Difference between revisions of "Security Announcements (Historical)"

From Xen
m (Adding extra highlights; xen->xenproject)
(Historical Advisories up to XSA-57)
 
(2 intermediate revisions by 2 users not shown)
Line 20: Line 20:
 
__TOC__
 
__TOC__
 
{{Anchor|hist}}
 
{{Anchor|hist}}
= Historical Advisories up to XSA-57 =
+
= Historical Advisories up to XSA-25 =
   
The list below contains only historical information on advisories up to XSA-57.
+
The list below contains only historical information on advisories up to XSA-25.
   
 
== XSA-1 Host crash due to failure to correctly validate PV kernel execution state. ==
 
== XSA-1 Host crash due to failure to correctly validate PV kernel execution state. ==
Line 29: Line 29:
 
: 14 March 2011
 
: 14 March 2011
 
; References
 
; References
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name==CVE-2011-1166 CVE-2011-1166]
+
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1166 CVE-2011-1166]
 
; Advisory
 
; Advisory
 
: Cannot specify user mode execution without specifying user-mode pagetables. Failure to validate this allows a malicious or buggy 64 bit PV guest to crash the host.
 
: Cannot specify user mode execution without specifying user-mode pagetables. Failure to validate this allows a malicious or buggy 64 bit PV guest to crash the host.
Line 43: Line 43:
 
: 9 May 2011
 
: 9 May 2011
 
; References
 
; References
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name==CVE-2011-1583 CVE-2011-1583]
+
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1583 CVE-2011-1583]
 
; Advisory
 
; Advisory
 
: http://lists.xen.org/archives/html/xen-devel/2011-05/msg00483.html
 
: http://lists.xen.org/archives/html/xen-devel/2011-05/msg00483.html
Line 56: Line 56:
 
: 12 May 2011
 
: 12 May 2011
 
; References
 
; References
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name==CVE-2011-1898 CVE-2011-1898]
+
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1898 CVE-2011-1898]
 
; Advisory
 
; Advisory
 
: http://lists.xen.org/archives/html/xen-devel/2011-05/msg00687.html
 
: http://lists.xen.org/archives/html/xen-devel/2011-05/msg00687.html
Line 69: Line 69:
 
: 2 September 2011
 
: 2 September 2011
 
; References
 
; References
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name==CVE-2011-2901 CVE-2011-2901]
+
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2901 CVE-2011-2901]
 
; Advisory
 
; Advisory
 
: http://lists.xen.org/archives/html/xen-devel/2011-09/msg00119.html
 
: http://lists.xen.org/archives/html/xen-devel/2011-09/msg00119.html
Line 81: Line 81:
 
: 12 August 2011
 
: 12 August 2011
 
; References
 
; References
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name==CVE-2011-3131 CVE-2011-3131]
+
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3131 CVE-2011-3131]
 
; Advisory
 
; Advisory
 
: http://lists.xen.org/archives/html/xen-devel/2011-08/msg00450.html
 
: http://lists.xen.org/archives/html/xen-devel/2011-08/msg00450.html
Line 93: Line 93:
 
: 2 February 2012
 
: 2 February 2012
 
; References
 
; References
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name==CVE-2012-0029 CVE-2012-0029]
+
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0029 CVE-2012-0029]
 
; Advisory
 
; Advisory
 
: http://lists.xen.org/archives/html/xen-devel/2012-02/msg00212.html
 
: http://lists.xen.org/archives/html/xen-devel/2012-02/msg00212.html
Line 109: Line 109:
 
: 12 June 2012 (public disclosure)
 
: 12 June 2012 (public disclosure)
 
; References
 
; References
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name==CVE-2012-0217 CVE-2012-0217]
+
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0217 CVE-2012-0217]
 
; Advisory
 
; Advisory
 
: http://lists.xen.org/archives/html/xen-announce/2012-06/msg00001.html
 
: http://lists.xen.org/archives/html/xen-announce/2012-06/msg00001.html
Line 121: Line 121:
 
: 12 June 2012 (public disclosure)
 
: 12 June 2012 (public disclosure)
 
; References
 
; References
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name==CVE-2012-0218 CVE-2012-0218]
+
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0218 CVE-2012-0218]
 
; Advisory
 
; Advisory
 
: http://lists.xen.org/archives/html/xen-announce/2012-06/msg00003.html
 
: http://lists.xen.org/archives/html/xen-announce/2012-06/msg00003.html
Line 133: Line 133:
 
: 12 June 2012 (public disclosure)
 
: 12 June 2012 (public disclosure)
 
; References
 
; References
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name==CVE-2012-2934 CVE-2012-2934]
+
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2934 CVE-2012-2934]
 
; Advisory
 
; Advisory
 
: http://lists.xen.org/archives/html/xen-announce/2012-06/msg00002.html
 
: http://lists.xen.org/archives/html/xen-announce/2012-06/msg00002.html
Line 145: Line 145:
 
: 26 July 2012 (public disclosure)
 
