Download
| Alert*
|
oval:org.secpod.oval:def:118393
This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:118356 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:106451 xen is installed oval:org.secpod.oval:def:116109 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:112038 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:112361 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:112231 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:112530 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:112374 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:1800062 CVE-2017-8903, XSA-213: x86: 64bit PV guest breakout via pagetable use-after-mode-change Reference: CVE-2017-8904, XSA-214: grant transfer allows PV guest to elevate privileges oval:org.secpod.oval:def:1800328 CVE-2017-8903, XSA-213: x86: 64bit PV guest breakout via pagetable use-after-mode-change Reference: CVE-2017-8904, XSA-214: grant transfer allows PV guest to elevate privileges oval:org.secpod.oval:def:1800792 CVE-2017-8903, XSA-213: x86: 64bit PV guest breakout via pagetable use-after-mode-change Reference CVE-2017-8904, XSA-214: grant transfer allows PV guest to elevate privileges oval:org.secpod.oval:def:201468 The xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux. It was found that the xc_try_bzip2_decode and xc_try_lzma_decode decode routines did not correctly check for a possible buffer size overflow in the de ... oval:org.secpod.oval:def:500521 Xen is an open source virtualization framework. Virtualization allows users to run guest operating systems in virtual machines on top of a host operating system. The pyGrub boot loader did not honor the "password" option in the grub.conf file for para-virtualized guests. Users with access ... oval:org.secpod.oval:def:500648 The xen packages contain the Xen tools and management daemons needed to manage virtual machines running on Red Hat Enterprise Linux. Xen was found to allow unprivileged DomU domains to overwrite xenstore values which should only be changeable by the privileged Dom0 domain. An attacker controlling a ... oval:org.secpod.oval:def:201642 The xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux. It was found that the xc_try_bzip2_decode and xc_try_lzma_decode decode routines did not correctly check for a possible buffer size overflow in the de ... oval:org.secpod.oval:def:1800888 CVE-2016-7092, XSA-185: x86: Disallow L3 recursive pagetable for 32-bit PV guests. Reference: CVE-2016-7093, XSA-186: x86: Mishandling of instruction pointer truncation during emulation. Reference: CVE-2016-7094, XSA-187: x86 HVM: Overflow of sh_ctxt- oval:org.secpod.oval:def:1800022 xen is installed oval:org.secpod.oval:def:1800884 CVE-2016-10024, XSA-202: x86 PV guests may be able to mask interrupts. Reference: CVE-2016-10025, XSA-203: x86: missing NULL pointer check in VMFUNC emulation. Reference: CVE-2016-10013, XSA-204: x86: Mishandling of SYSCALL single step during emulation. Reference: oval:org.secpod.oval:def:1800764 CVE-2016-9932, XSA-200 : x86 CMPXCHG8B emulation fails to ignore operand size override Reference CVE-2016-9815, CVE-2016-9816, CVE-2016-9817, CVE-2016-9818, XSA-201: ARM guests may induce host asynchronous abort Reference: oval:org.secpod.oval:def:1800803 Xen 4.7.x and earlier does not properly honor CR0.TS and CR0.EM, which allows local x86 HVM guest OS users to read or modify FPU, MMX, or XMM register state information belonging to arbitrary tasks on the guest by modifying an instruction while the hypervisor is preparing to emulate it. Reference oval:org.secpod.oval:def:89045347 This update for xen fixes the following issues: - A Mishandling of SYSCALL singlestep during emulation which could have lead to privilege escalation. - CMPXCHG8B emulation failed to ignore operand size override which could have lead to information disclosure. - PV guests may have been able to mask ... oval:org.secpod.oval:def:89045332 This update for xen fixes the following issues: - A Mishandling of SYSCALL singlestep during emulation which could have lead to privilege escalation. - CMPXCHG8B emulation failed to ignore operand size override which could have lead to information disclosure. - PV guests may have been able to mask ... oval:org.secpod.oval:def:1800376 CVE-2016-10024, XSA-202: x86 PV guests may be able to mask interrupts Reference CVE-2016-10025, XSA-203: x86: missing NULL pointer check in VMFUNC emulation Reference CVE-2016-10013, XSA-204: x86: Mishandling of SYSCALL singlestep during emulation Reference oval:org.secpod.oval:def:121799 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:1800767 CVE-2017-14316, XSA-231: Missing NUMA node parameter verification oval:org.secpod.oval:def:1800021 CVE-2017-14316, XSA-231: Missing NUMA node parameter verification. oval:org.secpod.oval:def:1800168 CVE-2017-14316, XSA-231: Missing NUMA node parameter verification; oval:org.secpod.oval:def:118846 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:600838 Several vulnerabilities were discovered in Xen, a hypervisor. CVE-2012-0217 Xen does not properly handle uncanonical return addresses on Intel amd64 CPUs, allowing amd64 PV guests to elevate to hypervisor privileges. AMD processors, HVM and i386 guests are not affected. CVE-2012-0218 Xen does not pr ... oval:org.secpod.oval:def:105881 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:89003124 This update for xen fixes the following issues: Security vulnerabilities fixed: - CVE-2018-19961, CVE-2018-19962: Fixed an issue related to insufficient TLB flushing with AMD IOMMUs, which potentially allowed a guest to escalate its privileges, may cause a Denial of Service affecting the entire hos ... oval:org.secpod.oval:def:89044950 This update for xen fixes several issues. These security issues were fixed: - A malicious 64-bit PV guest may be able to access all of system memory, allowing for all of privilege escalation, host crashes, and information leaks by placing a IRET hypercall in the middle of a multicall batch - A mali ... oval:org.secpod.oval:def:89003238 This update for xen fixes the following issues: Security issues fixed: - Fixed multiple access violations introduced by XENMEM_exchange hypercall which could allow a single PV guest to leak arbitrary amounts of memory, leading to a denial of service . - Fixed an issue which could allow a malicious u ... oval:org.secpod.oval:def:600870 Several denial-of-service vulnerabilities have been discovered in Xen, the popular virtualization software. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2012-3432 Guest mode unprivileged code, which has been granted the privilege to access MMIO regions, may l ... oval:org.secpod.oval:def:600645 Several vulnerabilities were discovered in the Xen virtual machine hypervisor. CVE-2011-1166 A 64-bit guest can get one of its vCPU"ss into non-kernel mode without first providing a valid non-kernel pagetable, thereby locking up the host system. CVE-2011-1583, CVE-2011-3262 Local users can cause a d ... oval:org.secpod.oval:def:600884 Multiple denial of service vulnerabilities have been discovered in xen, an hypervisor. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2012-3494: It was discovered that set_debugreg allows writes to reserved bits of the DR7 debug control register on amd64 par ... oval:org.secpod.oval:def:117722 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:105989 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:202020 The xen packages contain the Xen tools and management daemons needed to manage virtual machines running on Red Hat Enterprise Linux. Xen was found to allow unprivileged DomU domains to overwrite xenstore values which should only be changeable by the privileged Dom0 domain. An attacker controlling a ... oval:org.secpod.oval:def:89003089 This update for xen fixes the following issues: - CVE-2019-19581: Fixed a potential out of bounds on 32-bit Arm . - CVE-2019-19582: Fixed a potential infinite loop when x86 accesses to bitmaps with a compile time known size of 64 . - CVE-2019-19583: Fixed improper checks which could have allowed HVM ... oval:org.secpod.oval:def:601304 xen is installed oval:org.secpod.oval:def:89044790 This update for xen fixes several issues. These security issues were fixed: - A malicious 64-bit PV guest may be able to access all of system memory, allowing for all of privilege escalation, host crashes, and information leaks by placing a IRET hypercall in the middle of a multicall batch - A mali ... oval:org.secpod.oval:def:105826 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:110369 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:110367 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:89044848 This update for xen to version 4.7.2 fixes the following issues: These security issues were fixed: - CVE-2017-7228: Broken check in memory_exchange permited PV guest breakout . - XSA-206: Unprivileged guests issuing writes to xenstore were able to stall progress of the control domain or driver domai ... oval:org.secpod.oval:def:89044731 This update for xen fixes several issues. These security issues were fixed: - CVE-2017-14316: Missing bound check in function `alloc_heap_pages` for an internal array allowed attackers using crafted hypercalls to execute arbitrary code within Xen - CVE-2017-14318: The function __gnttab_cache_flush ... oval:org.secpod.oval:def:111357 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:89044629 This update for xen fixes several issues. These security issues were fixed: - CVE-2017-12135: Unbounded recursion in grant table code allowed a malicious guest to crash the host or potentially escalate privileges/leak information . - CVE-2017-12137: Incorrectly-aligned updates to pagetables allowed ... oval:org.secpod.oval:def:110259 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:601006 Multiple vulnerabilities have been discovered in the Xen hypervisor. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-1917 The SYSENTER instruction can be used by PV guests to accelerate system call processing. This instruction, however, leaves the EFLAGS ... oval:org.secpod.oval:def:111678 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:110225 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:111677 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:111797 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:111316 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:111670 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:110584 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:202411 The xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux. A flaw was found in the way the pyGrub boot loader handled compressed kernel images. A privileged guest user in a para-virtualized guest could use th ... oval:org.secpod.oval:def:601013 Multiple vulnerabilities have been discovered in the Xen hypervisor. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-1918 Several long latency operations are not preemptible Some page table manipulation operations for PV guests were not made preemptible, ... oval:org.secpod.oval:def:202119 Xen is an open source virtualization framework. Virtualization allows users to run guest operating systems in virtual machines on top of a host operating system. The pyGrub boot loader did not honor the "password" option in the grub.conf file for para-virtualized guests. Users with access ... oval:org.secpod.oval:def:89044204 This update for xen fixes the following issues: - CVE-2020-28368: Intel RAPL sidechannel attack aka PLATYPUS attack - CVE-2021-3308: IRQ vector leak on x86 - CVE-2021-28687: HVM soft-reset crashes toolstack - L3: conring size for XEN HV"s with huge memory to small . - kdump of HVM fails, soft-res ... oval:org.secpod.oval:def:202105 The xen packages contain the Xen tools and management daemons needed to manage virtual machines running on Red Hat Enterprise Linux. Xen was found to allow unprivileged DomU domains to overwrite xenstore values which should only be changeable by the privileged Dom0 domain. An attacker controlling a ... oval:org.secpod.oval:def:202200 Xen is an open source virtualization framework. Virtualization allows users to run guest operating systems in virtual machines on top of a host operating system. The pyGrub boot loader did not honor the "password" option in the grub.conf file for para-virtualized guests. Users with access ... oval:org.secpod.oval:def:111822 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:89003328 This update for xen fixes the following issues: Security issues fixed: - Fixed an issue which could allow malicious PV guests may cause a host crash or gain access to data pertaining to other guests.Additionally, vulnerable configurations are likely to be unstable even in the absence of an attack . ... oval:org.secpod.oval:def:117695 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:89003436 This update for xen fixes the following issues: Security issues fixed: - Fixed an issue which could allow malicious PV guests may cause a host crash or gain access to data pertaining to other guests.Additionally, vulnerable configurations are likely to be unstable even in the absence of an attack . ... oval:org.secpod.oval:def:89045584 This update for xen fixes the following issues: Security issues fixed: - CVE-2021-28693: xen/arm: Boot modules are not scrubbed - CVE-2021-28692: xen: inappropriate x86 IOMMU timeout detection / handling - CVE-2021-0089: xen: Speculative Code Store Bypass - CVE-2021-28690: xen: x86: TSX Async Abo ... oval:org.secpod.oval:def:89003123 This update for xen fixes the following issues: - CVE-2019-15890: Fixed a use-after-free in SLiRP networking implementation of QEMU emulator which could have led to Denial of Service . - CVE-2019-12068: Fixed an issue in lsi which could lead to an infinite loop and denial of service . - CVE-2019-143 ... oval:org.secpod.oval:def:89003410 This update for xen fixes the following issues: - CVE-2019-15890: Fixed a use-after-free in SLiRP networking implementation of QEMU emulator which could have led to Denial of Service . - CVE-2019-12068: Fixed an issue in lsi which could lead to an infinite loop and denial of service . - CVE-2019-143 ... oval:org.secpod.oval:def:121819 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:111775 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:89044972 This update for xen fixes several issues: These security issues were fixed: - CVE-2017-5526: The ES1370 audio device emulation support was vulnerable to a memory leakage issue allowing a privileged user inside the guest to cause a DoS and/or potentially crash the Qemu process on the host - bsc#1061 ... oval:org.secpod.oval:def:110087 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:110121 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:1800519 CVE-2016-7092, XSA-185: x86: Disallow L3 recursive pagetable for 32-bit PV guests Reference CVE-2016-7093, XSA-186: x86: Mishandling of instruction pointer truncation during emulation Reference CVE-2016-7094, XSA-187: x86 HVM: Overflow of sh_ctxt- oval:org.secpod.oval:def:89045354 This update for xen fixes several issues. These security issues were fixed: - CVE-2016-7092: The get_page_from_l3e function in arch/x86/mm.c in Xen allowed local 32-bit PV guest OS administrators to gain host OS privileges via vectors related to L3 recursive pagetables - CVE-2016-7093: Xen allowed ... oval:org.secpod.oval:def:111587 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:111586 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:110640 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:110619 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:110447 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:110442 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:110604 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:110612 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:110318 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:110310 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:202439 The xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux. A flaw was found in the way QEMU handled VT100 terminal escape sequences when emulating certain character devices. A guest user with privileges to wri ... oval:org.secpod.oval:def:500106 The xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux. It was found that the xc_try_bzip2_decode and xc_try_lzma_decode decode routines did not correctly check for a possible buffer size overflow in the de ... oval:org.secpod.oval:def:89003055 This update for xen fixes the following issues: - CVE-2019-19581: Fixed a potential out of bounds on 32-bit Arm . - CVE-2019-19582: Fixed a potential infinite loop when x86 accesses to bitmaps with a compile time known size of 64 . - CVE-2019-19583: Fixed improper checks which could have allowed HVM ... oval:org.secpod.oval:def:3300382 SUSE Security Update: Security update for xen oval:org.secpod.oval:def:109991 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:109825 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:89045997 This update for xen fixes the following issues: - CVE-2022-23033: Fixed guest_physmap_remove_page not removing the p2m mappings. - CVE-2022-23034: Fixed possible DoS by a PV guest Xen while unmapping a grant. - CVE-2022-23035: Fixed insufficient cleanup of passed-through device IRQs. Special I ... oval:org.secpod.oval:def:89000441 This update for xen to version 4.12.2 fixes the following issues: Security issues fixed: - CVE-2020-11742: Bad continuation handling in GNTTABOP_copy . - CVE-2020-11740, CVE-2020-11741: xen: XSA-313 multiple xenoprof issues . - CVE-2020-11739: Missing memory barriers in read-write unlock paths . - C ... oval:org.secpod.oval:def:89000376 This update for xen fixes the following issues: Security issues fixed: - CVE-2020-11742: Bad continuation handling in GNTTABOP_copy . - CVE-2020-11740, CVE-2020-11741: xen: XSA-313 multiple xenoprof issues . - CVE-2020-11739: Missing memory barriers in read-write unlock paths . - CVE-2020-11743: Bad ... oval:org.secpod.oval:def:89050251 This update for xen fixes the following issues: Security issues fixed: - CVE-2020-11742: Bad continuation handling in GNTTABOP_copy . - CVE-2020-11740, CVE-2020-11741: xen: XSA-313 multiple xenoprof issues . - CVE-2020-11739: Missing memory barriers in read-write unlock paths . - CVE-2020-11743: Bad ... oval:org.secpod.oval:def:89050502 This update for xen fixes the following issues: - bsc#1174543 - secure boot related fixes - bsc#1172356 - Not able to hot-plug NIC via virt-manager, asks to attach on next reboot while it should be live attached oval:org.secpod.oval:def:89050334 This update for xen fixes the following issues: - bsc#1174543 - secure boot related fixes - bsc#1172356 - Not able to hot-plug NIC via virt-manager, asks to attach on next reboot while it should be live attached oval:org.secpod.oval:def:89050323 This update for xen fixes the following issues: - CVE-2020-25602: Fixed an issue where there was a crash when handling guest access to MSR_MISC_ENABLE was thrown - CVE-2020-25598: Added a missing unlock in XENMEM_acquire_resource error path - CVE-2020-25604: Fixed a race condition when migrating t ... oval:org.secpod.oval:def:89050392 This update for xen fixes the following issues: - CVE-2020-25602: Fixed an issue where there was a crash when handling guest access to MSR_MISC_ENABLE was thrown - CVE-2020-25598: Added a missing unlock in XENMEM_acquire_resource error path - CVE-2020-25604: Fixed a race condition when migrating t ... oval:org.secpod.oval:def:89050390 This update for xen fixes the following issues: Security issue fixed: - CVE-2020-28368: Fixed the Intel RAPL sidechannel attack, aka PLATYPUS attack, aka XSA-351 . Non-security issues fixed: - Updated to Xen 4.13.2 bug fix release . - Fixed a panic during MSI cleanup on AMD hardware . - Adjusted hel ... oval:org.secpod.oval:def:89050436 This update for xen fixes the following issues: Security issue fixed: - CVE-2020-28368: Fixed the Intel RAPL sidechannel attack, aka PLATYPUS attack, aka XSA-351 . Non-security issues fixed: - Updated to Xen 4.12.4 bug fix release . - Fixed a panic during MSI cleanup on AMD hardware . - Adjusted hel ... oval:org.secpod.oval:def:89050501 This update for xen fixes the following issues: - bsc#1178963 - VUL-0: xen: stack corruption from XSA-346 change oval:org.secpod.oval:def:89050349 This update for xen fixes the following issues: - bsc#1178963 - VUL-0: xen: stack corruption from XSA-346 change oval:org.secpod.oval:def:89050309 This update for xen fixes the following issues: - CVE-2020-29480: Fixed an issue which could have allowed leak of non-sensitive data to administrator guests . - CVE-2020-29481: Fixed an issue which could have allowd to new domains to inherit existing node permissions . - CVE-2020-29483: Fixed an iss ... oval:org.secpod.oval:def:89050336 This update for xen fixes the following issues: - CVE-2020-29480: Fixed an issue which could have allowed leak of non-sensitive data to administrator guests . - CVE-2020-29481: Fixed an issue which could have allowd to new domains to inherit existing node permissions . - CVE-2020-29483: Fixed an iss ... oval:org.secpod.oval:def:89050692 This update for xen fixes the following issues: - CVE-2019-19581: Fixed a potential out of bounds on 32-bit Arm . - CVE-2019-19582: Fixed a potential infinite loop when x86 accesses to bitmaps with a compile time known size of 64 . - CVE-2019-19583: Fixed improper checks which could have allowed HVM ... oval:org.secpod.oval:def:89050610 This update for xen fixes the following issues: - CVE-2019-19581: Fixed a potential out of bounds on 32-bit Arm . - CVE-2019-19582: Fixed a potential infinite loop when x86 accesses to bitmaps with a compile time known size of 64 . - CVE-2019-19583: Fixed improper checks which could have allowed HVM ... oval:org.secpod.oval:def:201469 The xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux. A buffer overflow flaw was found in the Xen hypervisor SCSI subsystem emulation. An unprivileged, local guest user could provide a large number of byt ... oval:org.secpod.oval:def:201494 The xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux. A buffer overflow flaw was found in the Xen hypervisor SCSI subsystem emulation. An unprivileged, local guest user could provide a large number of byt ... oval:org.secpod.oval:def:121549 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:120878 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:120877 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:120372 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:120368 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:89047117 This update for xen fixes the following issues: Update to Xen 4.13.3 general bug fix release . Security issues fixed: - CVE-2021-28693: xen/arm: Boot modules are not scrubbed - CVE-2021-28692: xen: inappropriate x86 IOMMU timeout detection / handling - CVE-2021-0089: xen: Speculative Code Store By ... oval:org.secpod.oval:def:119124 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:119074 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:119070 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:118752 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:118709 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:118485 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:118192 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:1802016 All Xen versions back to at least 3.2 are vulnerable. oval:org.secpod.oval:def:117447 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:1801307 CVE-2018-19961, CVE-2018-19962, XSA-275: insufficient TLB flushing / improper large page mappings with AMD IOMMUs oval:org.secpod.oval:def:116128 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:1800770 CVE-2016-9603, XSA-211: Cirrus VGA Heap overflow via display refresh oval:org.secpod.oval:def:113159 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:113292 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:113633 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:113085 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:111450 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:111449 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:125750 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:89046083 This update for xen fixes the following issues: - CVE-2022-23033: Fixed guest_physmap_remove_page not removing the p2m mappings. - CVE-2022-23034: Fixed possible DoS by a PV guest Xen while unmapping a grant. - CVE-2022-23035: Fixed insufficient cleanup of passed-through device IRQs. Special I ... oval:org.secpod.oval:def:89047502 This update for xen fixes the following issues: - CVE-2022-23033: Fixed guest_physmap_remove_page not removing the p2m mappings. - CVE-2022-23034: Fixed possible DoS by a PV guest Xen while unmapping a grant. - CVE-2022-23035: Fixed insufficient cleanup of passed-through device IRQs. Special I ... oval:org.secpod.oval:def:89046034 This update for xen fixes the following issues: - CVE-2022-23034: Fixed possible DoS by a PV guest Xen while unmapping a grant. - CVE-2022-23035: Fixed insufficient cleanup of passed-through device IRQs. Special Instructions and Notes: Please reboot the system after installing this update. oval:org.secpod.oval:def:89046052 This update for xen fixes the following issues: - CVE-2022-23033: Fixed guest_physmap_remove_page not removing the p2m mappings. - CVE-2022-23034: Fixed possible DoS by a PV guest Xen while unmapping a grant. - CVE-2022-23035: Fixed insufficient cleanup of passed-through device IRQs. Special I ... oval:org.secpod.oval:def:89047328 This update for xen fixes the following issues: - CVE-2021-28701: Fixed race condition in XENMAPSPACE_grant_table handling . - Upstream bug fixes oval:org.secpod.oval:def:500244 The xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux. A buffer overflow flaw was found in the Xen hypervisor SCSI subsystem emulation. An unprivileged, local guest user could provide a large number of byt ... oval:org.secpod.oval:def:600978 Multiple vulnerabilities have been discovered in the Xen hypervisor. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2012-4544 Insufficient validation of kernel or ramdisk sizes in the Xen PV domain builder could result in denial of service. CVE-2012-5511 Seve ... oval:org.secpod.oval:def:600982 Multiple vulnerabilities have been discovered in the Xen hypervisor. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2012-4544 Insufficient validation of kernel or ramdisk sizes in the Xen PV domain builder could result in denial of service. CVE-2012-5511 Seve ... oval:org.secpod.oval:def:500964 The xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux. A flaw was found in the way libxc, the Xen control library, handled excessively large kernel and ramdisk images when starting new guests. A privileged ... oval:org.secpod.oval:def:500860 The xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux. A flaw was found in the way the pyGrub boot loader handled compressed kernel images. A privileged guest user in a para-virtualized guest could use th ... oval:org.secpod.oval:def:202546 The xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux. A flaw was found in the way libxc, the Xen control library, handled excessively large kernel and ramdisk images when starting new guests. A privileged ... oval:org.secpod.oval:def:1500088 Updated xen packages that fix one security issue are now available forRed Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderatesecurity impact. A Common Vulnerability Scoring System base score,which gives a detailed severity rating, is available from th ... oval:org.secpod.oval:def:500883 The xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux. A flaw was found in the way QEMU handled VT100 terminal escape sequences when emulating certain character devices. A guest user with privileges to wri ... oval:org.secpod.oval:def:600923 Multiple denial of service vulnerabilities have been discovered in the xen hypervisor. One of the issue could even lead to privilege escalation from guest to host. Some of the recently published Xen Security Advisories are not fixed by this update and should be fixed in a future release. CVE-2011- ... oval:org.secpod.oval:def:1500045 Updated xen packages that fix one security issue are now available forRed Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available from ... oval:org.secpod.oval:def:106296 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:106058 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:106075 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:106070 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:106144 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:106387 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:106016 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:202573 The xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux. A flaw was found in the way QEMU emulated the e1000 network interface card when the host was configured to accept jumbo network frames, and a fully-vi ... oval:org.secpod.oval:def:500776 The xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux. A heap overflow flaw was found in the way QEMU emulated the e1000 network interface card. A privileged guest user in a virtual machine whose network i ... oval:org.secpod.oval:def:106340 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:106460 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:106450 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:501011 The xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux. A flaw was found in the way QEMU emulated the