Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -1 articles for you...
100
security advisorymoderatesoftware updateSUSE: 2024:0934-1 Moderate Advisory for Xen Emulation Denial of Service
* bsc#1219885 Cross-References: * CVE-2023-46841 . # Security update for xen Announcement ID: SUSE-SU-2024:0934-1 Rating: moderate References: * bsc#1219885 Cross-References: * CVE-2023-46841 CVSS scores: * CVE-2023-46841 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 An update that solves one vulnerability can now be installed. ## Description: This update for xen fixes the following issues: * CVE-2023-46841: Fixed shadow stack vs exceptions from emulation stubs (XSA-451) (bsc#1219885). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2024-934=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2024-934=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2024-934=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2024-934=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2024-934=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2024-934=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2024-934=1 ## Package List: * openSUSE Leap 15.4 (aarch64 x86_64 i586) * xen-libs-4.16.5_14-150400.4.49.1 * xen-tools-domU-debuginfo-4.16.5_14-150400.4.49.1 * xen-libs-debuginfo-4.16.5_14-150400.4.49.1 * xen-devel-4.16.5_14-150400.4.49.1 * xen-debugsource-4.16.5_14-150400.4.49.1 * xen-tools-domU-4.16.5_14-150400.4.49.1 * openSUSE Leap 15.4 (x86_64) *xen-libs-32bit-4.16.5_14-150400.4.49.1 * xen-libs-32bit-debuginfo-4.16.5_14-150400.4.49.1 * openSUSE Leap 15.4 (aarch64 x86_64) * xen-tools-4.16.5_14-150400.4.49.1 * xen-4.16.5_14-150400.4.49.1 * xen-tools-debuginfo-4.16.5_14-150400.4.49.1 * xen-doc-html-4.16.5_14-150400.4.49.1 * openSUSE Leap 15.4 (noarch) * xen-tools-xendomains-wait-disk-4.16.5_14-150400.4.49.1 * openSUSE Leap 15.4 (aarch64_ilp32) * xen-libs-64bit-debuginfo-4.16.5_14-150400.4.49.1 * xen-libs-64bit-4.16.5_14-150400.4.49.1 * openSUSE Leap Micro 5.3 (x86_64) * xen-libs-4.16.5_14-150400.4.49.1 * xen-debugsource-4.16.5_14-150400.4.49.1 * xen-libs-debuginfo-4.16.5_14-150400.4.49.1 * openSUSE Leap Micro 5.4 (x86_64) * xen-libs-4.16.5_14-150400.4.49.1 * xen-debugsource-4.16.5_14-150400.4.49.1 * xen-libs-debuginfo-4.16.5_14-150400.4.49.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (x86_64) * xen-libs-4.16.5_14-150400.4.49.1 * xen-debugsource-4.16.5_14-150400.4.49.1 * xen-libs-debuginfo-4.16.5_14-150400.4.49.1 * SUSE Linux Enterprise Micro 5.3 (x86_64) * xen-libs-4.16.5_14-150400.4.49.1 * xen-debugsource-4.16.5_14-150400.4.49.1 * xen-libs-debuginfo-4.16.5_14-150400.4.49.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (x86_64) * xen-libs-4.16.5_14-150400.4.49.1 * xen-debugsource-4.16.5_14-150400.4.49.1 * xen-libs-debuginfo-4.16.5_14-150400.4.49.1 * SUSE Linux Enterprise Micro 5.4 (x86_64) * xen-libs-4.16.5_14-150400.4.49.1 * xen-debugsource-4.16.5_14-150400.4.49.1 * xen-libs-debuginfo-4.16.5_14-150400.4.49.1 ## References: * https://www.suse.com/security/cve/CVE-2023-46841.html * https://bugzilla.suse.com/show_bug.cgi?id=1219885 . Ubuntu releases a significant patch for KVM, tackling virtualization concerns and resolving CVE-2023-45732 across various editions.. SUSE Linux, Xen Software, Security Update, Vulnerability Management. . LinuxSecurity.com Team
Mar 22, 2024
SuSE
89
security advisoryfedoramoderate threatFedora 24: Xen Security Update 2016-bc02bff7f5 Moderate: Emulation Issues