: 26 July 2012 (public disclosure)
 
; References
 
; References
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name==CVE-2012-3432 CVE-2012-3432]
+
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3432 CVE-2012-3432]
 
; Advisory
 
; Advisory
 
: http://lists.xen.org/archives/html/xen-devel/2012-07/msg01649.html
 
: http://lists.xen.org/archives/html/xen-devel/2012-07/msg01649.html
Line 157: Line 157:
 
: 8 August 2012 (public disclosure)
 
: 8 August 2012 (public disclosure)
 
; References
 
; References
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name==CVE-2012-3433 CVE-2012-3433]
+
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3433 CVE-2012-3433]
 
; Advisory
 
; Advisory
 
: http://lists.xen.org/archives/html/xen-devel/2012-08/msg00855.html
 
: http://lists.xen.org/archives/html/xen-devel/2012-08/msg00855.html
Line 169: Line 169:
 
: 5 September 2012 (public disclosure)
 
: 5 September 2012 (public disclosure)
 
; References
 
; References
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name==CVE-2012-3494 CVE-2012-3494]
+
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3494 CVE-2012-3494]
 
; Advisory
 
; Advisory
 
: http://lists.xen.org/archives/html/xen-announce/2012-09/msg00000.html
 
: http://lists.xen.org/archives/html/xen-announce/2012-09/msg00000.html
Line 181: Line 181:
 
: 5 September 2012 (public disclosure)
 
: 5 September 2012 (public disclosure)
 
; References
 
; References
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name==CVE-2012-3495 CVE-2012-3495]
+
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3495 CVE-2012-3495]
 
; Advisory
 
; Advisory
 
: http://lists.xen.org/archives/html/xen-announce/2012-09/msg00001.html
 
: http://lists.xen.org/archives/html/xen-announce/2012-09/msg00001.html
Line 192: Line 192:
 
: 5 September 2012 (public disclosure)
 
: 5 September 2012 (public disclosure)
 
; References
 
; References
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name==CVE-2012-3496 CVE-2012-3496]
+
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3496 CVE-2012-3496]
 
; Advisory
 
; Advisory
 
: http://lists.xen.org/archives/html/xen-announce/2012-09/msg00002.html
 
: http://lists.xen.org/archives/html/xen-announce/2012-09/msg00002.html
Line 204: Line 204:
 
: 5 September 2012 (public disclosure)
 
: 5 September 2012 (public disclosure)
 
; References
 
; References
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name==CVE-2012-3497 CVE-2012-3497]
+
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3497 CVE-2012-3497]
 
; Advisory
 
; Advisory
 
: http://lists.xen.org/archives/html/xen-announce/2012-09/msg00006.html
 
: http://lists.xen.org/archives/html/xen-announce/2012-09/msg00006.html
Line 214: Line 214:
 
: 5 September 2012 (public disclosure)
 
: 5 September 2012 (public disclosure)
 
; References
 
; References
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name==CVE-2012-3498 CVE-2012-3498]
+
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3498 CVE-2012-3498]
 
; Advisory
 
; Advisory
 
: http://lists.xen.org/archives/html/xen-announce/2012-09/msg00005.html
 
: http://lists.xen.org/archives/html/xen-announce/2012-09/msg00005.html
Line 225: Line 225:
 
: 5 September 2012 (public disclosure)
 
: 5 September 2012 (public disclosure)
 
; References
 
; References
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name==CVE-2012-3515 CVE-2012-3515]
+
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3515 CVE-2012-3515]
 
; Advisory
 
; Advisory
 
: http://lists.xen.org/archives/html/xen-announce/2012-09/msg00003.html
 
: http://lists.xen.org/archives/html/xen-announce/2012-09/msg00003.html
Line 242: Line 242:
 
: 5 September 2012 (public disclosure)
 
: 5 September 2012 (public disclosure)
 
; References
 
; References
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name==CVE-2012-3516 CVE-2012-3516]
+
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3516 CVE-2012-3516]
 
; Advisory
 
; Advisory
 
: http://lists.xen.org/archives/html/xen-announce/2012-09/msg00004.html
 
: http://lists.xen.org/archives/html/xen-announce/2012-09/msg00004.html
Line 253: Line 253:
 
: 6 September 2012 (public disclosure)
 
: 6 September 2012 (public disclosure)
 
; References
 
; References
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name==CVE-2012-4411 CVE-2012-4411]
+
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4411 CVE-2012-4411]
 
; Advisory
 
; Advisory
 
: http://lists.xen.org/archives/html/xen-announce/2012-09/msg00007.html
 
: http://lists.xen.org/archives/html/xen-announce/2012-09/msg00007.html
Line 271: Line 271:
 
: 13 November 2012
 
: 13 November 2012
 
; References
 
; References
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name==CVE-2012-4535 CVE-2012-4535]
+
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4535 CVE-2012-4535]
 