e1000 network interface card when the host was configured to accept jumbo network frames, and a fully-vi ... oval:org.secpod.oval:def:106361 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:106411 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:106202 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:106201 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:108802 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:204058 Xen is a virtual machine monitor Security Fix: * An out of bounds array access issue was found in the Xen virtual machine monitor, built with the QEMU ioport support. It could occur while doing ioport read/write operations, if guest was to supply a 32bit address parameter. A privileged guest user/pr ... oval:org.secpod.oval:def:108817 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:111172 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:1501012 The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified ... oval:org.secpod.oval:def:24038 The host is installed with xen through 3.0.3-142 and is prone to a denial of service vulnerability. A flaw is present in x86 emulator in xen, which does not properly ignore segment overrides for instructions with register operands. Successful exploitation allows local guest users to obtain sensitive ... oval:org.secpod.oval:def:501947 Xen is a virtual machine monitor Security Fix: * An out of bounds array access issue was found in the Xen virtual machine monitor, built with the QEMU ioport support. It could occur while doing ioport read/write operations, if guest was to supply a 32bit address parameter. A privileged guest user/pr ... oval:org.secpod.oval:def:109186 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:109188 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:89044725 This update for xen fixes several issues. These security issues were fixed: - CVE-2017-2620: In CIRRUS_BLTMODE_MEMSYSSRC mode the bitblit copy routine cirrus_bitblt_cputovideo failed to check the memory region, allowing for an out-of-bounds write that allows for privilege escalation . - CVE-2017-261 ... oval:org.secpod.oval:def:111201 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:1501242 The remote host is missing a patch containing a security fix, which affects the following package(s): xen oval:org.secpod.oval:def:111770 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:203769 The xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux. A heap buffer overflow flaw was found in the way QEMU"s NE2000 NIC emulation implementation handled certain packets received over the network. A privi ... oval:org.secpod.oval:def:89045342 xen was updated to version 4.7.1 to fix 17 security issues. These security issues were fixed: - CVE-2016-9637: ioport array overflow allowing a malicious guest administrator can escalate their privilege to that of the host . - CVE-2016-9386: x86 null segments were not always treated as unusable allo ... oval:org.secpod.oval:def:109568 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:203630 The xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux. An out-of-bounds memory access flaw was found in the way QEMU"s virtual Floppy Disk Controller handled FIFO buffer access while processing certain FD ... oval:org.secpod.oval:def:1800084 CVE: none assigned, XSA-207: memory leak when destroying guest without PT devices Reference: CVE-2017-2615, XSA-208: oob access in cirrus bitblt copy Reference: CVE-2017-2620, XSA-209: cirrus_bitblt_cputovideo does not check if memory region is safe Reference: oval:org.secpod.oval:def:109592 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:109347 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:109225 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:110577 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:111789 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:1800190 CVE-2016-4962, XSA-175: Unsanitised guest input in libxl device handling code. CVE-2016-4480, XSA-176: x86 software guest page walk PS bit handling flaw. CVE-2016-4963, XSA-178: Unsanitised driver domain input in libxl device handling. CVE-2016-3710 CVE-2016-3712, XSA-179: QEMU: Banked access to VGA ... oval:org.secpod.oval:def:109222 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:109223 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:108686 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:108203 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:89045300 This update for xen fixes several issues. These security issues were fixed: - CVE-2016-9637: ioport array overflow allowing a malicious guest administrator can escalate their privilege to that of the host - CVE-2016-9386: x86 null segments were not always treated as unusable allowing an unprivilege ... oval:org.secpod.oval:def:1800268 CVE-2016-3157, XSA-171: I/O port access privilege escalation in x86-64 Linux IRET and POPF do not modify EFLAGS.IOPL when executed by code at a privilege level other than zero. Since PV Xen guests run at privilege level 3 , to compensate for this the context switching of EFLAGS.IOPL requires the gue ... oval:org.secpod.oval:def:108681 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:109893 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:109402 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:109403 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:108319 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:110542 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:89045200 This update for xen fixes the several issues. These security issues were fixed: - CVE-2014-3672: The qemu implementation in libvirt Xen allowed local guest OS users to cause a denial of service by writing to stdout or stderr . - CVE-2016-3158: The xrstor function did not properly handle writes to t ... oval:org.secpod.oval:def:109311 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:109611 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:109614 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:108883 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:109722 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:108879 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:1800696 CVE-2016-9386, XSA-191: x86 null segments not always treated as unusable Reference CVE-2016-9382, XSA-192: x86 task switch to VM86 mode mis-handled Reference CVE-2016-9385, XSA-193: x86 segment base write emulation lacking canonical address checks Reference CVE-2016-9384, XSA-194: guest 32-bit ELF s ... oval:org.secpod.oval:def:1501705 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:108546 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:109629 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:1800477 CVE-2016-9932, XSA-200 : x86 CMPXCHG8B emulation fails to ignore operand size override Reference: oval:org.secpod.oval:def:109620 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:501563 The xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux. An out-of-bounds memory access flaw was found in the way QEMU"s virtual Floppy Disk Controller handled FIFO buffer access while processing certain FD ... oval:org.secpod.oval:def:1800664 Xen 4.7.x and earlier does not properly honor CR0.TS and CR0.EM, which allows local x86 HVM guest OS users to read or modify FPU, MMX, or XMM register state information belonging to arbitrary tasks on the guest by modifying an instruction while the hypervisor is preparing to emulate it. Reference: oval:org.secpod.oval:def:1800306 CVE-2016-9386, XSA-191: x86 null segments not always treated as unusable. Reference: CVE-2016-9382, XSA-192: x86 task switch to VM86 mode mis-handled. Reference: CVE-2016-9385, XSA-193: x86 segment base write emulation lacking canonical address checks. Reference: CVE-2016-9383, XSA-195: x86 64-bit b ... oval:org.secpod.oval:def:501691 The xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux. A heap buffer overflow flaw was found in the way QEMU"s NE2000 NIC emulation implementation handled certain packets received over the network. A privi ... oval:org.secpod.oval:def:109702 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:400618 This update for xen to version 4.5.3 fixes the several issues. These security issues were fixed: - CVE-2016-6258: Potential privilege escalation in PV guests . - CVE-2016-6259: Missing SMAP whitelisting in 32-bit exception / event delivery . - CVE-2016-5337: The megasas_ctrl_get_info function allo ... oval:org.secpod.oval:def:89047762 This update for xen fixes the following issues: - CVE-2022-26362: Fixed race condition in typeref acquisition - CVE-2022-26363, CVE-2022-26364: Fixed insufficient care with non-coherent mappings Special Instructions and Notes: Please reboot the system after installing this update. oval:org.secpod.oval:def:107711 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:107613 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:107978 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:106943 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:106944 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:106810 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:106819 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:108073 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:108048 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:107155 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:107156 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:107149 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:107351 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:108320 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:107361 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:107123 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:108543 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:107994 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:112184 