similar to: Updated Xen packages for XSA 216..225

Displaying 20 results from an estimated 1000 matches similar to: "Updated Xen packages for XSA 216..225"

2017 Sep 12
3
Updated Xen packages for XSA 216..225
Moritz M?hlenhoff writes ("Re: Updated Xen packages for XSA 216..225"): > Sorry for the late reply. The updates look fine and I've written > up an advisory text. > > I don't use Xen myself and don't have a test setup. Have these > been tested on a jessie/stretch system already or shall we pass > these to users who've volunteered for tests in the past?
2017 Sep 04
3
Updated Xen packages for XSA 216..225
On Mon, Aug 07, 2017 at 01:15:56PM +0200, Moritz Muehlenhoff wrote: > On Mon, Jul 17, 2017 at 03:58:20PM +0100, Ian Jackson wrote: > > Salvatore Bonaccorso writes ("Re: Updated Xen packages for XSA 216..225"): > > > On Tue, Jul 11, 2017 at 11:34:38PM +0200, Moritz Muehlenhoff wrote: > > > > On Mon, Jul 03, 2017 at 12:33:54PM +0100, Ian Jackson wrote: >
2017 Jul 17
2
Updated Xen packages for XSA 216..225
Salvatore Bonaccorso writes ("Re: Updated Xen packages for XSA 216..225"): > On Tue, Jul 11, 2017 at 11:34:38PM +0200, Moritz Muehlenhoff wrote: > > On Mon, Jul 03, 2017 at 12:33:54PM +0100, Ian Jackson wrote: > > > Moritz M?hlenhoff writes ("Re: Updated Xen packages for XSA 216..225"): > > > > Sorry for the late reply, was on vacation for a week.
2017 Sep 13
2
Updated Xen packages for XSA 216..225
Moritz M?hlenhoff writes ("Re: Updated Xen packages for XSA 216..225"): > Since the queue was already quite big and this update was ready > I went ahead and released what we had for now. Yes, sorry, I should have been explicit that that's what I expected you to do... Ian.
2017 Jul 11
2
Updated Xen packages for XSA 216..225
On Mon, Jul 03, 2017 at 12:33:54PM +0100, Ian Jackson wrote: > Moritz M?hlenhoff writes ("Re: Updated Xen packages for XSA 216..225"): > > Sorry for the late reply, was on vacation for a week. What's the status > > of jessie? Most of the XSAs seem to affect oldstable as well. > > Sorry, I forgot about them... > > I will see what I can do. Did you look
2017 Jul 02
2
Updated Xen packages for XSA 216..225
On Tue, Jun 20, 2017 at 02:06:17PM +0100, Ian Jackson wrote: > Ian Jackson writes ("Updated Xen packages for XSA 216..225"): > > FYI I will have an upload ready RSN. Where should I send it ? > > > > Matthew Vernon has offered to test my amd64 binaries. I will test the > > i386 packages myself. > > In fact, I have built and tested amd64 binaries.
2012 Dec 03
0
Uncontrolled disclosure of advisories XSA-26 to XSA-32
We just sent the message below to the security advisory predisclosure list, relating to the release of XSA-26 to XSA-32. As you will see, these have now been publicly released. We''ll have a proper conversation about this in a week or two. Thanks for your attention, Ian. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 We regret to announce that a member of the predisclosure list
2015 May 13
0
Xen Security Advisory 133 (CVE-2015-3456) - Privilege escalation via emulated floppy disk drive
xen-4.4.2-2, available from the virt6-testing repository, includes the fix for this issue. Note that Xen actually does attempt to disable the floppy disk for HVM domains by default, but due to a bug in qemu, the floppy disk only partially disabled; enough functionality to exploit this bug remains. This should be available from the normal xen4 repositories sometime this afternoon. -George
2015 Mar 10
2
Bug#780227: XSA-123 / CVE-2015-2151 Hypervisor memory corruption due to x86 emulator flaw
Package: xen-hypervisor-4.1-amd64 Version: 4.1.4-3+deb7u4 Severity: critical Hi, Not sure how come I'm the first one to file this kind of a bug report :) but here goes JFTR... http://xenbits.xen.org/xsa/advisory-123.html was embargoed, but advance warning was given to several big Xen VM farms, which led to e.g. https://aws.amazon.com/premiumsupport/maintenance-2015-03/
2017 Jun 20
4
Updated Xen packages for XSA 216..225
FYI I will have an upload ready RSN. Where should I send it ? Matthew Vernon has offered to test my amd64 binaries. I will test the i386 packages myself. Ian.