; Advisory
 
; Advisory
 
: http://lists.xen.org/archives/html/xen-announce/2012-11/msg00001.html
 
: http://lists.xen.org/archives/html/xen-announce/2012-11/msg00001.html
Line 284: Line 284:
 
: 13 November 2012
 
: 13 November 2012
 
; References
 
; References
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name==CVE-2012-4536 CVE-2012-4536]
+
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4536 CVE-2012-4536]
 
; Advisory
 
; Advisory
 
: http://lists.xen.org/archives/html/xen-announce/2012-11/msg00003.html
 
: http://lists.xen.org/archives/html/xen-announce/2012-11/msg00003.html
Line 296: Line 296:
 
: 13 November 2012
 
: 13 November 2012
 
; References
 
; References
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name==CVE-2012-4537 CVE-2012-4537]
+
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4537 CVE-2012-4537]
 
; Advisory
 
; Advisory
 
: http://lists.xen.org/archives/html/xen-announce/2012-11/msg00005.html
 
: http://lists.xen.org/archives/html/xen-announce/2012-11/msg00005.html
Line 310: Line 310:
 
: 13 November 2012
 
: 13 November 2012
 
; References
 
; References
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name==CVE-2012-4538 CVE-2012-4538]
+
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4538 CVE-2012-4538]
 
; Advisory
 
; Advisory
 
: http://lists.xen.org/archives/html/xen-announce/2012-11/msg00004.html
 
: http://lists.xen.org/archives/html/xen-announce/2012-11/msg00004.html
Line 323: Line 323:
 
: 13 November 2012
 
: 13 November 2012
 
; References
 
; References
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name==CVE-2012-4539 CVE-2012-4539]
+
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4539 CVE-2012-4539]
 
; Advisory
 
; Advisory
 
: http://lists.xen.org/archives/html/xen-announce/2012-11/msg00002.html
 
: http://lists.xen.org/archives/html/xen-announce/2012-11/msg00002.html
Line 336: Line 336:
 
: 13 November 2012
 
: 13 November 2012
 
; References
 
; References
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name==CVE-2012-4544,CVE-2012-2625 CVE-2012-4544,CVE-2012-2625]
+
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4544,CVE-2012-2625 CVE-2012-4544,CVE-2012-2625]
 
; Advisory
 
; Advisory
 
: http://lists.xen.org/archives/html/xen-announce/2012-11/msg00006.html
 
: http://lists.xen.org/archives/html/xen-announce/2012-11/msg00006.html
Line 344: Line 344:
 
: xen-4.1-testing.hg: [http://xenbits.xen.org/hg/xen-4.1-testing.hg/rev/69d1cc78a5bd 23385:69d1cc78a5bd]
 
: xen-4.1-testing.hg: [http://xenbits.xen.org/hg/xen-4.1-testing.hg/rev/69d1cc78a5bd 23385:69d1cc78a5bd]
   
  +
<!-- Removed
 
  +
== XSA 26 ==
== XSA 26 Grant table version switch list corruption vulnerability ==
 
 
; Date
 
; Date
 
: 3 December 2012 (public disclosure)
 
: 3 December 2012 (public disclosure)
 
; References
 
; References
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name==CVE-2012-5510 CVE-2012-5510]
+
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5510 CVE-2012-5510]
 
; Advisory
 
; Advisory
 
: http://lists.xen.org/archives/html/xen-announce/2012-12/msg00000.html
 
: http://lists.xen.org/archives/html/xen-announce/2012-12/msg00000.html
Line 361: Line 361:
 
: 3 December 2012 (public disclosure)
 
: 3 December 2012 (public disclosure)
 
; References
 
; References
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name==CVE-2012-5511 CVE-2012-5511]
+
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5511 CVE-2012-5511]
 
; Advisory
 
; Advisory
 
: http://lists.xen.org/archives/html/xen-announce/2012-12/msg00006.html
 
: http://lists.xen.org/archives/html/xen-announce/2012-12/msg00006.html
Line 373: Line 373:
 
: 3 December 2012 (public disclosure)
 
: 3 December 2012 (public disclosure)
 
; References
 
; References
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name==CVE-2012-5512 CVE-2012-5512]
+
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5512 CVE-2012-5512]
 
; Advisory
 
; Advisory
 
: http://lists.xen.org/archives/html/xen-announce/2012-12/msg00003.html
 
: http://lists.xen.org/archives/html/xen-announce/2012-12/msg00003.html
Line 385: Line 385:
 
: 3 December 2012 (public disclosure)
 
: 3 December 2012 (public disclosure)
 
; References
 
; References
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name==CVE-2012-5513 CVE-2012-5513]
+
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5513 CVE-2012-5513]
 
; Advisory
 
; Advisory
 
: http://lists.xen.org/archives/html/xen-announce/2012-12/msg00004.html
 
: http://lists.xen.org/archives/html/xen-announce/2012-12/msg00004.html
Line 397: Line 397:
 
: 3 December 2012 (public disclosure)
 
: 3 December 2012 (public disclosure)
 
