oss-security&m=140784877111813&w=2
CVE-2014-8594:
https://marc.info/?l=oss-security&m=141631359901060&w=2
CVE-2014-8595:
https://marc.info/?l=oss-security&m=141631352601020&w=2
Cheers,
Moritz
2017 Jul 11
2
Updated Xen packages for XSA 216..225
On Mon, Jul 03, 2017 at 12:33:54PM +0100, Ian Jackson wrote:
> Moritz M?hlenhoff writes ("Re: Updated Xen packages for XSA 216..225"):
> > Sorry for the late reply, was on vacation for a week. What's the status
> > of jessie? Most of the XSAs seem to affect oldstable as well.
>
> Sorry, I forgot about them...
>
> I will see what I can do.
Did you look
2017 May 04
4
Xen package security updates for jessie 4.4, XSA-213, XSA-214
Moritz Muehlenhoff writes ("Re: Xen package security updates for jessie 4.4, XSA-213, XSA-214"):
> Yes, the distribution line should be jessie-security, but please send
> a debdiff to team at security.debian.org for a quick review before
> uploading (I have no idea whether dgit supports security-master).
Here is the proposed debdiff (actually, a git diff) for xen in jessie.
My
2014 Aug 10
1
Bug#757724: Multiple security issues
Source: xen
Severity: grave
Tags: security
The following security issues are still open in 4.4.0-1:
Xen Security Advisory CVE-2014-2599 / XSA-89
https://marc.info/?l=oss-security&m=139643934717922&w=2
Xen Security Advisory CVE-2014-3124 / XSA-92
https://marc.info/?l=oss-security&m=139894169729664&w=2
Xen Security Advisory CVE-2014-3967,CVE-2014-3968 / XSA-96
2017 May 04
2
Xen package security updates for jessie 4.4, XSA-213, XSA-214
Ian Jackson writes ("64bit PV guest breakout [XSA-213]"):
> Source: xen
> Version: 4.4.1-9
> Severity: important
> Tags: security upstream fixed-upstream
>
> See
> https://xenbits.xen.org/xsa/advisory-213.html
Ian Jackson writes ("grant transfer allows PV guest to elevate privileges [XSA-214]"):
> Source: xen
> Version: 4.4.1-9
> Severity:
2015 Feb 18
0
Bug#776319: CVE-2015-0361
retitle 776319 xen: CVE-2015-0361 CVE-2015-1563
thanks
On Mon, Jan 26, 2015 at 08:52:53PM +0100, Moritz Muehlenhoff wrote:
> Source: xen
> Severity: important
> Tags: security
>
> Hi,
> please see http://xenbits.xen.org/xsa/advisory-116.html
> for details and a patch.
Also http://xenbits.xen.org/xsa/advisory-118.html needs to be fixed
in jessie.
Cheers,
Moritz
2015 Aug 16
0
Bug#795721: CVE-2015-3259 CVE-2015-3340 CVE-2015-4163 CVE-2015-4164
Source: xen
Severity: important
Tags: security
These Xen vulnerabilities are unfixed in unstable:
CVE-2015-4164:
http://xenbits.xen.org/xsa/advisory-136.html
CVE-2015-4163:
http://xenbits.xen.org/xsa/advisory-134.html
CVE-2015-3340:
http://xenbits.xen.org/xsa/advisory-132.html
CVE-2015-3259:
http://xenbits.xen.org/xsa/advisory-137.html
Cheers,
Moritz
2017 May 04
3
Bug#861660: Xen package security updates for jessie 4.4, XSA-213, XSA-214
Moritz Muehlenhoff writes ("Re: Xen package security updates for jessie 4.4, XSA-213, XSA-214"):
> On Thu, May 04, 2017 at 05:06:07PM +0100, Ian Jackson wrote:
> > I have fixed these in stretch but the jessie package remains unfixed.
> > I think I may be able to find some backports somewhere. Would that be
> > useful ? Is anyone else working on this ?
>
>
2014 Mar 12
2
libvirtError: this function is not supported by the connection driver: virInterfaceDefineXML
Hi,
Could anyone help I'm getting the following error when I tried to add a new
network interface.
DETAILS
Connection
---------------------------
import libvirt
conn = libvirt.open('qemu:///system')
Interface XML
----------------------
<interface type="bridge" name="br0">
<start mode="onboot"/>
<mtu size="1500"/>
2019 Jun 28
0
Are XSA-289, XSA-274/CVE-2018-14678 fixed ?
Looks like this never got a response from anyone.
On 6/25/19 10:15 AM, Yuriy Kohut wrote:
> Hello,
>
> Are XSA-289 and XSA-274/CVE-2018-14678 fixed with Xen recent 4.8, 4.10 and kernel 4.9.177 packages ?
XSA-289 is a tricky subject. In the end, it was effectively decided
that these patches were not recommended until they were reviewed again
and XSA-289 has no official list of flaws