similar to: CVE-2015-7835

Displaying 20 results from an estimated 11000 matches similar to: "CVE-2015-7835"

2015 Nov 04
1
CVE-2015-7835
>> There was new packages (4.4.3-3) released on Oct 29, but they don't >> address the CVE-2015-7835 problems. Does anyone have news about a >> rebuild with this fix applied? Or should we make our own build? > > Actually they do includu CVE-2015-7835 (aka XSA-148) -- I just made a > mistake when I made the changelog. Sorry about that. > > -George Ah, I
2015 Nov 04
0
CVE-2015-7835
On Wed, Nov 4, 2015 at 1:18 PM, Jens Larsson <jens at nsc.liu.se> wrote: > Hi, > > There was new packages (4.4.3-3) released on Oct 29, but they don't > address the CVE-2015-7835 problems. Does anyone have news about a > rebuild with this fix applied? Or should we make our own build? Actually they do includu CVE-2015-7835 (aka XSA-148) -- I just made a mistake when I made
2015 Mar 10
2
Bug#780227: XSA-123 / CVE-2015-2151 Hypervisor memory corruption due to x86 emulator flaw
Package: xen-hypervisor-4.1-amd64 Version: 4.1.4-3+deb7u4 Severity: critical Hi, Not sure how come I'm the first one to file this kind of a bug report :) but here goes JFTR... http://xenbits.xen.org/xsa/advisory-123.html was embargoed, but advance warning was given to several big Xen VM farms, which led to e.g. https://aws.amazon.com/premiumsupport/maintenance-2015-03/
2015 Jan 26
2
Bug#776319: CVE-2015-0361
Source: xen Severity: important Tags: security Hi, please see http://xenbits.xen.org/xsa/advisory-116.html for details and a patch. Cheers, Moritz
2017 Apr 04
4
Bug#859560: xen: CVE-2017-7228: x86: broken check in memory_exchange() permits PV guest breakout (XSA-212)
Source: xen Version: 4.8.1~pre.2017.01.23-1 Severity: grave Tags: security upstream Justification: user security hole Hi, the following vulnerability was published for xen. CVE-2017-7228[0]: | An issue (known as XSA-212) was discovered in Xen, with fixes available | for 4.8.x, 4.7.x, 4.6.x, 4.5.x, and 4.4.x. The earlier XSA-29 fix | introduced an insufficient check on XENMEM_exchange input,
2019 Jun 25
2
Are XSA-289, XSA-274/CVE-2018-14678 fixed ?
Hello, Are XSA-289 and XSA-274/CVE-2018-14678 fixed with Xen recent 4.8, 4.10 and kernel 4.9.177 packages ? Thank you
2014 Nov 19
2
Bug#770230: CVE-2014-5146 CVE-2014-5149 CVE-2014-8594 CVE-2014-8595
Source: xen Severity: grave Tags: security Hi, the following security issues apply to Xen in jessie: CVE-2014-5146,CVE-2014-5149: https://marc.info/?l=oss-security&m=140784877111813&w=2 CVE-2014-8594: https://marc.info/?l=oss-security&m=141631359901060&w=2 CVE-2014-8595: https://marc.info/?l=oss-security&m=141631352601020&w=2 Cheers, Moritz
2014 Nov 21
0
Bug#770230: CVE-2014-5146 CVE-2014-5149 CVE-2014-8594 CVE-2014-8595
On Wed, Nov 19, 2014 at 11:45:02PM +0100, Moritz Muehlenhoff wrote: > Source: xen > Severity: grave > Tags: security > > Hi, > the following security issues apply to Xen in jessie: > > CVE-2014-5146,CVE-2014-5149: > https://marc.info/?l=oss-security&m=140784877111813&w=2 > > CVE-2014-8594: >
2014 Jun 17
1
Bug#751894: xen: CVE-2014-4021 / XSA-100
Package: xen Version: 4.0.1-5.11 Severity: important Tags: security, fixed-upstream Please see for details: http://www.openwall.com/lists/oss-security/2014/06/17/6 Patch: http://seclists.org/oss-sec/2014/q2/att-549/xsa100.patch --- Henri Salo -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc:
2015 May 15
2
CVE-2015-3456 / XSA-133 / "Venom" @ Debian Xen
Hello Debian Xen team, I have two questions regarding Xen vulnerability CVE-2015-3456 / XSA-133 / "Venom" in Debian [1]: * I noticed that [1] says 4.4.1-9 not to be vulnerable ("fixed") but according to the Debian Changelog [2] 4.4.1-9 appeared in Debian before XSA-133 was published and xen_4.4.1-9.debian.tar.xz [3] does not seem to contain any XSA-133 patch.