; References
 
; References
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name==CVE-2012-5514 CVE-2012-5514]
+
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5514 CVE-2012-5514]
 
; Advisory
 
; Advisory
 
: http://lists.xen.org/archives/html/xen-announce/2012-12/msg00005.html
 
: http://lists.xen.org/archives/html/xen-announce/2012-12/msg00005.html
Line 409: Line 409:
 
: 3 December 2012 (public disclosure)
 
: 3 December 2012 (public disclosure)
 
; References
 
; References
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name==CVE-2012-5515 CVE-2012-5515]
+
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5515 CVE-2012-5515]
 
; Advisory
 
; Advisory
 
: http://lists.xen.org/archives/html/xen-announce/2012-12/msg00001.html
 
: http://lists.xen.org/archives/html/xen-announce/2012-12/msg00001.html
Line 421: Line 421:
 
: 3 December 2012 (public disclosure)
 
: 3 December 2012 (public disclosure)
 
; References
 
; References
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name==CVE-2012-5525 CVE-2012-5525]
+
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5525 CVE-2012-5525]
 
; Advisory
 
; Advisory
 
: http://lists.xen.org/archives/html/xen-announce/2012-12/msg00002.html
 
: http://lists.xen.org/archives/html/xen-announce/2012-12/msg00002.html
Line 433: Line 433:
 
: 9 January 2013 (public release)
 
: 9 January 2013 (public release)
 
; References
 
; References
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name==CVE-2012-5634 CVE-2012-5634]
+
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5634 CVE-2012-5634]
 
; Advisory
 
; Advisory
 
: http://lists.xen.org/archives/html/xen-announce/2013-01/msg00001.html
 
: http://lists.xen.org/archives/html/xen-announce/2013-01/msg00001.html
Line 445: Line 445:
 
: 22 January 2013 (public release)
 
: 22 January 2013 (public release)
 
; References
 
; References
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name==CVE-2013-0151 CVE-2013-0151]
+
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0151 CVE-2013-0151]
 
; Advisory
 
; Advisory
 
: http://lists.xen.org/archives/html/xen-announce/2013-01/msg00008.html
 
: http://lists.xen.org/archives/html/xen-announce/2013-01/msg00008.html
Line 456: Line 456:
 
: 22 January 2013 (public release)
 
: 22 January 2013 (public release)
 
; References
 
; References
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name==CVE-2013-0152 CVE-2013-0152]
+
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0152 CVE-2013-0152]
 
; Advisory
 
; Advisory
 
: http://lists.xen.org/archives/html/xen-announce/2013-01/msg00009.html
 
: http://lists.xen.org/archives/html/xen-announce/2013-01/msg00009.html
Line 467: Line 467:
 
: 5 February 2013
 
: 5 February 2013
 
; References
 
; References
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name==CVE-2013-0153 CVE-2013-0153]
+
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0153 CVE-2013-0153]
 
; Advisory
 
; Advisory
 
: http://lists.xen.org/archives/html/xen-announce/2013-02/msg00006.html
 
: http://lists.xen.org/archives/html/xen-announce/2013-02/msg00006.html
Line 479: Line 479:
 
: 4 January 2013
 
: 4 January 2013
 
; References
 
; References
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name==CVE-2013-0154 CVE-2013-0154]
+
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0154 CVE-2013-0154]
 
; Advisory
 
; Advisory
 
: http://lists.xen.org/archives/html/xen-announce/2013-01/msg00000.html
 
: http://lists.xen.org/archives/html/xen-announce/2013-01/msg00000.html
Line 492: Line 492:
 
: 5 February 2013
 
: 5 February 2013
 
; References
 
; References
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name==CVE-2013-0215 CVE-2013-0215]
+
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0215 CVE-2013-0215]
 
; Advisory
 
; Advisory
 
: http://lists.xen.org/archives/html/xen-announce/2013-02/msg00005.html
 
: http://lists.xen.org/archives/html/xen-announce/2013-02/msg00005.html
Line 505: Line 505:
 
: 5 February 2013
 
: 5 February 2013
 
; References
 
; References
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name==CVE-2013-0216 CVE-2013-0216]
+
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0216 CVE-2013-0216]
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name==CVE-2013-0217 CVE-2013-0217]
+
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0217 CVE-2013-0217]
 
; Advisory
 
; Advisory
 
: http://lists.xen.org/archives/html/xen-announce/2013-02/msg00001.html
 
: http://lists.xen.org/archives/html/xen-announce/2013-02/msg00001.html
Line 516: Line 516:
 
: 16 January 2013
 
: 16 January 2013
 
; References
 
; References
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name==CVE-2013-0190 CVE-2013-0190]
+
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0190 CVE-2013-0190]
 
; Advisory
 
; Advisory
 
: http://lists.xen.org/archives/html/xen-announce/2013-01/msg00002.html
 
: http://lists.xen.org/archives/html/xen-announce/2013-01/msg00002.html
Line 526: Line 526:
 
