Jan Beulich and Jann Horn discovered multiple vulnerabilities in the Xen
hypervisor, which may lead to privilege escalation, guest-to-host
breakout, denial of service or information leaks
In additional to the CVE identifiers listed above, this update also
addresses the vulnerabilities announced as XSA-213, XSA-214 and XSA-215
For the stable distr ...
Debian Bug report logs -
#845667
xen: CVE-2016-9384: guest 32-bit ELF symbol table load leaking host data
Package:
src:xen;
Maintainer for src:xen is Debian Xen Team <pkg-xen-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Fri, 25 Nov 2016 18:45:07 UTC
Severity: important
T ...
Debian Bug report logs -
#848081
xen: CVE-2016-9932: x86 CMPXCHG8B emulation fails to ignore operand size override
Package:
src:xen;
Maintainer for src:xen is Debian Xen Team <pkg-xen-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Tue, 13 Dec 2016 21:03:02 UTC
Severity: im ...
Debian Bug report logs -
#848713
xen: CVE-2016-10013: x86: Mishandling of SYSCALL singlestep during emulation
Package:
src:xen;
Maintainer for src:xen is Debian Xen Team <pkg-xen-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Mon, 19 Dec 2016 19:06:01 UTC
Severity: importa ...
Debian Bug report logs -
#861662
possible memory corruption via failsafe callback [XSA-215]
Package:
src:xen;
Maintainer for src:xen is Debian Xen Team <pkg-xen-devel@listsaliothdebianorg>;
Reported by: Ian Jackson <ianjackson@eucitrixcom>
Date: Tue, 2 May 2017 12:12:01 UTC
Severity: important
Tags: fixed-upst ...
Debian Bug report logs -
#859560
xen: CVE-2017-7228: x86: broken check in memory_exchange() permits PV guest breakout (XSA-212)
Package:
src:xen;
Maintainer for src:xen is Debian Xen Team <pkg-xen-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Tue, 4 Apr 2017 19:51:02 UTC
...
Debian Bug report logs -
#861659
64bit PV guest breakout [XSA-213]
Package:
src:xen;
Maintainer for src:xen is Debian Xen Team <pkg-xen-devel@listsaliothdebianorg>;
Reported by: Ian Jackson <ianjackson@eucitrixcom>
Date: Tue, 2 May 2017 12:03:05 UTC
Severity: important
Tags: fixed-upstream, security, upstream
...
Debian Bug report logs -
#861660
grant transfer allows PV guest to elevate privileges [XSA-214]
Package:
src:xen;
Maintainer for src:xen is Debian Xen Team <pkg-xen-devel@listsaliothdebianorg>;
Reported by: Ian Jackson <ianjackson@eucitrixcom>
Date: Tue, 2 May 2017 12:03:08 UTC
Severity: important
Tags: fixed- ...
Debian Bug report logs -
#845669
xen: CVE-2016-9377 CVE-2016-9378: x86 software interrupt injection mis-handled
Package:
src:xen;
Maintainer for src:xen is Debian Xen Team <pkg-xen-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Fri, 25 Nov 2016 18:54:01 UTC
Severity: impor ...
Description of Problem A number of security issues have been identified within Citrix XenServer The most significant of these issues could, if exploited, allow a malicious administrator of a 64-bit PV guest VM to compromise the host This issue has the identifier: CVE-2017-7228 (High): x86: broken check in memory_exchange() permits PV guest ...