Displaying 20 results from an estimated 4000 matches similar to: "Bug#823620: Multiple security issues"
2017 May 04
2
Xen package security updates for jessie 4.4, XSA-213, XSA-214
Ian Jackson writes ("64bit PV guest breakout [XSA-213]"):
> Source: xen
> Version: 4.4.1-9
> Severity: important
> Tags: security upstream fixed-upstream
>
> See
> https://xenbits.xen.org/xsa/advisory-213.html
Ian Jackson writes ("grant transfer allows PV guest to elevate privileges [XSA-214]"):
> Source: xen
> Version: 4.4.1-9
> Severity:
2015 Mar 31
1
Bug#781620: CVE-2015-2751 CVE-2015-2752 CVE-2015-2756
Source: xen
Severity: important
Tags: security
Please see
http://xenbits.xen.org/xsa/advisory-125.html
http://xenbits.xen.org/xsa/advisory-126.html
http://xenbits.xen.org/xsa/advisory-127.html
Cheers,
Moritz
2013 Nov 25
0
CESA-2013:X013 Important Xen4CentOS xen Security Update
CentOS Errata and Security Advisory 2013:X013 (Xen4CentOS)
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
-----------------------------
X86_64
-----------------------------
f3725f9d29b2fd85d3c9568d979b7ea0f26e1844bb7474b8ef4de2e124bae9ff xen-4.2.3-25.el6.centos.alt.x86_64.rpm
2013 Nov 26
0
CentOS-announce Digest, Vol 105, Issue 11
Send CentOS-announce mailing list submissions to
centos-announce at centos.org
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.centos.org/mailman/listinfo/centos-announce
or, via email, send a message with subject or body 'help' to
centos-announce-request at centos.org
You can reach the person managing the list at
centos-announce-owner at centos.org
When
2013 Dec 10
0
CESA-2013:X017 Xen4CentOS xen Security Update
CentOS Errata and Security Advisory 2013:X017 (Xen4CentOS)
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
-----------------------------
X86_64
-----------------------------
588443b1936d3da45e5872a1578722fdac5ddf0eaeb02b8e47854a3c1d7a45f5 xen-4.2.3-26.el6.centos.alt.x86_64.rpm
2014 Oct 01
0
CESA-2014:X010 Moderate xen Xen4CentOS Security Update
CentOS Errata and Security Advisory 2014:X010 (Xen4CentOS)
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
-----------------------------
X86_64
-----------------------------
f5a30e6c7c17a391dfc218cce2c2ca52dba4bf61d6c2d664faecda673d72fdea xen-4.2.5-33.el6.centos.alt.x86_64.rpm
2015 Jan 26
2
Bug#776319: CVE-2015-0361
Source: xen
Severity: important
Tags: security
Hi,
please see http://xenbits.xen.org/xsa/advisory-116.html
for details and a patch.
Cheers,
Moritz
CESA-2105:X001 Important xen kernel libvirt python-virtinst e1000e (Xen4CentOS Only) Security Update
2015 Jan 07
0
CESA-2105:X001 Important xen kernel libvirt python-virtinst e1000e (Xen4CentOS Only) Security Update
The following packages are updated for Xen4CentOS for CentOS 6:
Source:
942bc436e401c798991ae4ca956082c12a5a3b65ec53cd7ec9901dda7704f9b7 e1000e-2.5.4-3.10.63.2.el6.centos.alt.src.rpm
aa46f97636568c46295d2d99f1e33b5fda50df707a2a8321a516200b8b4e95a6 kernel-3.10.63-11.el6.centos.alt.src.rpm
ea44d2658e096ef6f00f7dfd4fecc6bff977d959563e4929539d23643b134c3a libvirt-0.10.2.8-9.el6.centos.alt.src.rpm
2018 Aug 15
6
Xen Security Update - XSA-{268,269,272,273}
Dear Security Team,
I have prepared a new upload addressing a number of open security
issues in Xen.
Due to the complexity of the patches that address XSA-273 [0] the
packages have been built from upstream's staging-4.8 / staging-4.10
branch again as recommended in that advisory. Commits on those branches
are restricted to those that address the following XSAs (cf. [1]):
- XSA-273
2015 Dec 09
0
xen_4.4.1-9+deb8u3_amd64.changes ACCEPTED into proposed-updates->stable-new
Mapping stable-security to proposed-updates.
Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 25 Nov 2015 13:03:13 +0000
Source: xen
Binary: libxen-4.4 libxenstore3.0 libxen-dev xenstore-utils xen-utils-common xen-utils-4.4 xen-hypervisor-4.4-amd64 xen-system-amd64 xen-hypervisor-4.4-arm64 xen-system-arm64 xen-hypervisor-4.4-armhf xen-system-armhf
Architecture:
2015 Dec 13
0
xen_4.4.1-9+deb8u3_amd64.changes ACCEPTED into proposed-updates->stable-new, proposed-updates
Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 25 Nov 2015 13:03:13 +0000
Source: xen
Binary: libxen-4.4 libxenstore3.0 libxen-dev xenstore-utils xen-utils-common xen-utils-4.4 xen-hypervisor-4.4-amd64 xen-system-amd64 xen-hypervisor-4.4-arm64 xen-system-arm64 xen-hypervisor-4.4-armhf xen-system-armhf
Architecture: source all amd64
Version: 4.4.1-9+deb8u3
2014 Feb 12
0
CESA-2014:X004 Moderate Xen4CentOS xen Security Update
CentOS Errata and Security Advisory 2014:X004 (Xen4CentOS)
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
-----------------------------
X86_64
-----------------------------
bb6f3ba6c19f731b233c6c0ec338f9b92f418664dc1fd4f31ddc2e3ee2848583 xen-4.2.3-28.el6.centos.alt.x86_64.rpm
2014 Jun 16
0
CESA-2014:X008 Moderate: Xen4CentOS xen Security Update
CentOS Errata and Security Advisory 2014:X008 (Xen4CentOS)
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
-----------------------------
X86_64
-----------------------------
58469d64c897d1deb6832b2cc69d1d28c83162075835d256ff56996aecb8d145 xen-4.2.4-33.el6.centos.alt.x86_64.rpm
2015 Mar 10
2
Bug#780227: XSA-123 / CVE-2015-2151 Hypervisor memory corruption due to x86 emulator flaw
Package: xen-hypervisor-4.1-amd64
Version: 4.1.4-3+deb7u4
Severity: critical
Hi,
Not sure how come I'm the first one to file this kind of a bug report :)
but here goes JFTR...
http://xenbits.xen.org/xsa/advisory-123.html was embargoed, but advance
warning was given to several big Xen VM farms, which led to e.g.
https://aws.amazon.com/premiumsupport/maintenance-2015-03/
2012 Dec 18
2
[ANNOUNCE] Xen 4.1.4 released
Folks,
I am pleased to announce the release of Xen 4.1.4. This is
available immediately from its mercurial repository:
http://xenbits.xen.org/xen-4.1-testing.hg (tag RELEASE-4.1.4)
This fixes the following critical vulnerabilities:
* CVE-2012-3494 / XSA-12:
hypercall set_debugreg vulnerability
* CVE-2012-3495 / XSA-13:
hypercall physdev_get_free_pirq vulnerability
* CVE-2012-3496 /
2015 Aug 16
0
Bug#795721: CVE-2015-3259 CVE-2015-3340 CVE-2015-4163 CVE-2015-4164
Source: xen
Severity: important
Tags: security
These Xen vulnerabilities are unfixed in unstable:
CVE-2015-4164:
http://xenbits.xen.org/xsa/advisory-136.html
CVE-2015-4163:
http://xenbits.xen.org/xsa/advisory-134.html
CVE-2015-3340:
http://xenbits.xen.org/xsa/advisory-132.html
CVE-2015-3259:
http://xenbits.xen.org/xsa/advisory-137.html
Cheers,
Moritz
2015 Jan 08
0
CentOS-announce Digest, Vol 119, Issue 2
Send CentOS-announce mailing list submissions to
centos-announce at centos.org
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.centos.org/mailman/listinfo/centos-announce
or, via email, send a message with subject or body 'help' to
centos-announce-request at centos.org
You can reach the person managing the list at
centos-announce-owner at centos.org
When
2017 May 04
4
Xen package security updates for jessie 4.4, XSA-213, XSA-214
Moritz Muehlenhoff writes ("Re: Xen package security updates for jessie 4.4, XSA-213, XSA-214"):
> Yes, the distribution line should be jessie-security, but please send
> a debdiff to team at security.debian.org for a quick review before
> uploading (I have no idea whether dgit supports security-master).
Here is the proposed debdiff (actually, a git diff) for xen in jessie.
My
2014 Oct 02
0
CentOS-announce Digest, Vol 116, Issue 2
Send CentOS-announce mailing list submissions to
centos-announce at centos.org
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.centos.org/mailman/listinfo/centos-announce
or, via email, send a message with subject or body 'help' to
centos-announce-request at centos.org
You can reach the person managing the list at
centos-announce-owner at centos.org
When
2012 Aug 10
0
[ANNOUNCE] Xen 4.1.3 and 4.0.4 released
Folks,
I am pleased to announce the release of Xen 4.0.4 and 4.1.3. These are
available immediately from their respective mercurial repositories:
http://xenbits.xen.org/xen-4.0-testing.hg (tag RELEASE-4.0.4)
http://xenbits.xen.org/xen-4.1-testing.hg (tag RELEASE-4.1.3)
These fix the following critical vulnerabilities:
* CVE-2012-0217 / XSA-7:
PV guest privilege escalation vulnerability
*