: 16 January 2013
 
: 16 January 2013
 
; References
 
; References
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name==CVE-2012-6075 CVE-2012-6075]
+
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6075 CVE-2012-6075]
 
; Advisory
 
; Advisory
 
: http://lists.xen.org/archives/html/xen-announce/2013-01/msg00006.html
 
: http://lists.xen.org/archives/html/xen-announce/2013-01/msg00006.html
Line 536: Line 536:
 
: 13 February 2013
 
: 13 February 2013
 
; References
 
; References
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name==CVE-2013-0228 CVE-2013-0228]
+
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0228 CVE-2013-0228]
 
; Advisory
 
; Advisory
 
: http://lists.xen.org/archives/html/xen-announce/2013-02/msg00004.html
 
: http://lists.xen.org/archives/html/xen-announce/2013-02/msg00004.html
Line 546: Line 546:
 
: 5 February 2013
 
: 5 February 2013
 
; References
 
; References
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name==CVE-2013-0231 CVE-2013-0231]
+
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0231 CVE-2013-0231]
 
; Advisory
 
; Advisory
 
: http://lists.xen.org/archives/html/xen-announce/2013-02/msg00003.html
 
: http://lists.xen.org/archives/html/xen-announce/2013-02/msg00003.html
Line 556: Line 556:
 
: 18 April 2013
 
: 18 April 2013
 
; References
 
; References
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name==CVE-2013-1917 CVE-2013-1917]
+
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1917 CVE-2013-1917]
 
; Advisory
 
; Advisory
 
: http://lists.xen.org/archives/html/xen-announce/2013-04/msg00005.html
 
: http://lists.xen.org/archives/html/xen-announce/2013-04/msg00005.html
Line 568: Line 568:
 
: 2 May 2013
 
: 2 May 2013
 
; References
 
; References
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name==CVE-2013-1918 CVE-2013-1918]
+
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1918 CVE-2013-1918]
 
; Advisory
 
; Advisory
 
: http://lists.xen.org/archives/html/xen-announce/2013-05/msg00000.html
 
: http://lists.xen.org/archives/html/xen-announce/2013-05/msg00000.html
Line 580: Line 580:
 
: 18 April 2013
 
: 18 April 2013
 
; References
 
; References
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name==CVE-2013-1919 CVE-2013-1919]
+
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1919 CVE-2013-1919]
 
; Advisory
 
; Advisory
 
: http://lists.xen.org/archives/html/xen-announce/2013-04/msg00003.html
 
: http://lists.xen.org/archives/html/xen-announce/2013-04/msg00003.html
Line 592: Line 592:
 
: 4 April 2013
 
: 4 April 2013
 
; References
 
; References
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name==CVE-2013-1920 CVE-2013-1920]
+
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1920 CVE-2013-1920]
 
; Advisory
 
; Advisory
 
: http://lists.xen.org/archives/html/xen-announce/2013-04/msg00000.html
 
: http://lists.xen.org/archives/html/xen-announce/2013-04/msg00000.html
Line 604: Line 604:
 
: 15 April 2013
 
: 15 April 2013
 
; References
 
; References
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name==CVE-2013-1922 CVE-2013-1922]
+
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1922 CVE-2013-1922]
 
; Advisory
 
; Advisory
 
: http://lists.xen.org/archives/html/xen-announce/2013-04/msg00001.html
 
: http://lists.xen.org/archives/html/xen-announce/2013-04/msg00001.html
Line 614: Line 614:
 
: 2 May 2013
 
: 2 May 2013
 
; References
 
; References
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name==CVE-2013-1952 CVE-2013-1952]
+
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1952 CVE-2013-1952]
 
; Advisory
 
; Advisory
 
: http://lists.xen.org/archives/html/xen-announce/2013-05/msg00001.html
 
: http://lists.xen.org/archives/html/xen-announce/2013-05/msg00001.html
Line 626: Line 626:
 
: 18 April 2013
 
: 18 April 2013
 
; References
 
; References
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name==CVE-2013-1964 CVE-2013-1964]
+
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1964 CVE-2013-1964]
 
; Advisory
 
; Advisory
 
: http://lists.xen.org/archives/html/xen-announce/2013-04/msg00006.html
 
: http://lists.xen.org/archives/html/xen-announce/2013-04/msg00006.html
Line 636: Line 636:
 
: 6 May 2013
 
: 6 May 2013
 
; References
 
; References
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name==CVE-2013-2007 CVE-2013-2007]
+
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2007 CVE-2013-2007]
 
; Advisory
 
; Advisory
 
: http://lists.xen.org/archives/html/xen-announce/2013-05/msg00002.html
 
: http://lists.xen.org/archives/html/xen-announce/2013-05/msg00002.html
Line 646: Line 646:
 
: 3 June 2013
 
: 3 June 2013
 
; References
 
; References
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name==CVE-2013-2076 CVE-2013-2076]
+
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2076 CVE-2013-2076]
 