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:1800620 CVE: none assigned, XSA-207: memory leak when destroying guest without PT devices Reference CVE-2017-2615, XSA-208: oob access in cirrus bitblt copy Reference CVE-2017-2620, XSA-209: cirrus_bitblt_cputovideo does not check if memory region is safe Reference oval:org.secpod.oval:def:112075 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:112022 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:112125 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:112118 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:1800650 CVE: none assigned, XSA-207: memory leak when destroying guest without PT devices Reference: CVE-2017-2615, XSA-208: oob access in cirrus bitblt copy Reference: CVE-2017-2620, XSA-209: cirrus_bitblt_cputovideo does not check if memory region is safe oval:org.secpod.oval:def:112261 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:112235 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:1800876 CVE-2017-10911, XSA-216: blkif responses leak backend stack data Reference CVE-2017-10912, XSA-217: page transfer may allow PV guest to elevate privilege Reference CVE-2017-10913, CVE-2017-10914, XSA-218: Races in the grant table unmap code Reference CVE-2017-10915, XSA-219: x86: insufficient refere ... oval:org.secpod.oval:def:1800702 CVE-2017-10911, XSA-216: blkif responses leak backend stack data Reference:¶ CVE-2017-10912, XSA-217: page transfer may allow PV guest to elevate privilege Reference:¶ CVE-2017-10913, CVE-2017-10914, XSA-218: Races in the grant table unmap code Reference:¶ CVE-2017-10915, XSA-219: x86 ... oval:org.secpod.oval:def:112592 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:1800095 CVE-2017-10911, XSA-216: blkif responses leak backend stack data Reference: CVE-2017-10912, XSA-217: page transfer may allow PV guest to elevate privilege Reference: CVE-2017-10913, CVE-2017-10914, XSA-218: Races in the grant table unmap code Reference: CVE-2017-10915, XSA-219: x86: insufficient ref ... oval:org.secpod.oval:def:1800143 CVE-2017-10911, XSA-216: blkif responses leak backend stack data Reference: CVE-2017-10912, XSA-217: page transfer may allow PV guest to elevate privilege Reference: CVE-2017-10913, CVE-2017-10914, XSA-218: Races in the grant table unmap code Reference: CVE-2017-10915, XSA-219: x86: insufficient ref ... oval:org.secpod.oval:def:89051000 This update for xen fixes the following issues: * CVE-2023-34323: Fixed a potential crash in C Xenstored due to an incorrect assertion . * CVE-2023-34326: Fixed a missing IOMMU TLB flush on x86 AMD systems with IOMMU hardware and PCI passthrough enabled . * CVE-2023-34325: Fixed multiple parsing i ... oval:org.secpod.oval:def:89051001 This update for xen fixes the following issues: * CVE-2023-34323: Fixed a potential crash in C Xenstored due to an incorrect assertion . * CVE-2023-34326: Fixed a missing IOMMU TLB flush on x86 AMD systems with IOMMU hardware and PCI passthrough enabled . * CVE-2023-34325: Fixed multiple parsing i ... oval:org.secpod.oval:def:89051004 This update for xen fixes the following issues: * CVE-2023-34323: Fixed a potential crash in C Xenstored due to an incorrect assertion . * CVE-2023-34326: Fixed a missing IOMMU TLB flush on x86 AMD systems with IOMMU hardware and PCI passthrough enabled . * CVE-2023-34325: Fixed multiple parsing i ... oval:org.secpod.oval:def:89051002 This update for xen fixes the following issues: * CVE-2023-34323: Fixed a potential crash in C Xenstored due to an incorrect assertion . * CVE-2023-34326: Fixed a missing IOMMU TLB flush on x86 AMD systems with IOMMU hardware and PCI passthrough enabled . * CVE-2023-34325: Fixed multiple parsing i ... oval:org.secpod.oval:def:3301451 Security update for xen oval:org.secpod.oval:def:89050950 This update for xen fixes the following issues: * CVE-2023-34323: A transaction conflict can crash C Xenstored * CVE-2023-34326: Missing IOMMU TLB flushing * CVE-2023-34325: Multiple vulnerabilities in libfsimage disk handling * CVE-2023-34327: Debug Mask handling * CVE-2023-34328: Debug Mask ha ... oval:org.secpod.oval:def:89050956 This update for xen fixes the following issues: * CVE-2023-34323: A transaction conflict can crash C Xenstored * CVE-2023-34326: Missing IOMMU TLB flushing * CVE-2023-34325: Multiple vulnerabilities in libfsimage disk handling * CVE-2023-34327: Debug Mask handling * CVE-2023-34328: Debug Mask ha ... oval:org.secpod.oval:def:89051117 This update for xen fixes the following issues: * CVE-2023-46835: x86/AMD: mismatch in IOMMU quarantine page table levels . * CVE-2023-46836: x86: BTC/SRSO fixes not fully effective . ## Special Instructions and Notes: * Please reboot the system after installing this update. oval:org.secpod.oval:def:89051126 This update for xen fixes the following issues: * CVE-2023-46835: x86/AMD: mismatch in IOMMU quarantine page table levels . * CVE-2023-46836: x86: BTC/SRSO fixes not fully effective . ## Special Instructions and Notes: * Please reboot the system after installing this update. oval:org.secpod.oval:def:89051129 This update for xen fixes the following issues: * CVE-2023-46835: x86/AMD: mismatch in IOMMU quarantine page table levels . * CVE-2023-46836: x86: BTC/SRSO fixes not fully effective . ## Special Instructions and Notes: * Please reboot the system after installing this update. oval:org.secpod.oval:def:89051123 This update for xen fixes the following issues: * CVE-2023-46835: x86/AMD: mismatch in IOMMU quarantine page table levels . * CVE-2023-46836: x86: BTC/SRSO fixes not fully effective . ## Special Instructions and Notes: * Please reboot the system after installing this update. oval:org.secpod.oval:def:89051290 This update for xen fixes the following issues: * CVE-2023-46836: Fixed BTC/SRSO fixes not fully effective . * CVE-2023-46835: Fixed mismatch in IOMMU quarantine page table levels on x86/AMD . Update to Xen 4.17.3 bug fix release . oval:org.secpod.oval:def:113395 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:89044810 This update for xen fixes several issues. These security issues were fixed: - blkif responses leaked backend stack data, which allowed unprivileged guest to obtain sensitive information from the host or other guests - Page transfer might have allowed PV guest to elevate privilege - Races in the gr ... oval:org.secpod.oval:def:113392 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:114360 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:89003136 This update for xen fixes the following issues: - Update to Xen 4.11.1 bug fix release - CVE-2018-17963: Fixed an integer overflow issue in the QEMU emulator, which could occur when a packet with large packet size is processed. A user inside a guest could have used this flaw to crash the qemu proce ... oval:org.secpod.oval:def:115440 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:89044920 This update for xen fixes several issues: These security issues were fixed: - CVE-2017-5526: The ES1370 audio device emulation support was vulnerable to a memory leakage issue allowing a privileged user inside the guest to cause a DoS and/or potentially crash the Qemu process on the host - CVE-2017 ... oval:org.secpod.oval:def:89003121 This update for xen fixes the following issues: Security vulnerabilities fixed: - CVE-2018-19961, CVE-2018-19962: Fixed an issue related to insufficient TLB flushing with AMD IOMMUs, which potentially allowed a guest to escalate its privileges, may cause a Denial of Service affecting the entire hos ... oval:org.secpod.oval:def:113164 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:114329 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:113115 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:113590 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:1800942 CVE-2018-7540, XSA-252: DoS via non-preemptable L3/L4 pagetable freeing All Xen versions are vulnerable. oval:org.secpod.oval:def:1800929 CVE-2018-7540, XSA-252: DoS via non-preemptable L3/L4 pagetable freeing All Xen versions are vulnerable. oval:org.secpod.oval:def:1800934 CVE-2018-7540, XSA-252: DoS via non-preemptable L3/L4 pagetable freeing All Xen versions are vulnerable. oval:org.secpod.oval:def:1800948 CVE-2018-7540, XSA-252: DoS via non-preemptable L3/L4 pagetable freeing All Xen versions are vulnerable. oval:org.secpod.oval:def:115425 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:113485 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:89044655 This update for xen fixes several issues: These security issues were fixed: - CVE-2017-5526: The ES1370 audio device emulation support was vulnerable to a memory leakage issue allowing a privileged user inside the guest to cause a DoS and/or potentially crash the Qemu process on the host - CVE-2017 ... oval:org.secpod.oval:def:89044654 This update for xen to version 4.9.1 fixes several issues. This new feature was added: - Support migration of HVM domains larger than 1 TB These security issues were fixed: - bsc#1068187: Failure to recognize errors in the Populate on Demand code allowed for DoS - bsc#1068191: Missing p2m error c ... oval:org.secpod.oval:def:113428 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:89044765 This update for xen fixes several issues. These security issues were fixed: - CVE-2017-12135: Unbounded recursion in grant table code allowed a malicious guest to crash the host or potentially escalate privileges/leak information . - CVE-2017-12137: Incorrectly-aligned updates to pagetables allowed ... oval:org.secpod.oval:def:89044880 This update for xen fixes several issues. These security issues were fixed: - bsc#1068187: Failure to recognize errors in the Populate on Demand code allowed for DoS - bsc#1068191: Missing p2m error checking in PoD code allowed unprivileged guests to retain a writable mapping of freed memory leadi ... oval:org.secpod.oval:def:114424 