two security flaws (#1406840) x86 PV guests may be able to mask interrupts [XSA-202, CVE-2016-10024] x86: missing NULL pointer check in VMFUNC emulation [XSA-203, CVE-2016-10025] x86: Mishandling of SYSCALL singlestep during emulation [XSA-204, CVE-2016-10013] (#1406260). -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2016-bc02bff7f5 2016-12-31 03:55:57.197028 -------------------------------------------------------------------------------- Name : xen Product : Fedora 24 Version : 4.6.4 Release : 5.fc24 URL : https://xenproject.org/ Summary : Xen is a virtual machine monitor Description : This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor -------------------------------------------------------------------------------- Update Information: two security flaws (#1406840) x86 PV guests may be able to mask interrupts [XSA-202, CVE-2016-10024] x86: missing NULL pointer check in VMFUNC emulation [XSA-203, CVE-2016-10025] x86: Mishandling of SYSCALL singlestep during emulation [XSA-204, CVE-2016-10013] (#1406260) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1402759 - CVE-2016-10025 xsa203 xen: x86: missing NULL pointer check in VMFUNC emulation (XSA-203) https://bugzilla.redhat.com/show_bug.cgi?id=1402759 [ 2 ] Bug #1402758 - CVE-2016-10024 xsa202 xen: x86 PV guests may be able to mask interrupts (XSA-202) https://bugzilla.redhat.com/show_bug.cgi?id=1402758 [ 3 ] Bug #1406259 - CVE-2016-10013 xen: x86: Mishandling of SYSCALL singlestep during emulation (XSA-204) https://bugzilla.redhat.com/show_bug.cgi?id=1406259 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade xen' at the command line. For more information, refer to the dnf documentationavailable at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Dec 31, 2016
•Important
Fedora
89
security advisoryFedoraxenFedora 25: 2016-92e3ea2d1b Critical: Xen Interrupt Modulation
two security flaws (#1406840) x86 PV guests may be able to mask interrupts [XSA-202, CVE-2016-10024] x86: missing NULL pointer check in VMFUNC emulation [XSA-203, CVE-2016-10025] x86: Mishandling of SYSCALL singlestep during emulation [XSA-204, CVE-2016-10013] (#1406260). -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2016-92e3ea2d1b 2016-12-27 15:10:28.239542 -------------------------------------------------------------------------------- Name : xen Product : Fedora 25 Version : 4.7.1 Release : 6.fc25 URL : https://xenproject.org/ Summary : Xen is a virtual machine monitor Description : This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor -------------------------------------------------------------------------------- Update Information: two security flaws (#1406840) x86 PV guests may be able to mask interrupts [XSA-202, CVE-2016-10024] x86: missing NULL pointer check in VMFUNC emulation [XSA-203, CVE-2016-10025] x86: Mishandling of SYSCALL singlestep during emulation [XSA-204, CVE-2016-10013] (#1406260) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1402759 - CVE-2016-10025 xsa203 xen: x86: missing NULL pointer check in VMFUNC emulation (XSA-203) https://bugzilla.redhat.com/show_bug.cgi?id=1402759 [ 2 ] Bug #1402758 - CVE-2016-10024 xsa202 xen: x86 PV guests may be able to mask interrupts (XSA-202) https://bugzilla.redhat.com/show_bug.cgi?id=1402758 [ 3 ] Bug #1406259 - CVE-2016-10013 xen: x86: Mishandling of SYSCALL singlestep during emulation (XSA-204) https://bugzilla.redhat.com/show_bug.cgi?id=1406259 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade xen' at the command line. For more information, refer to the dnf documentationavailable at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Dec 27, 2016
•Critical
Fedora
89
security advisoryfedoracriticalFedora 25 Xen Update ID 2016-1b868c23a9 Critical: Emulation Problem
x86 CMPXCHG8B emulation fails to ignore operand size override [XSA-200, CVE-2016-9932] (#1404262) ---- ARM guests may induce host asynchronous abort [XSA-201, CVE-2016-9815,. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2016-1b868c23a9 2016-12-19 21:12:01.494656 -------------------------------------------------------------------------------- Name : xen Product : Fedora 25 Version : 4.7.1 Release : 5.fc25 URL : https://xenproject.org/ Summary : Xen is a virtual machine monitor Description : This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor -------------------------------------------------------------------------------- Update Information: x86 CMPXCHG8B emulation fails to ignore operand size override [XSA-200, CVE-2016-9932] (#1404262) ---- ARM guests may induce host asynchronous abort [XSA-201, CVE-2016-9815, -------------------------------------------------------------------------------- References: [ 1 ] Bug #1399745 - CVE-2016-9932 xsa200 xen: x86 CMPXCHG8B emulation fails to ignore operand size override (XSA-200) https://bugzilla.redhat.com/show_bug.cgi?id=1399745 [ 2 ] Bug #1399746 - CVE-2016-9815 CVE-2016-9816 CVE-2016-9817 CVE-2016-9818 xsa201 xen: ARM guests may induce host asynchronous abort (XSA-201) https://bugzilla.redhat.com/show_bug.cgi?id=1399746 [ 3 ] Bug #1334398 - CVE-2016-9921 CVE-2016-9922 Qemu: display: cirrus_vga: a divide by zero in cirrus_do_copy https://bugzilla.redhat.com/show_bug.cgi?id=1334398 [ 4 ] Bug #1402276 - CVE-2016-9913 CVE-2016-9914 CVE-2016-9915 CVE-2016-9916 Qemu: 9pfs: memory leakage via proxy/handle callbacks https://bugzilla.redhat.com/show_bug.cgi?id=1402276 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade xen' at the commandline. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Dec 19, 2016
•Critical
Fedora
89
security advisorymoderatebuffer overflowFedora 23: 2015-2773b85b49 Moderate: QEMU Buffer Overflow Issues
* Fix SSE4 emulation with accel=tcg (bz #1270703) * CVE-2015-8345: Fix infinite loop in eepro100 (bz #1285214) * CVE-2015-7504: Fix heap overflow in pcnet (bz #1286543) * CVE-2015-7512: Fix buffer overflow in pcnet (bz #1286549). -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2015-2773b85b49 2015-12-17 04:36:18.190872 -------------------------------------------------------------------------------- Name : qemu Product : Fedora 23 Version : 2.4.1 Release : 2.fc23 URL : https://www.qemu.org/ Summary : QEMU is a FAST! processor emulator Description : QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system (for example a PC), including a processor and various peripherials. It can be used to launch different Operating Systems without rebooting the PC or to debug system code. * User mode emulation. In this mode, QEMU can launch Linux processes compiled for one CPU on another CPU. As QEMU requires no host kernel patches to run, it is safe and easy to use. -------------------------------------------------------------------------------- Update Information: * Fix SSE4 emulation with accel=tcg (bz #1270703) * CVE-2015-8345: Fix infinite loop in eepro100 (bz #1285214) * CVE-2015-7504: Fix heap overflow in pcnet (bz #1286543) * CVE-2015-7512: Fix buffer overflow in pcnet (bz #1286549) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1285213 - CVE-2015-8345 Qemu: net: eepro100: infinite loop in processing command block list https://bugzilla.redhat.com/show_bug.cgi?id=1285213 [ 2 ] Bug #1261461 - CVE-2015-7504 Qemu: net: pcnet: heap overflow vulnerability in pcnet_receive https://bugzilla.redhat.com/show_bug.cgi?id=1261461 [ 3 ] Bug #1285061 - CVE-2015-7512 Qemu: net: pcnet:buffer overflow in non-loopback mode https://bugzilla.redhat.com/show_bug.cgi?id=1285061 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update qemu' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list
Dec 17, 2015
•Important
Fedora
100
security advisorycriticalimportantSUSE: 2012:1203-2 Important: QEMU VT100 Emulation Security Issue
An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available.. SUSE Security Update: Security update for qemu ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1203-2 Rating: important References: #777084 Cross-References: CVE-2012-3515 Affected Products: SLE SDK 10 SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: The qemu vt100 emulation was affected by a problem where specific vt100 sequences could have been used by guest users to affect the host. (CVE-2012-3515 aka XSA-17). This has been fixed. Security Issue reference: * CVE-2012-3515 Package List: - SLE SDK 10 SP4 (i586 ia64 x86_64): qemu-0.8.2-37.14.1 References: https://www.suse.com/security/cve/CVE-2012-3515.html . Important SUSE patch for qemu resolves host vulnerability arising from vt100 emulation defect, guarantees operational reliability.. SUSE Update,qemu Security,SLE SDK 10 SP4,SUSE Important Update,hacking prevention. . Severity: Important. LinuxSecurity.com Team