; Advisory
 
; Advisory
 
: http://lists.xen.org/archives/html/xen-announce/2013-06/msg00002.html
 
: http://lists.xen.org/archives/html/xen-announce/2013-06/msg00002.html
Line 658: Line 658:
 
: 3 June 2013
 
: 3 June 2013
 
; References
 
; References
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name==CVE-2013-2077 CVE-2013-2077]
+
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2077 CVE-2013-2077]
 
; Advisory
 
; Advisory
 
: http://lists.xen.org/archives/html/xen-announce/2013-06/msg00002.html
 
: http://lists.xen.org/archives/html/xen-announce/2013-06/msg00002.html
Line 670: Line 670:
 
: 3 June 2013
 
: 3 June 2013
 
; References
 
; References
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name==CVE-2013-2078 CVE-2013-2078]
+
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2078 CVE-2013-2078]
 
; Advisory
 
; Advisory
 
: http://lists.xen.org/archives/html/xen-announce/2013-06/msg00000.html
 
: http://lists.xen.org/archives/html/xen-announce/2013-06/msg00000.html
Line 691: Line 691:
 
: 17 May 2013
 
: 17 May 2013
 
; References
 
; References
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name==CVE-2013-2072 CVE-2013-2072]
+
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2072 CVE-2013-2072]
 
; Advisory
 
; Advisory
 
: http://lists.xen.org/archives/html/xen-announce/2013-05/msg00004.html
 
: http://lists.xen.org/archives/html/xen-announce/2013-05/msg00004.html
Line 698: Line 698:
 
: xen 4.2: [http://xenbits.xen.org/gitweb/?p==xen.git;a==commit;h==34e2c78baa7eff6369595adc7e51e70a4a0c8727 34e2c78baa7eff6369595adc7e51e70a4a0c8727]
 
: xen 4.2: [http://xenbits.xen.org/gitweb/?p==xen.git;a==commit;h==34e2c78baa7eff6369595adc7e51e70a4a0c8727 34e2c78baa7eff6369595adc7e51e70a4a0c8727]
 
: xen 4.1: [http://xenbits.xen.org/gitweb/?p==xen.git;a==commit;h==8dd9cde5d454e4cee55d0202abfd52ceeff1cd94 8dd9cde5d454e4cee55d0202abfd52ceeff1cd94]
 
: xen 4.1: [http://xenbits.xen.org/gitweb/?p==xen.git;a==commit;h==8dd9cde5d454e4cee55d0202abfd52ceeff1cd94 8dd9cde5d454e4cee55d0202abfd52ceeff1cd94]
  +
-->
   
 
<!-- Template:
 
<!-- Template:
Line 704: Line 705:
 
; References
 
; References
 
: <CVE bugzilla's etc>
 
: <CVE bugzilla's etc>
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name==CVE-YYYY-ZZZZ CVE-YYYY-ZZZZ]
+
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-YYYY-ZZZZ CVE-YYYY-ZZZZ]
 
; Advisory
 
; Advisory
 
: <Link to ML archive of advisory>
 
: <Link to ML archive of advisory>

Latest revision as of 11:54, 13 May 2015

Security advisories are made available in accordance with the Xen security problem response process.

Essential Information
List of vulnerabilities

‎An automatically generated list of security advisories is available at xenbits.xen.org/xsa.

Disclosing Vulnerabilities

Please contact security@xenproject.org if you wish to disclose a security vulnerability.

Timely Notifications

In order to get timely notification of security vulnerabilities you should subscribe to the (low volume) xen-announce mailing list or.


If you are eligible, request access to the pre-disclosure list (see the Xen security problem response process for more information).

Security Updates to Xen

See Xen Maintenance Releases for information relating to stable branch maintenance.

Historical Advisories up to XSA-25

The list below contains only historical information on advisories up to XSA-25.

XSA-1 Host crash due to failure to correctly validate PV kernel execution state.

Date
14 March 2011
References
CVE-2011-1166
Advisory
Cannot specify user mode execution without specifying user-mode pagetables. Failure to validate this allows a malicious or buggy 64 bit PV guest to crash the host.
nb: predates vulnerability handling process and therefore no formal announcement
Fixes
xen-unstable.hg: 23034:c79aae866ad8
xen-4.1-testing.hg: 22993:842aed720b84
xen-4.0-testing.hg: 21461:ee088a0b5cb8

XSA-2 PV kernel validation vulnerabilities

Date
9 May 2011
References
CVE-2011-1583
Advisory
http://lists.xen.org/archives/html/xen-devel/2011-05/msg00483.html
Fixes
xen-unstable.hg: 23322:d9982136d8fa
xen-4.1-testing.hg: 23042:e2e575f8b5d9
xen-4.0-testing.hg: 21482:c2adc059e931

XSA-3 VT-d (PCI passthrough) MSI

Date
12 May 2011
References
CVE-2011-1898
Advisory
http://lists.xen.org/archives/html/xen-devel/2011-05/msg00687.html
Fixes
xen-unstable.hg: 23337:cc91832a02c7
xen-4.1-testing.hg: 23046:ed630a821de1
xen-4.0-testing.hg: 21485:b85a9e58ec3a

XSA-4 Xen 3.3 vaddr validation

Date
2 September 2011
References
CVE-2011-2901
Advisory
http://lists.xen.org/archives/html/xen-devel/2011-09/msg00119.html
Fixes
xen-unstable.hg: 23800:72edc40e2942
nb: although the off-by-one error was fixed in the above changeset only Xen version 3.3 and earlier were vulnerable due to this error.