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:89044673 This update for xen fixes the following issues: These security issues were fixed: - CVE-2017-7228: Broken check in memory_exchange permited PV guest breakout . - XSA-206: Unprivileged guests issuing writes to xenstore were able to stall progress of the control domain or driver domain, possibly leadi ... oval:org.secpod.oval:def:1800921 CVE-2017-17044, XSA-246: x86: infinite loop due to missing PoD error checking Xen versions from 3.4.x onwards are affected. oval:org.secpod.oval:def:113441 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:113516 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:113638 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:113639 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:114729 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:113748 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:113629 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:113779 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:113839 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:1800251 CVE-2017-17044, XSA-246: x86: infinite loop due to missing PoD error checking Xen versions from 3.4.x onwards are affected. oval:org.secpod.oval:def:113807 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:1801311 CVE-2018-19961, CVE-2018-19962, XSA-275: insufficient TLB flushing / improper large page mappings with AMD IOMMUs oval:org.secpod.oval:def:1801312 CVE-2018-19961, CVE-2018-19962, XSA-275: insufficient TLB flushing / improper large page mappings with AMD IOMMUs oval:org.secpod.oval:def:1800459 CVE-2017-17044, XSA-246: x86: infinite loop due to missing PoD error checking Xen versions from 3.4.x onwards are affected. oval:org.secpod.oval:def:114096 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:114168 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:89002355 This update for xen fixes the following issues: Security issues fixed: - CVE-2018-18849: Fixed an out of bounds memory access issue was found in the LSI53C895A SCSI Host Bus Adapter emulation while writing a message in lsi_do_msgin . - CVE-2018-18883: Fixed a NULL pointer dereference that could have ... oval:org.secpod.oval:def:113095 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:115029 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:89045570 This update for xen fixes the following issues: Security issues fixed: - CVE-2021-28693: xen/arm: Boot modules are not scrubbed - CVE-2021-28692: xen: inappropriate x86 IOMMU timeout detection / handling - CVE-2021-0089: xen: Speculative Code Store Bypass - CVE-2021-28690: xen: x86: TSX Async Abo ... oval:org.secpod.oval:def:89049017 This update for xen fixes the following issues: Security fixes: * CVE-2022-42336: Fix an issue where guests configuring AMD Speculative Store Bypass Disable would have no effect . * CVE-2022-42335: Fixed an issue where guests running under shadow mode with a PCI devices passed through could force t ... oval:org.secpod.oval:def:125505 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:125259 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:89048638 This update for xen fixes the following issues: * CVE-2022-42332: Fixed use-after-free in x86 shadow plus log-dirty mode . * CVE-2022-42333,CVE-2022-42334: Fixed x86/HVM pinned cache attributes mis- handling . * CVE-2022-42331: Fixed speculative vulnerability in 32bit SYSCALL path on x86 . ## Specia ... oval:org.secpod.oval:def:89048633 This update for xen fixes the following issues: * CVE-2022-42332: Fixed use-after-free in x86 shadow plus log-dirty mode . * CVE-2022-42333,CVE-2022-42334: Fixed x86/HVM pinned cache attributes mis- handling . * CVE-2022-42331: Fixed speculative vulnerability in 32bit SYSCALL path on x86 . ## Specia ... oval:org.secpod.oval:def:89048508 This update for xen fixes the following issues: * CVE-2022-42332: Fixed use-after-free in x86 shadow plus log-dirty mode . * CVE-2022-42333,CVE-2022-42334: Fixed x86/HVM pinned cache attributes mis- handling . * CVE-2022-42331: Fixed speculative vulnerability in 32bit SYSCALL path on x86 . ## Specia ... oval:org.secpod.oval:def:89048622 This update for xen fixes the following issues: * CVE-2022-42332: Fixed use-after-free in x86 shadow plus log-dirty mode . * CVE-2022-42333,CVE-2022-42334: Fixed x86/HVM pinned cache attributes mis- handling . * CVE-2022-42331: Fixed speculative vulnerability in 32bit SYSCALL path on x86 . ## Specia ... oval:org.secpod.oval:def:89048478 This update for xen fixes the following issues: * CVE-2022-42332: Fixed use-after-free in x86 shadow plus log-dirty mode . * CVE-2022-42331: Fixed speculative vulnerability in 32bit SYSCALL path on x86 . ## Special Instructions and Notes: * Please reboot the system after installing this update. oval:org.secpod.oval:def:89048652 This update for xen fixes the following issues: * CVE-2022-42332: Fixed use-after-free in x86 shadow plus log-dirty mode . * CVE-2022-42333,CVE-2022-42334: Fixed x86/HVM pinned cache attributes mis- handling . * CVE-2022-42331: Fixed speculative vulnerability in 32bit SYSCALL path on x86 . ## Specia ... oval:org.secpod.oval:def:89048647 This update for xen fixes the following issues: * CVE-2022-42332: Fixed use-after-free in x86 shadow plus log-dirty mode . * CVE-2022-42333,CVE-2022-42334: Fixed x86/HVM pinned cache attributes mis- handling . * CVE-2022-42331: Fixed speculative vulnerability in 32bit SYSCALL path on x86 . ## Specia ... oval:org.secpod.oval:def:89048175 This update for xen fixes the following issues: - CVE-2022-23824: Fixed multiple speculative security issues . Special Instructions and Notes: Please reboot the system after installing this update. oval:org.secpod.oval:def:89048191 This update for xen fixes the following issues: - CVE-2022-23824: Fixed multiple speculative execution issues . Special Instructions and Notes: Please reboot the system after installing this update. oval:org.secpod.oval:def:89048184 This update for xen fixes the following issues: - CVE-2022-23824: Fixed multiple speculative execution issues . Non-security fixes: - Updated to version 4.16.3 . Special Instructions and Notes: Please reboot the system after installing this update. oval:org.secpod.oval:def:89048183 This update for xen fixes the following issues: - CVE-2022-23824: Fixed multiple speculative execution issues . Special Instructions and Notes: Please reboot the system after installing this update. oval:org.secpod.oval:def:124492 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:89048158 This update for xen fixes the following issues: - CVE-2022-23824: Fixed multiple speculative execution issues . Special Instructions and Notes: Please reboot the system after installing this update. oval:org.secpod.oval:def:3300319 SUSE Security Update: Security update for xen oval:org.secpod.oval:def:89048202 This update for xen fixes the following issues: - CVE-2022-23824: Fixed multiple speculative security issues . Special Instructions and Notes: Please reboot the system after installing this update. oval:org.secpod.oval:def:89048592 This update for xen fixes the following issues: * CVE-2022-23824: Fixed multiple speculative execution issues . ## Special Instructions and Notes: * Please reboot the system after installing this update. oval:org.secpod.oval:def:88426 Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in privilege escalation, denial of service or information leaks. oval:org.secpod.oval:def:89048019 This update for xen fixes the following issues: - CVE-2022-42311, CVE-2022-42312, CVE-2022-42313, CVE-2022-42314, CVE-2022-42315, CVE-2022-42316, CVE-2022-42317, CVE-2022-42318: xen: Xenstore: Guests can let xenstored run out of memory - CVE-2022-42309: xen: Xenstore: Guests can crash xenstored - ... oval:org.secpod.oval:def:3300719 SUSE Security Update: Security update for xen oval:org.secpod.oval:def:3301235 SUSE Security Update: Security update for xen oval:org.secpod.oval:def:89047778 This update for xen fixes the following issues: Updated to version 4.16.2 : - CVE-2022-33746: Fixed DoS due to excessively long P2M pool freeing . - CVE-2022-33748: Fixed DoS due to race in locking . Bugfixes: - Fixed Xen DomU unable to emulate audio device . - Fixed logic error in built-in default ... oval:org.secpod.oval:def:85652 Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in privilege escalation, denial of service or information leaks. oval:org.secpod.oval:def:121247 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:89047269 This update for xen fixes the following issues: - CVE-2021-28702: Fixed PCI devices with RMRRs not deassigned correctly . - CVE-2021-28704, CVE-2021-28707, CVE-2021-28708: Fixed PoD operations on misaligned GFNs . - CVE-2021-28705, CVE-2021-28709: Fixed issues with partially successful P2M updates ... oval:org.secpod.oval:def:3302205 Security update for xen oval:org.secpod.oval:def:109978 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:109737 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:109752 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:127175 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:127171 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:89048515 This update for xen fixes the following issues: * CVE-2022-27672: Fixed speculative execution vulnerability due to RAS being dynamically partitioned between non-idle threads . Bugfixes: * Fixed launch-xenstore error * Fixed issues in VMX . oval:org.secpod.oval:def:89047807 This update for xen fixes the following issues: - CVE-2022-26363, CVE-2022-26364: Fixed insufficient care with non-coherent mappings . - CVE-2022-21123, CVE-2022-21125, CVE-2022-21166: Fixed MMIO stale data vulnerabilities on x86 . - CVE-2022-26362: Fixed a race condition in typeref acquisition . ... oval:org.secpod.oval:def:89047764 This update for xen fixes the following issues: - CVE-2022-33746: Fixed DoS due to excessively long P2M pool