Jan Beulich and Jann Horn discovered multiple vulnerabilities in the Xen
hypervisor, which may lead to privilege escalation, guest-to-host
breakout, denial of service or information leaks
In additional to the CVE identifiers listed above, this update also
addresses the vulnerabilities announced as XSA-213, XSA-214 and XSA-215
For the stable distr ...
Debian Bug report logs -
#861660
grant transfer allows PV guest to elevate privileges [XSA-214]
Package:
src:xen;
Maintainer for src:xen is Debian Xen Team <pkg-xen-devel@listsaliothdebianorg>;
Reported by: Ian Jackson <ianjackson@eucitrixcom>
Date: Tue, 2 May 2017 12:03:08 UTC
Severity: important
Tags: fixed- ...
Debian Bug report logs -
#845667
xen: CVE-2016-9384: guest 32-bit ELF symbol table load leaking host data
Package:
src:xen;
Maintainer for src:xen is Debian Xen Team <pkg-xen-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Fri, 25 Nov 2016 18:45:07 UTC
Severity: important
T ...
Debian Bug report logs -
#848081
xen: CVE-2016-9932: x86 CMPXCHG8B emulation fails to ignore operand size override
Package:
src:xen;
Maintainer for src:xen is Debian Xen Team <pkg-xen-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Tue, 13 Dec 2016 21:03:02 UTC
Severity: im ...
Debian Bug report logs -
#861662
possible memory corruption via failsafe callback [XSA-215]
Package:
src:xen;
Maintainer for src:xen is Debian Xen Team <pkg-xen-devel@listsaliothdebianorg>;
Reported by: Ian Jackson <ianjackson@eucitrixcom>
Date: Tue, 2 May 2017 12:12:01 UTC
Severity: important
Tags: fixed-upst ...
Debian Bug report logs -
#859560
xen: CVE-2017-7228: x86: broken check in memory_exchange() permits PV guest breakout (XSA-212)
Package:
src:xen;
Maintainer for src:xen is Debian Xen Team <pkg-xen-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Tue, 4 Apr 2017 19:51:02 UTC
...
Debian Bug report logs -
#861659
64bit PV guest breakout [XSA-213]
Package:
src:xen;
Maintainer for src:xen is Debian Xen Team <pkg-xen-devel@listsaliothdebianorg>;
Reported by: Ian Jackson <ianjackson@eucitrixcom>
Date: Tue, 2 May 2017 12:03:05 UTC
Severity: important
Tags: fixed-upstream, security, upstream
...
Debian Bug report logs -
#848713
xen: CVE-2016-10013: x86: Mishandling of SYSCALL singlestep during emulation
Package:
src:xen;
Maintainer for src:xen is Debian Xen Team <pkg-xen-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Mon, 19 Dec 2016 19:06:01 UTC
Severity: importa ...
Debian Bug report logs -
#845669
xen: CVE-2016-9377 CVE-2016-9378: x86 software interrupt injection mis-handled
Package:
src:xen;
Maintainer for src:xen is Debian Xen Team <pkg-xen-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Fri, 25 Nov 2016 18:54:01 UTC
Severity: impor ...
Description of Problem Security vulnerabilities have been identified in Citrix XenServer that may allow malicious code running within a guest VM to read a small part of hypervisor memory and allow privileged-mode code running within a guest VM to hang or crash the host These vulnerabilities affect all currently supported versions of Citrix XenServ ...