XSA-5 IOMMU Fault Live lock

Date
12 August 2011
References
CVE-2011-3131
Advisory
http://lists.xen.org/archives/html/xen-devel/2011-08/msg00450.html
Fixes
xen-unstable.hg: 23762:537ed3b74b3f
xen-4.1-testing.hg: 23112:84e3706df07a
xen-4.0-testing.hg: 21535:789ff1a462b8

XSA-6 HVM e1000, buffer overflow

Date
2 February 2012
References
CVE-2012-0029
Advisory
http://lists.xen.org/archives/html/xen-devel/2012-02/msg00212.html
Fixes
qemu-xen-unstable.git: ebe37b2a3f844bad02dcc30d081f39eda06118f8
qemu-xen-4.1-testing.git: 3cf61880403b4e484539596a95937cc066243388
qemu-xen-4.0-testing.git: 36984c285a765541b04f378bfa84d2c850c167d3

In each case the QEMU_TAG in the corresponding xen.hg repository has been updated so that a completely fresh build will pick up the fix:

xen-unstable.hg: 24673:fcc071c31e3a
xen-4.1-testing.hg: 23224:cccd6c68e1b9
xen-4.0-testing.hg: 21563:3feb83eed6bd

XSA-7 64-bit PV guest privilege escalation vulnerability

Date
12 June 2012 (public disclosure)
References
CVE-2012-0217
Advisory
http://lists.xen.org/archives/html/xen-announce/2012-06/msg00001.html
Fixes
xen-unstable.hg: 25480:76eaf5966c05
xen-4.1-testing.hg: 23299:f08e61b9b33f
xen-4.0-testing.hg: 21590:dd367837e089

XSA-8 guest denial of service on syscall/sysenter exception generation

Date
12 June 2012 (public disclosure)
References
CVE-2012-0218
Advisory
http://lists.xen.org/archives/html/xen-announce/2012-06/msg00003.html
Fixes
xen-unstable.hg: 25200:80f4113be500 & 25204:569d6f05e1ef
xen-4.1-testing.hg: 23300:0fec1afa4638
xen-4.0-testing.hg: 21591:adb943a387c8

XSA-9 PV guest host Denial of Service (AMD erratum #121)

Date
12 June 2012 (public disclosure)
References
CVE-2012-2934
Advisory
http://lists.xen.org/archives/html/xen-announce/2012-06/msg00002.html
Fixes
xen-unstable.hg: 25481:bc2f3a848f9a
xen-4.1-testing.hg: 23301:a9c0a89c08f2
xen-4.0-testing.hg: 21592:e35c8bb53255

XSA-10 HVM guest user mode MMIO emulation DoS vulnerability

Date
26 July 2012 (public disclosure)
References
CVE-2012-3432
Advisory
http://lists.xen.org/archives/html/xen-devel/2012-07/msg01649.html
Fixes
xen-unstable.hg: 25682:ffcb24876b4f
xen-4.1-testing.hg: 23325:a43f5b4b0331
xen-4.0-testing.hg: 21604:82fcf3a5dc3a

XSA-11 HVM guest destroy p2m teardown host DoS vulnerability

Date
8 August 2012 (public disclosure)
References
CVE-2012-3433
Advisory
http://lists.xen.org/archives/html/xen-devel/2012-08/msg00855.html
Fixes
xen-unstable.hg: Not vulnerable
xen-4.1-testing.hg: 23332:859205b36fe9
xen-4.0-testing.hg: 21608:a51c86b407d7

XSA-12 hypercall set_debugreg vulnerability

Date
5 September 2012 (public disclosure)
References
CVE-2012-3494
Advisory
http://lists.xen.org/archives/html/xen-announce/2012-09/msg00000.html
Fixes
xen-unstable.hg: 25814:4f1c69648201
xen-4.1-testing.hg: 23349:bcc340292731
xen-4.0-testing.hg: 21613:92334c7f577e

XSA-13 hypercall physdev_get_free_pirq vulnerability

Date
5 September 2012 (public disclosure)
References
CVE-2012-3495
Advisory
http://lists.xen.org/archives/html/xen-announce/2012-09/msg00001.html
Fixes
xen-unstable.hg: Not vulnerable
xen-4.1-testing.hg: 23350:6779ddca8593

XSA-14 XENMEM_populate_physmap DoS vulnerability

Date
5 September 2012 (public disclosure)
References
CVE-2012-3496
Advisory
http://lists.xen.org/archives/html/xen-announce/2012-09/msg00002.html
Fixes
xen-unstable.hg: 25815:bcf58ef63b7c
xen-4.1-testing.hg: 23351:8ebda5388e4e
xen-4.0-testing.hg: 21614:96b08706a0ed

XSA-15 multiple TMEM hypercall vulnerabilities

Date
5 September 2012 (public disclosure)
References
CVE-2012-3497
Advisory
http://lists.xen.org/archives/html/xen-announce/2012-09/msg00006.html
Fixes
None at this time. See advisory for details.