Oct 25, 2012
•Important
SuSE
98
security advisoryprivilege escalationRed Hat Enterprise LinuxRed Hat Enterprise Linux: RHSA-2012:1236-01 Important Xen Emulation Issue
Updated xen packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Important: xen security update Advisory ID: RHSA-2012:1236-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2012:1236.html Issue date: 2012-09-05 CVE Names: CVE-2012-3515 ==================================================================== 1. Summary: Updated xen packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Multi OS (v. 5 client) - i386, x86_64 RHEL Virtualization (v. 5 server) - i386, ia64, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: The xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux. A flaw was found in the way QEMU handled VT100 terminal escape sequences when emulating certain character devices. A guest user with privileges to write to a character device that is emulated on the host using a virtual console back-end could use this flaw to crash the qemu process on the host or, possibly, escalate their privileges on the host. (CVE-2012-3515) This flaw did not affect the default use of the Xen hypervisor implementation in Red Hat Enterprise Linux 5. This problem onlyaffected fully-virtualized guests that have a serial or parallel device that uses a virtual console (vc) back-end. By default, the virtual console back-end is not used for such devices; only guests explicitly configured to use them in this way were affected. Red Hat would like to thank the Xen project for reporting this issue. All users of xen are advised to upgrade to these updated packages, which correct this issue. After installing the updated packages, all fully-virtualized guests must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 851252 - CVE-2012-3515 qemu: VT100 emulation vulnerability 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: i386: xen-debuginfo-3.0.3-135.el5_8.5.i386.rpm xen-libs-3.0.3-135.el5_8.5.i386.rpm x86_64: xen-debuginfo-3.0.3-135.el5_8.5.i386.rpm xen-debuginfo-3.0.3-135.el5_8.5.x86_64.rpm xen-libs-3.0.3-135.el5_8.5.i386.rpm xen-libs-3.0.3-135.el5_8.5.x86_64.rpm RHEL Desktop Multi OS (v. 5 client): Source: i386: xen-3.0.3-135.el5_8.5.i386.rpm xen-debuginfo-3.0.3-135.el5_8.5.i386.rpm xen-devel-3.0.3-135.el5_8.5.i386.rpm x86_64: xen-3.0.3-135.el5_8.5.x86_64.rpm xen-debuginfo-3.0.3-135.el5_8.5.i386.rpm xen-debuginfo-3.0.3-135.el5_8.5.x86_64.rpm xen-devel-3.0.3-135.el5_8.5.i386.rpm xen-devel-3.0.3-135.el5_8.5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: i386: xen-debuginfo-3.0.3-135.el5_8.5.i386.rpm xen-libs-3.0.3-135.el5_8.5.i386.rpm ia64: xen-debuginfo-3.0.3-135.el5_8.5.ia64.rpm xen-libs-3.0.3-135.el5_8.5.ia64.rpm x86_64: xen-debuginfo-3.0.3-135.el5_8.5.i386.rpm xen-debuginfo-3.0.3-135.el5_8.5.x86_64.rpm xen-libs-3.0.3-135.el5_8.5.i386.rpm xen-libs-3.0.3-135.el5_8.5.x86_64.rpm RHELVirtualization (v. 5 server): Source: i386: xen-3.0.3-135.el5_8.5.i386.rpm xen-debuginfo-3.0.3-135.el5_8.5.i386.rpm xen-devel-3.0.3-135.el5_8.5.i386.rpm ia64: xen-3.0.3-135.el5_8.5.ia64.rpm xen-debuginfo-3.0.3-135.el5_8.5.ia64.rpm xen-devel-3.0.3-135.el5_8.5.ia64.rpm x86_64: xen-3.0.3-135.el5_8.5.x86_64.rpm xen-debuginfo-3.0.3-135.el5_8.5.i386.rpm xen-debuginfo-3.0.3-135.el5_8.5.x86_64.rpm xen-devel-3.0.3-135.el5_8.5.i386.rpm xen-devel-3.0.3-135.el5_8.5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://access.redhat.com/security/cve/CVE-2012-3515 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQR4bxXlSAg2UNWIIRArHnAJ40hJ85kcaujeunn+Roj+BwjUikJwCgpkyl JvqfaaqHDVoBwoVvwe2RY3g=vXCr -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Sep 05, 2012