2018 Aug 15
6
Xen Security Update - XSA-{268,269,272,273}
Dear Security Team, I have prepared a new upload addressing a number of open security issues in Xen. Due to the complexity of the patches that address XSA-273 [0] the packages have been built from upstream's staging-4.8 / staging-4.10 branch again as recommended in that advisory. Commits on those branches are restricted to those that address the following XSAs (cf. [1]): - XSA-273
2015 Mar 31
1
Bug#781620: CVE-2015-2751 CVE-2015-2752 CVE-2015-2756
Source: xen Severity: important Tags: security Please see http://xenbits.xen.org/xsa/advisory-125.html http://xenbits.xen.org/xsa/advisory-126.html http://xenbits.xen.org/xsa/advisory-127.html Cheers, Moritz
2012 Sep 05
7
Xen Security Advisory 17 (CVE-2012-3515) - Qemu VT100 emulation vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2012-3515 / XSA-17 version 2 Qemu VT100 emulation vulnerability UPDATES IN VERSION 2 ==================== Public release. ISSUE DESCRIPTION ================= The device model used by fully virtualised (HVM) domains, qemu, does not properly handle escape VT100
2012 Sep 05
7
Xen Security Advisory 17 (CVE-2012-3515) - Qemu VT100 emulation vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2012-3515 / XSA-17 version 2 Qemu VT100 emulation vulnerability UPDATES IN VERSION 2 ==================== Public release. ISSUE DESCRIPTION ================= The device model used by fully virtualised (HVM) domains, qemu, does not properly handle escape VT100
2015 Feb 18
0
Bug#776319: CVE-2015-0361
retitle 776319 xen: CVE-2015-0361 CVE-2015-1563 thanks On Mon, Jan 26, 2015 at 08:52:53PM +0100, Moritz Muehlenhoff wrote: > Source: xen > Severity: important > Tags: security > > Hi, > please see http://xenbits.xen.org/xsa/advisory-116.html > for details and a patch. Also http://xenbits.xen.org/xsa/advisory-118.html needs to be fixed in jessie. Cheers, Moritz
2017 May 04
2
Bug#861660: Xen package security updates for jessie 4.4, XSA-213, XSA-214
Moritz Muehlenhoff writes ("Re: Xen package security updates for jessie 4.4, XSA-213, XSA-214"): > On Thu, May 04, 2017 at 05:59:18PM +0100, Ian Jackson wrote: > > Should I put jessie-security in the debian/changelog and dgit push it > > (ie, from many people's pov, dput it) ? > > Yes, the distribution line should be jessie-security, but please send > a
2017 Sep 13
2
Updated Xen packages for XSA 216..225
Moritz M?hlenhoff writes ("Re: Updated Xen packages for XSA 216..225"): > Since the queue was already quite big and this update was ready > I went ahead and released what we had for now. Yes, sorry, I should have been explicit that that's what I expected you to do... Ian.
2016 Jan 13
1
CentOS 6 Xen: XSAs 167-169, update to Xen 4.6
XSA 169 is out, but is low-priority and has a work-around, so I'm going to batch it together with XSAs 167-168 and release a new 4.4.3 package when the embargo is lifted next Wednesday. This will be the last XSA update for the 4.4.3 packages. Today or tomorrow I will push the Xen 4.6.0 packages to buildlogs for testing; and sometime after the final 4.4.3 packages are released, I will push
2016 Feb 17
8
XSAs 170 and 154, repository layouts, and centos-release-xen 8-1
I have the following packages going through the CBS: * A CentOS 7 xen-4.6.1-2, with XSAs 170 and 154 * A CentOS 6 xen-4.6.1-2, with XSAs 170 and 154 * A CentOS 6 xen-4.4.3-11, with XSAs 170 All these should show up in mirrors hopefully sometime later today. As usual, please report any problems here. Xen 4.4 only has XSA 170 because at the time the embargo was lifted, I didn't have a suitable
2013 Apr 18
1
Xen Security Advisory 44 (CVE-2013-1917) - Xen PV DoS vulnerability with SYSENTER
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2013-1917 / XSA-44 version 2 Xen PV DoS vulnerability with SYSENTER UPDATES IN VERSION 2 ==================== Public release. ISSUE DESCRIPTION ================= The SYSENTER instruction can be used by PV guests to accelerate system call processing. This