Displaying 20 results from an estimated 1000 matches similar to: "Bug#1031567: xen: CVE-2022-27672: XSA-426: x86: Cross-Thread Return Address Predictions"
2023 Mar 21
2
Bug#1033297: xen: CVE-2022-42331 CVE-2022-42332 CVE-2022-42333 CVE-2022-42334
Source: xen
Version: 4.17.0+46-gaaf74a532c-1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: carnil at debian.org, Debian Security Team <team at security.debian.org>
Hi,
The following vulnerabilities were published for xen.
CVE-2022-42331[0]:
| x86: speculative vulnerability in 32bit SYSCALL path Due to an
| oversight in the very original Spectre/Meltdown security work
| (XSA-254),
2023 Jan 28
1
Bug#1029830: xen: CVE-2022-42330
Source: xen
Version: 4.17.0-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: carnil at debian.org, Debian Security Team <team at security.debian.org>
Hi,
The following vulnerability was published for xen.
CVE-2022-42330[0]:
| Guests can cause Xenstore crash via soft reset When a guest issues a
| "Soft Reset" (e.g. for performing a kexec) the libxl based Xen
|
2023 Nov 26
2
Bug#1056928: xen: CVE-2023-46835 CVE-2023-46836
Source: xen
Version: 4.17.2+55-g0b56bed864-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: carnil at debian.org, Debian Security Team <team at security.debian.org>
Hi,
The following vulnerabilities were published for xen.
CVE-2023-46835[0]:
| x86/AMD: mismatch in IOMMU quarantine page table levels
CVE-2023-46836[1]:
| x86: BTC/SRSO fixes not fully effective
If you fix the
2017 Apr 04
4
Bug#859560: xen: CVE-2017-7228: x86: broken check in memory_exchange() permits PV guest breakout (XSA-212)
Source: xen
Version: 4.8.1~pre.2017.01.23-1
Severity: grave
Tags: security upstream
Justification: user security hole
Hi,
the following vulnerability was published for xen.
CVE-2017-7228[0]:
| An issue (known as XSA-212) was discovered in Xen, with fixes available
| for 4.8.x, 4.7.x, 4.6.x, 4.5.x, and 4.4.x. The earlier XSA-29 fix
| introduced an insufficient check on XENMEM_exchange input,
2017 Jul 17
2
Updated Xen packages for XSA 216..225
Salvatore Bonaccorso writes ("Re: Updated Xen packages for XSA 216..225"):
> On Tue, Jul 11, 2017 at 11:34:38PM +0200, Moritz Muehlenhoff wrote:
> > On Mon, Jul 03, 2017 at 12:33:54PM +0100, Ian Jackson wrote:
> > > Moritz M?hlenhoff writes ("Re: Updated Xen packages for XSA 216..225"):
> > > > Sorry for the late reply, was on vacation for a week.
2020 Jun 16
0
Fix build error with GCC 10 due to multiple definition of `toplevel'
Hi
When building with GCC 10, gcc is stricter in handling handling of
symbol clashes.
Fedora, has fixed this with a patch from Dominik Mierzejewski:
https://src.fedoraproject.org/rpms/tftp/c/5e2aa55b6802a52ef480d688b3ae4751220f20e0.patch
Attaching the corresponding patch for git am.
Regards,
Salvatore
>From 9e7641bf58df9dda3bc51f381f371fa7cbce47af Mon Sep 17 00:00:00 2001
From: Salvatore
2020 Sep 29
0
[PATCH RESEND] tftp-hpa: Fix build error with GCC 10 due to multiple definition of `toplevel'
Hi
When building with GCC 10, gcc is stricter in handling handling of
symbol clashes.
Fedora, has fixed this with a patch from Dominik Mierzejewski:
https://src.fedoraproject.org/rpms/tftp/c/5e2aa55b6802a52ef480d688b3ae4751220f20e0.patch
Attaching the corresponding patch for git am.
I'm sending the patch which was submitted a while ago to the list. Is
there something you wanted to be
2015 May 02
2
Bug#784011: xen: CVE-2015-3340: Information leak through XEN_DOMCTL_gettscinfo (XSA-132)
Source: xen
Version: 4.4.1-9
Severity: normal
Tags: security upstream patch fixed-upstream
Hi,
the following vulnerability was published for xen.
CVE-2015-3340[0]:
| Xen 4.2.x through 4.5.x does not initialize certain fields, which
| allows certain remote service domains to obtain sensitive information
| from memory via a (1) XEN_DOMCTL_gettscinfo or (2)
| XEN_SYSCTL_getdomaininfolist request.
2023 Mar 07
0
xen 4.17.0+46-gaaf74a532c-1 MIGRATED to testing
FYI: The status of the xen source package
in Debian's testing distribution has changed.
Previous version: 4.17.0+24-g2f8851c37f-2
Current version: 4.17.0+46-gaaf74a532c-1
--
This email is automatically generated once a day. As the installation of
new packages into testing happens multiple times a day you will receive
later changes on the next day.
See
2017 Sep 04
3
Updated Xen packages for XSA 216..225
On Mon, Aug 07, 2017 at 01:15:56PM +0200, Moritz Muehlenhoff wrote:
> On Mon, Jul 17, 2017 at 03:58:20PM +0100, Ian Jackson wrote:
> > Salvatore Bonaccorso writes ("Re: Updated Xen packages for XSA 216..225"):
> > > On Tue, Jul 11, 2017 at 11:34:38PM +0200, Moritz Muehlenhoff wrote:
> > > > On Mon, Jul 03, 2017 at 12:33:54PM +0100, Ian Jackson wrote:
>
2017 Jul 11
2
Updated Xen packages for XSA 216..225
On Mon, Jul 03, 2017 at 12:33:54PM +0100, Ian Jackson wrote:
> Moritz M?hlenhoff writes ("Re: Updated Xen packages for XSA 216..225"):
> > Sorry for the late reply, was on vacation for a week. What's the status
> > of jessie? Most of the XSAs seem to affect oldstable as well.