•Important
Red Hat
98
security advisoryRed Hat Enterprise Linuximportant updateRHEL 5: RHSA-2012:1236-01 Critical: Xen Emulation Flaw Issue
Updated xen packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having [More...]. ==================================================================== Red Hat Security Advisory Synopsis: Important: xen security update Advisory ID: RHSA-2012:1236-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2012:1236.html Issue date: 2012-09-05 CVE Names: CVE-2012-3515 ==================================================================== 1. Summary: Updated xen packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Multi OS (v. 5 client) - i386, x86_64 RHEL Virtualization (v. 5 server) - i386, ia64, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: The xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux. A flaw was found in the way QEMU handled VT100 terminal escape sequences when emulating certain character devices. A guest user with privileges to write to a character device that is emulated on the host using a virtual console back-end could use this flaw to crash the qemu process on the host or, possibly, escalate their privileges on the host. (CVE-2012-3515) This flaw did not affect the default use of the Xen hypervisor implementation in Red Hat Enterprise Linux 5. This problem only affected fully-virtualized guests that have a serial or parallel device that uses a virtual console (vc) back-end. By default,the virtual console back-end is not used for such devices; only guests explicitly configured to use them in this way were affected. Red Hat would like to thank the Xen project for reporting this issue. All users of xen are advised to upgrade to these updated packages, which correct this issue. After installing the updated packages, all fully-virtualized guests must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 851252 - CVE-2012-3515 qemu: VT100 emulation vulnerability 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: i386: xen-debuginfo-3.0.3-135.el5_8.5.i386.rpm xen-libs-3.0.3-135.el5_8.5.i386.rpm x86_64: xen-debuginfo-3.0.3-135.el5_8.5.i386.rpm xen-debuginfo-3.0.3-135.el5_8.5.x86_64.rpm xen-libs-3.0.3-135.el5_8.5.i386.rpm xen-libs-3.0.3-135.el5_8.5.x86_64.rpm RHEL Desktop Multi OS (v. 5 client): Source: i386: xen-3.0.3-135.el5_8.5.i386.rpm xen-debuginfo-3.0.3-135.el5_8.5.i386.rpm xen-devel-3.0.3-135.el5_8.5.i386.rpm x86_64: xen-3.0.3-135.el5_8.5.x86_64.rpm xen-debuginfo-3.0.3-135.el5_8.5.i386.rpm xen-debuginfo-3.0.3-135.el5_8.5.x86_64.rpm xen-devel-3.0.3-135.el5_8.5.i386.rpm xen-devel-3.0.3-135.el5_8.5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: i386: xen-debuginfo-3.0.3-135.el5_8.5.i386.rpm xen-libs-3.0.3-135.el5_8.5.i386.rpm ia64: xen-debuginfo-3.0.3-135.el5_8.5.ia64.rpm xen-libs-3.0.3-135.el5_8.5.ia64.rpm x86_64: xen-debuginfo-3.0.3-135.el5_8.5.i386.rpm xen-debuginfo-3.0.3-135.el5_8.5.x86_64.rpm xen-libs-3.0.3-135.el5_8.5.i386.rpm xen-libs-3.0.3-135.el5_8.5.x86_64.rpm RHEL Virtualization (v. 5server): Source: i386: xen-3.0.3-135.el5_8.5.i386.rpm xen-debuginfo-3.0.3-135.el5_8.5.i386.rpm xen-devel-3.0.3-135.el5_8.5.i386.rpm ia64: xen-3.0.3-135.el5_8.5.ia64.rpm xen-debuginfo-3.0.3-135.el5_8.5.ia64.rpm xen-devel-3.0.3-135.el5_8.5.ia64.rpm x86_64: xen-3.0.3-135.el5_8.5.x86_64.rpm xen-debuginfo-3.0.3-135.el5_8.5.i386.rpm xen-debuginfo-3.0.3-135.el5_8.5.x86_64.rpm xen-devel-3.0.3-135.el5_8.5.i386.rpm xen-devel-3.0.3-135.el5_8.5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://access.redhat.com/security/cve/CVE-2012-3515 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. . Keep abreast of vital security patches for Xen in Red Hat Enterprise Linux 5. Upgrade promptly to safeguard your infrastructure.. RHEL 5, xen security, emulation flaw, virtualization update, important advisory. . Severity: Important. LinuxSecurity.com Team
Sep 05, 2012
•Important
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!