freeing . - CVE-2022-33748: Fixed DoS due to race in locking . - CVE-2022-26365: Fixed issue where Linux Block and Network PV device frontends don"t zero memory regions before sharing them wi ... oval:org.secpod.oval:def:89047686 This update for xen fixes the following issues: - CVE-2022-26365: Fixed issue where Linux Block and Network PV device frontends don"t zero memory regions before sharing them with the backend . - CVE-2022-33740: Fixed issue where Linux Block and Network PV device frontends don"t zero memory regions b ... oval:org.secpod.oval:def:3300868 SUSE Security Update: Security update for xen oval:org.secpod.oval:def:89047467 This update for xen fixes the following issues: - CVE-2022-26363, CVE-2022-26364: Fixed insufficient care with non-coherent mappings . - CVE-2022-21123, CVE-2022-21125, CVE-2022-21166: Fixed MMIO stale data vulnerabilities on x86 . - CVE-2022-26362: Fixed a race condition in typeref acquisition . ... oval:org.secpod.oval:def:89047553 This update for xen fixes the following issues: Update Xen to version 4.14.4 Transient execution side-channel attacks attacking the Branch History Buffer , named 'Branch Target Injection' and 'Intra-Mode Branch History Injection' are now mitigated. Security issues fixed: - CVE-2022-0001, CVE-2022-0 ... oval:org.secpod.oval:def:89047343 This update for xen fixes the following issues: - CVE-2022-26358, CVE-2022-26359, CVE-2022-26360, CVE-2022-26361: Fixed IOMMU: RMRR and unity map handling issues - CVE-2022-26362: Fixed race condition in typeref acquisition - CVE-2022-26363, CVE-2022-26364: Fixed insufficient care with non-cohe ... oval:org.secpod.oval:def:89047579 This update for xen fixes the following issues: - CVE-2022-26356: Fixed potential race conditions in dirty memory tracking that could cause a denial of service in the host . - CVE-2022-26357: Fixed a potential race condition in memory cleanup for hosts using VT-d IOMMU hardware, which could lead to ... oval:org.secpod.oval:def:88346 Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in privilege escalation, denial of service or information leaks. oval:org.secpod.oval:def:89050241 This update for xen to version 4.12.3 fixes the following issues: - CVE-2020-0543: Fixed a side channel attack against special registers which could have resulted in leaking of read values to cores other than the one which called it. This attack is known as Special Register Buffer Data Sampling or ... oval:org.secpod.oval:def:89000092 This update for xen to version 4.11.4 fixes the following issues: - CVE-2020-0543: Fixed a side channel attack against special registers which could have resulted in leaking of read values to cores other than the one which called it. This attack is known as Special Register Buffer Data Sampling or ... oval:org.secpod.oval:def:89050222 This update for xen fixes the following issues: - CVE-2020-15563: Fixed inverted code paths in x86 dirty VRAM tracking . - CVE-2020-15565: Fixed insufficient cache write-back under VT-d . - CVE-2020-15566: Fixed incorrect error handling in event channel port allocation . - CVE-2020-15567: Fixed non- ... oval:org.secpod.oval:def:89050405 This update for xen fixes the following issues: - CVE-2020-15563: Fixed inverted code paths in x86 dirty VRAM tracking . - CVE-2020-15565: Fixed insufficient cache write-back under VT-d . - CVE-2020-15566: Fixed incorrect error handling in event channel port allocation . - CVE-2020-15567: Fixed non- ... oval:org.secpod.oval:def:89050360 This update for xen fixes the following issues: - bsc#1177409 - VUL-0: CVE-2020-27673: xen: x86 PV guest INVLPG-like flushes may leave stale TLB entries - bsc#1177412 - VUL-0: CVE-2020-27672: xen: Race condition in Xen mapping code - bsc#1177413 - VUL-0: CVE-2020-27671: xen: undue deferral of IOMM ... oval:org.secpod.oval:def:89050281 This update for xen fixes the following issues: - bsc#1177409 - VUL-0: CVE-2020-27673: xen: x86 PV guest INVLPG-like flushes may leave stale TLB entries - bsc#1177412 - VUL-0: CVE-2020-27672: xen: Race condition in Xen mapping code - bsc#1177413 - VUL-0: CVE-2020-27671: xen: undue deferral of IOMM ... oval:org.secpod.oval:def:89050576 This update for xen fixes the following issues: - CVE-2018-12207: Untrusted virtual machines on Intel CPUs could exploit a race condition in the Instruction Fetch Unit of the Intel CPU to cause a Machine Exception during Page Size Change, causing the CPU core to be non-functional. - CVE-2019-11135: ... oval:org.secpod.oval:def:89003283 This update for xen fixes the following issues: - CVE-2018-12207: Untrusted virtual machines on Intel CPUs could exploit a race condition in the Instruction Fetch Unit of the Intel CPU to cause a Machine Exception during Page Size Change, causing the CPU core to be non-functional. - CVE-2019-11135: ... oval:org.secpod.oval:def:89050660 This update for xen fixes the following issues: - CVE-2018-12207: Untrusted virtual machines on Intel CPUs could exploit a race condition in the Instruction Fetch Unit of the Intel CPU to cause a Machine Exception during Page Size Change, causing the CPU core to be non-functional. - CVE-2019-11135: ... oval:org.secpod.oval:def:89003200 This update for xen fixes the following issues: - CVE-2019-19581: Fixed a potential out of bounds on 32-bit Arm . - CVE-2019-19582: Fixed a potential infinite loop when x86 accesses to bitmaps with a compile time known size of 64 . - CVE-2019-19583: Fixed improper checks which could have allowed HVM ... oval:org.secpod.oval:def:1800826 CVE-2017-5753, CVE-2017-5715, CVE-2017-5754, XSA-254: Information leak via side effects of speculative execution Reference:¶ oval:org.secpod.oval:def:116630 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:116709 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:89003195 This update for xen fixes the following issues: Security issues fixed: - CVE-2019-15890: Fixed a use-after-free in SLiRP networking implementation of QEMU emulator which could have led to Denial of Service . - CVE-2019-12068: Fixed an issue in lsi which could lead to an infinite loop and denial of s ... oval:org.secpod.oval:def:1800270 CVE-2017-17566, XSA-248: x86 PV guests may gain access to internally used pages Reference CVE-2017-17563, XSA-249: broken x86 shadow mode refcount overflow check Reference CVE-2017-17564, XSA-250: improper x86 shadow mode refcount error handling Reference CVE-2017-17565, XSA-251: improper bug check ... oval:org.secpod.oval:def:1800236 CVE-2017-17566, XSA-248: x86 PV guests may gain access to internally used pages Reference: CVE-2017-17563, XSA-249: broken x86 shadow mode refcount overflow check Reference: CVE-2017-17564, XSA-250: improper x86 shadow mode refcount error handling Reference: CVE-2017-17565, XSA-251: improper bug che ... oval:org.secpod.oval:def:89003466 This update for xen fixes the following issues: Four new speculative execution information leak issues have been identified in Intel CPUs. - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling - CVE-2018-12130: Microarchitec ... oval:org.secpod.oval:def:89003347 This update for xen fixes the following issues: Four new speculative execution information leak issues have been identified in Intel CPUs. - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling - CVE-2018-12130: Microarchitec ... oval:org.secpod.oval:def:89003334 This update for xen to version 4.11.2 fixes the following issues: Security issues fixed: - CVE-2019-15890: Fixed a use-after-free in SLiRP networking implementation of QEMU emulator which could have led to Denial of Service . - CVE-2019-12068: Fixed an issue in lsi which could lead to an infinite lo ... oval:org.secpod.oval:def:1800444 CVE-2017-17566, XSA-248: x86 PV guests may gain access to internally used pages Reference: CVE-2017-17563, XSA-249: broken x86 shadow mode refcount overflow check Reference: CVE-2017-17564, XSA-250: improper x86 shadow mode refcount error handling Reference: CVE-2017-17565, XSA-251: improper bug che ... oval:org.secpod.oval:def:89050868 This update for xen fixes the following issues: Four new speculative execution information leak issues have been identified in Intel CPUs. - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling - CVE-2018-12130: Microarchitec ... oval:org.secpod.oval:def:89002176 This update for xen fixes the following issues: XEN was updated to the Xen 4.9.3 bug fix only release - CVE-2018-17963: qemu_deliver_packet_iov accepted packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact. - CVE-2018-1547 ... oval:org.secpod.oval:def:89002178 This update for xen fixes the following issues: Security issues fixed: - CVE-2018-3639: Spectre V4 #226;#128;#147; Speculative Store Bypass aka quot;Memory Disambiguationquot; This feature can be controlled by the quot;ssbd=on/offquot; commandline flag for the XEN hypervisor. - CVE-2018-10982: x86 ... oval:org.secpod.oval:def:89002157 This update for xen fixes the following issues: Security issues fixed: - CVE-2018-3665: Fix Lazy FP Save/Restore issue . - CVE-2018-12891: Fix possible Denial of Service via certain PV MMU operations that affect the entire host . - CVE-2018-12892: Fix libxl to honour the readonly flag on HVM emul ... oval:org.secpod.oval:def:115530 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:114551 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:115435 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:114789 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:114727 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:114614 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:89002456 This update for xen fixes the following issues: This security issue was fixed: - CVE-2018-3646: Systems with microprocessors utilizing speculative execution and address translations may have allowed unauthorized disclosure of information residing in the L1 data cache to an attacker with local user a ... oval:org.secpod.oval:def:89049689 This update for xen fixes the following issues: Update to Xen 4.10.2 bug fix release . Security vulnerabilities fixed: - CVE-2018-19961, CVE-2018-19962: Fixed an issue related to insufficient TLB flushing with AMD IOMMUs, which potentially allowed a guest to escalate its privileges, may cause a Deni ... oval:org.secpod.oval:def:89002545 This update for xen fixes the following issues: Security issues fixed: - CVE-2018-12617: Fix integer overflow that causes segmentation fault in qmp_guest_file_read with g_malloc . - CVE-2018-3665: Fix Lazy FP Save/Restore issue . - CVE-2018-11806: Fix heap buffer overflow while reassembling fragmen ... oval:org.secpod.oval:def:89049737 This update for xen fixes the following issues: Security issues fixed: - CVE-2018-3665: Fix Lazy FP Save/Restore issue . - CVE-2018-12891: Fix possible Denial of Service via certain PV MMU operations that affect the entire host . - CVE-2018-12892: Fix libxl to honour the readonly flag on HVM emul ... oval:org.secpod.oval:def:89049735 This update for xen fixes the following security issues: - CVE-2018-3646: Systems with microprocessors utilizing speculative execution and address translations may have allowed unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS pr ... oval:org.secpod.oval:def:115038 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:1800989 CVE-2018-10472,XSA-258: Information leak via crafted user-supplied CDROM oval:org.secpod.oval:def:114497 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:114565 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:1801000 CVE-2018-10472,XSA-258: Information leak via crafted user-supplied CDROM oval:org.secpod.oval:def:1801001 CVE-2018-8897, XSA-260: x86: mishandling of debug exceptions oval:org.secpod.oval:def:1800398 CVE-2017-12135, XSA-226: multiple problems with transitive grants All versions of Xen are vulnerable. oval:org.secpod.oval:def:1801004 CVE-2018-10472,XSA-258: Information leak via crafted user-supplied CDROM oval:org.secpod.oval:def:1800331 CVE-2017-12135, XSA-226: multiple problems with transitive grants All versions of Xen are vulnerable. oval:org.secpod.oval:def:89002548 This update for xen to version 4.9.2 fixes several issues. This feature was added: - Added script, udev rule and systemd service to watch for vcpu online/offline events in a HVM domU. They are triggered via "xl vcpu-set domU N" These security issues were fixed: - CVE-2018-8897: Prevent mishandling o ... oval:org.secpod.oval:def:1800660 CVE-2017-12135, XSA-226: multiple problems with transitive grants All versions of Xen are vulnerable. oval:org.secpod.oval:def:1800324 CVE-2017-12135, XSA-226: multiple problems with transitive grants All versions of Xen are vulnerable. oval:org.secpod.oval:def:400709 xen was updated to fix 44 security issues. These security issues were fixed: - CVE-2013-4533: Buffer overflow in the pxa2xx_ssp_load function in hw/arm/pxa2xx.c allowed remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted s->rx_level value in a savevm ima ... oval:org.secpod.oval:def:1800383 x86: inconsistent cachability flags on guest mappings. Multiple mappings of the same physical page with different cachability setting can cause problems. While one category affects only guests themselves , the other category being Machine Check exceptions can be fatal to entire hosts. oval:org.secpod.oval:def:109854 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:109935 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:89045377 xen was updated to fix 47 security issues. These security issues were fixed: - CVE-2013-4527: Buffer overflow in hw/timer/hpet.c might have allowed remote attackers to execute arbitrary code via vectors related to the number of timers . - CVE-2013-4529: Buffer overflow in hw/pci/pcie_aer.c allowed r ... oval:org.secpod.oval:def:400737 xen was updated to fix 46 security issues. These security issues were fixed: - CVE-2013-4527: Buffer overflow in hw/timer/hpet.c might have allowed remote attackers to execute arbitrary code via vectors related to the number of timers . - CVE-2013-4529: Buffer overflow in hw/pci/pcie_aer.c allowed r ... oval:org.secpod.oval:def:89051121 This update for xen fixes the following issues: * CVE-2023-20588: AMD CPU transitional execution leak via division by zero . * CVE-2023-34322: top-level shadow reference dropped too early for 64-bit PV guests . * CVE-2023-34325: Multiple vulnerabilities in libfsimage disk handling . * CVE-2023-34 ... oval:org.secpod.oval:def:89051120 This update for xen fixes the following issues: * CVE-2023-20588: AMD CPU transitional execution leak via division by zero . * CVE-2023-34322: top-level shadow reference dropped too early for 64-bit PV guests . * CVE-2023-34325: Multiple vulnerabilities in libfsimage disk handling . * CVE-2023-34 ... oval:org.secpod.oval:def:89049578 This update for xen fixes the following issues: * CVE-2023-20588: Fixed AMD CPU transitional execution leak via division by zero . * CVE-2023-34322: Fixed top-level shadow reference dropped too early for 64-bit PV guests . ## Special Instructions and Notes: * Please reboot the system after install ... oval:org.secpod.oval:def:89049573 This update for xen fixes the following issues: * CVE-2023-20588: Fixed AMD CPU transitional execution leak via division by zero . * CVE-2023-34322: Fixed top-level shadow reference dropped too early for 64-bit PV guests . ## Special Instructions and Notes: * Please reboot the system after install ... oval:org.secpod.oval:def:126300 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:3301917 Security update for xen oval:org.secpod.oval:def:126199 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:3301737 Security update for xen oval:org.secpod.oval:def:89049348 This update for xen fixes the following issues: Update to Xen 4.13.5 bug fix release . * CVE-2023-20569: Fixed x86/AMD Speculative Return Stack Overflow . * CVE-2022-40982: Fixed x86/Intel Gather Data Sampling . * CVE-2023-20593: Fixed x86/AMD Zenbleed . oval:org.secpod.oval:def:89049347 This update for xen fixes the following issues: * CVE-2023-20569: Fixed x86/AMD Speculative Return Stack Overflow . * CVE-2022-40982: Fixed x86/Intel Gather Data Sampling . * CVE-2023-20593: Fixed x86/AMD Zenbleed . oval:org.secpod.oval:def:89049346 This update for xen fixes the following issues: * CVE-2023-20569: Fixed x86/AMD Speculative Return Stack Overflow . * CVE-2022-40982: Fixed x86/Intel Gather Data Sampling . * CVE-2023-20593: Fixed x86/AMD Zenbleed . oval:org.secpod.oval:def:89049306 This update for xen fixes the following issues: * CVE-2023-20569: Fixed side channel attack Inception or RAS Poisoning. * CVE-2022-40982: Fixed transient execution attack called 'Gather Data Sampling'. * CVE-2023-20593: Fixed a ZenBleed issue in 'Zen 2' CPUs that could allow an attacker to potenti ... oval:org.secpod.oval:def:3301997 Security update for xen oval:org.secpod.oval:def:89049322 This update for xen fixes the following issues: * CVE-2023-20569: Fixed side channel attack Inception or RAS Poisoning. * CVE-2022-40982: Fixed transient execution attack called "Gather Data Sampling". * CVE-2023-20593: Fixed a ZenBleed issue in "Zen 2" CPUs that could allow an attacker to potenti ... oval:org.secpod.oval:def:89051425 This update for xen fixes the following issues: * CVE-2023-46839: Fixed phantom functions assigned to incorrect contexts ## Special Instructions and Notes: * Please reboot the system after installing this update. oval:org.secpod.oval:def:89051424 This update for xen fixes the following issues: * CVE-2023-46839: Fixed phantom functions assigned to incorrect contexts ## Special Instructions and Notes: * Please reboot the system after installing this update. oval:org.secpod.oval:def:89051426 This update for xen fixes the following issues: * CVE-2023-46839: Fixed phantom functions assigned to incorrect contexts * CVE-2023-46840: Fixed VT-d: Failure to quarantine devices in !HVM builds ## Special Instructions and Notes: * Please reboot the system after installing this update. oval:org.secpod.oval:def:89051420 This update for xen fixes the following issues: * CVE-2023-46839: Fixed phantom functions assigned to incorrect contexts ## Special Instructions and Notes: * Please reboot the system after installing this update. oval:org.secpod.oval:def:89051422 This update for xen fixes the following issues: * CVE-2023-46839: Fixed phantom functions assigned to incorrect contexts ## Special Instructions and Notes: * Please reboot the system after installing this update. oval:org.secpod.oval:def:89051419 This update for xen fixes the following issues: * CVE-2023-46839: Fixed phantom functions assigned to incorrect contexts ## Special Instructions and Notes: * Please reboot the system after installing this update. oval:org.secpod.oval:def:89051638 This update for xen fixes the following issues: * CVE-2023-46839: Fixed memory access through PCI device with phantom functions . * CVE-2023-46840: Fixed Failure to quarantine devices in !HVM builds . * CVE-2023-46841: Fixed shadow stack vs exceptions from emulation stubs . oval:org.secpod.oval:def:89051724 This update for xen fixes the following issues: * CVE-2023-28746: Register File Data Sampling * CVE-2024-2193: Fixed GhostRace, a speculative race conditions. * CVE-2023-46841: Hhadow stack vs exceptions from emulation stubs oval:org.secpod.oval:def:89051708 This update for xen fixes the following issues: * CVE-2023-28746: Register file data sampling. * CVE-2024-2193: Fixed GhostRace, a speculative race conditions oval:org.secpod.oval:def:89051757 This update for xen fixes the following issues: * CVE-2023-46842: Fixed denial of service due to Xen bug check triggered by HVM hypercalls in xen x86 * CVE-2024-31142: Fixed incorrect logic for BTC/SRSO mitigations in xen x86 * CVE-2024-2201: Fixed memory disclosure via Native Branch History Inj ... |