2017 May 04
4
Xen package security updates for jessie 4.4, XSA-213, XSA-214
Moritz Muehlenhoff writes ("Re: Xen package security updates for jessie 4.4, XSA-213, XSA-214"): > Yes, the distribution line should be jessie-security, but please send > a debdiff to team at security.debian.org for a quick review before > uploading (I have no idea whether dgit supports security-master). Here is the proposed debdiff (actually, a git diff) for xen in jessie. My
2019 Jun 28
0
Are XSA-289, XSA-274/CVE-2018-14678 fixed ?
Looks like this never got a response from anyone. On 6/25/19 10:15 AM, Yuriy Kohut wrote: > Hello, > > Are XSA-289 and XSA-274/CVE-2018-14678 fixed with Xen recent 4.8, 4.10 and kernel 4.9.177 packages ? XSA-289 is a tricky subject. In the end, it was effectively decided that these patches were not recommended until they were reviewed again and XSA-289 has no official list of flaws
2013 Dec 02
0
Xen Security Advisory 82 (CVE-2013-6885) - Guest triggerable AMD CPU erratum may cause host hang
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2013-6885 / XSA-82 version 3 Guest triggerable AMD CPU erratum may cause host hang UPDATES IN VERSION 3 ==================== Early public release. This issue was predisclosed under embargo by the Xen Project Security team, on the 27th of November. We treated the issue
2017 May 04
2
Xen package security updates for jessie 4.4, XSA-213, XSA-214
Ian Jackson writes ("64bit PV guest breakout [XSA-213]"): > Source: xen > Version: 4.4.1-9 > Severity: important > Tags: security upstream fixed-upstream > > See > https://xenbits.xen.org/xsa/advisory-213.html Ian Jackson writes ("grant transfer allows PV guest to elevate privileges [XSA-214]"): > Source: xen > Version: 4.4.1-9 > Severity:
2017 Feb 18
0
Xen updates in the Testing Repo for XSA-207 and XSA-208
On 02/17/2017 02:32 PM, Kevin Stange wrote: > Given the circumstances, might it make sense to offer formal advisories > of some type for these to indicate when the packages going to live are > for security or other reasons? > We release xen every 2nd (even numbered) release as a goal (4.4, 4.6, 4.8) We don't normally release anything other than security updates. This is a SIG
2017 Nov 28
0
4.4.4-26 with XSA-226, 227, 230 in centos-virt-testing
On 11/28/2017 10:11 AM, Johnny Hughes wrote: > Kevin has been rolling back the security updates to the 4.4 branch. He > has been working with some of the other distros (debian for sure, and > some others on the xen security list). > > I think it is his intention to continue this for as long as he is able > to. (Kevin, chime in if you have a schedule lifetime or EOL in mind)
2018 Aug 15
6
Xen Security Update - XSA-{268,269,272,273}
Dear Security Team, I have prepared a new upload addressing a number of open security issues in Xen. Due to the complexity of the patches that address XSA-273 [0] the packages have been built from upstream's staging-4.8 / staging-4.10 branch again as recommended in that advisory. Commits on those branches are restricted to those that address the following XSAs (cf. [1]): - XSA-273
2015 May 15
2
CVE-2015-3456 / XSA-133 / "Venom" @ Debian Xen
Hello Debian Xen team, I have two questions regarding Xen vulnerability CVE-2015-3456 / XSA-133 / "Venom" in Debian [1]: * I noticed that [1] says 4.4.1-9 not to be vulnerable ("fixed") but according to the Debian Changelog [2] 4.4.1-9 appeared in Debian before XSA-133 was published and xen_4.4.1-9.debian.tar.xz [3] does not seem to contain any XSA-133 patch.
2019 Jun 25
2
Are XSA-289, XSA-274/CVE-2018-14678 fixed ?
Hello, Are XSA-289 and XSA-274/CVE-2018-14678 fixed with Xen recent 4.8, 4.10 and kernel 4.9.177 packages ? Thank you
2017 May 04
2
Bug#861660: Xen package security updates for jessie 4.4, XSA-213, XSA-214
Moritz Muehlenhoff writes ("Re: Xen package security updates for jessie 4.4, XSA-213, XSA-214"): > On Thu, May 04, 2017 at 05:59:18PM +0100, Ian Jackson wrote: > > Should I put jessie-security in the debian/changelog and dgit push it > > (ie, from many people's pov, dput it) ? > > Yes, the distribution line should be jessie-security, but please send > a