>
> Sorry, I forgot about them...
>
> I will see what I can do.
Did you look
2019 Jun 28
0
Are XSA-289, XSA-274/CVE-2018-14678 fixed ?
Looks like this never got a response from anyone.
On 6/25/19 10:15 AM, Yuriy Kohut wrote:
> Hello,
>
> Are XSA-289 and XSA-274/CVE-2018-14678 fixed with Xen recent 4.8, 4.10 and kernel 4.9.177 packages ?
XSA-289 is a tricky subject. In the end, it was effectively decided
that these patches were not recommended until they were reviewed again
and XSA-289 has no official list of flaws
Bug#784011: Bug#784011: xen: CVE-2015-3340: Information leak through XEN_DOMCTL_gettscinfo (XSA-132)
2015 May 02
0
Bug#784011: Bug#784011: xen: CVE-2015-3340: Information leak through XEN_DOMCTL_gettscinfo (XSA-132)
On Sat, May 02, 2015 at 07:04:34AM +0200, Salvatore Bonaccorso wrote:
> the following vulnerability was published for xen.
I consider this issue as unimportant. Not sure how I can mark it this
way in the security tracker.
Bastian
--
Knowledge, sir, should be free to all!
-- Harry Mudd, "I, Mudd", stardate 4513.3
2015 Mar 10
2
Bug#780227: XSA-123 / CVE-2015-2151 Hypervisor memory corruption due to x86 emulator flaw
Package: xen-hypervisor-4.1-amd64
Version: 4.1.4-3+deb7u4
Severity: critical
Hi,
Not sure how come I'm the first one to file this kind of a bug report :)
but here goes JFTR...
http://xenbits.xen.org/xsa/advisory-123.html was embargoed, but advance
warning was given to several big Xen VM farms, which led to e.g.
https://aws.amazon.com/premiumsupport/maintenance-2015-03/
2016 Apr 21
0
xen_4.4.1-9+deb8u5_allonly.changes ACCEPTED into proposed-updates->stable-new
Mapping stable-security to proposed-updates.
Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 19 Apr 2016 20:42:09 +0200
Source: xen
Binary: libxen-4.4 libxenstore3.0 libxen-dev xenstore-utils xen-utils-common xen-utils-4.4 xen-hypervisor-4.4-amd64 xen-system-amd64 xen-hypervisor-4.4-arm64 xen-system-arm64 xen-hypervisor-4.4-armhf xen-system-armhf
Architecture:
2016 Apr 22
0
xen_4.4.1-9+deb8u5_allonly.changes ACCEPTED into proposed-updates->stable-new, proposed-updates
Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 19 Apr 2016 20:42:09 +0200
Source: xen
Binary: libxen-4.4 libxenstore3.0 libxen-dev xenstore-utils xen-utils-common xen-utils-4.4 xen-hypervisor-4.4-amd64 xen-system-amd64 xen-hypervisor-4.4-arm64 xen-system-arm64 xen-hypervisor-4.4-armhf xen-system-armhf
Architecture: all source
Version: 4.4.1-9+deb8u5
2015 Nov 02
0
xen_4.4.1-9+deb8u2_multi.changes ACCEPTED into proposed-updates->stable-new
Mapping stable-security to proposed-updates.
Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 31 Oct 2015 06:53:56 +0100
Source: xen
Binary: libxen-4.4 libxenstore3.0 libxen-dev xenstore-utils xen-utils-common xen-utils-4.4 xen-hypervisor-4.4-amd64 xen-system-amd64 xen-hypervisor-4.4-arm64 xen-system-arm64 xen-hypervisor-4.4-armhf xen-system-armhf
Architecture:
2015 Nov 03
0
xen_4.4.1-9+deb8u2_multi.changes ACCEPTED into proposed-updates->stable-new, proposed-updates
Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 31 Oct 2015 06:53:56 +0100
Source: xen
Binary: libxen-4.4 libxenstore3.0 libxen-dev xenstore-utils xen-utils-common xen-utils-4.4 xen-hypervisor-4.4-amd64 xen-system-amd64 xen-hypervisor-4.4-arm64 xen-system-arm64 xen-hypervisor-4.4-armhf xen-system-armhf
Architecture: all source
Version: 4.4.1-9+deb8u2
2020 Nov 15
1
[PATCH] drm/nouveau: bail out of nouveau_channel_new if channel init fails
On Sun, Nov 15, 2020 at 6:43 PM Salvatore Bonaccorso <carnil at debian.org> wrote:
>
> Hi,
>
> On Fri, Aug 28, 2020 at 11:28:46AM +0200, Frantisek Hrbata wrote:
> > Unprivileged user can crash kernel by using DRM_IOCTL_NOUVEAU_CHANNEL_ALLOC
> > ioctl. This was reported by trinity[1] fuzzer.
> >
> > [ 71.073906] nouveau 0000:01:00.0: crashme[1329]:
2019 Jun 25
2
Are XSA-289, XSA-274/CVE-2018-14678 fixed ?
Hello,
Are XSA-289 and XSA-274/CVE-2018-14678 fixed with Xen recent 4.8, 4.10 and kernel 4.9.177 packages ?
Thank you