XSA-16 PHYSDEVOP_map_pirq index vulnerability

Date
5 September 2012 (public disclosure)
References
CVE-2012-3498
Advisory
http://lists.xen.org/archives/html/xen-announce/2012-09/msg00005.html
Fixes
xen-unstable.hg: 25816:2750340a347d
xen-4.1-testing.hg: 23352:936f63ee4dad

XSA-17 Qemu VT100 emulation vulnerability

Date
5 September 2012 (public disclosure)
References
CVE-2012-3515
Advisory
http://lists.xen.org/archives/html/xen-announce/2012-09/msg00003.html
Fixes
qemu-upstream-unstable.git: 87650d262dea07c955a683dcac75db86477c7ee3 (qemu-xen tree)
qemu-xen-unstable.git: a56ae4b5069c7b23ee657b15f08443a9b14a8e7b (qemu-xen-traditional tree)
qemu-xen-4.1-testing.git: 3220480734832a148d26f7a81f90af61c2ecfdd9 (qemu-xen-traditional tree)
qemu-xen-4.0-testing.git: 091149d364e893e643a5da3175c3f84d2163cb3e (qemu-xen-traditional tree)

In each case the QEMU_TAG in the corresponding xen.hg repository has been updated so that a completely fresh build will pick up the fix to qemu-xen-traditional:

xen-unstable.hg: 25818:50adc933faaf
xen-4.1-testing.hg: 23353:3e4782f17f5c
xen-4.0-testing.hg: 21615:79444af3258c

XSA-18 grant table entry swaps have inadequate bounds checking

Date
5 September 2012 (public disclosure)
References
CVE-2012-3516
Advisory
http://lists.xen.org/archives/html/xen-announce/2012-09/msg00004.html
Fixes
xen-unstable.hg: 25817:93e5a791d076


XSA-19 guest administrator can access qemu monitor console

Date
6 September 2012 (public disclosure)
References
CVE-2012-4411
Advisory
http://lists.xen.org/archives/html/xen-announce/2012-09/msg00007.html
Fixes
qemu-upstream-unstable.git: Not vulnerable
qemu-xen-unstable.git: bacc0d302445c75f18f4c826750fb5853b60e7ca
qemu-xen-4.1-testing.git: d7d453f51459b591faa96d1c123b5bfff7c5b6b6
qemu-xen-4.0-testing.git: eaa1bd612f50d2f253738ed19e14981e4ede98a5

In each case the QEMU_TAG in the corresponding xen.hg repository has been updated so that a completely fresh build will pick up the fix:

xen-unstable.hg: 25822:ec23c2a11f6f
xen-4.1-testing.hg: 23354:9be1175d2ac3
xen-4.0-testing.hg: 21616:512168f88df9 & 21617:1d1538beeada


XSA 20 Timer overflow DoS vulnerability

Date
13 November 2012
References
CVE-2012-4535
Advisory
http://lists.xen.org/archives/html/xen-announce/2012-11/msg00001.html
Fixes
xen-unstable.hg: 26148:bf58b94b3cef
xen-4.2-testing.hg: 25919:788af5959f69
xen-4.1-testing.hg: 23406:701f5e3321c1
xen-4.0-testing.hg: 21618:6b9809dc1e86

XSA 21 pirq range check DoS vulnerability

Date
13 November 2012
References
CVE-2012-4536
Advisory
http://lists.xen.org/archives/html/xen-announce/2012-11/msg00003.html
Fixes
xen-unstable.hg: Not vulnerable
xen-4.2-testing.hg: Not vulnerable
xen-4.1-testing.hg: 23407:210f16b6509b

XSA 22 Memory mapping failure DoS vulnerability

Date
13 November 2012
References
CVE-2012-4537
Advisory
http://lists.xen.org/archives/html/xen-announce/2012-11/msg00005.html
Fixes
xen-unstable.hg: 26149:6b6a4007a609
xen-4.2-testing.hg: 25920:4cffe28427e0
xen-4.1-testing.hg: 23408:f635b1447d7e
xen-4.0-testing.hg: 21619:04462a8c7966
xen-3.4-testing.hg: 20028:b42c35f6369a

XSA 23 Unhooking empty PAE entries DoS vulnerability

Date
13 November 2012
References
CVE-2012-4538
Advisory
http://lists.xen.org/archives/html/xen-announce/2012-11/msg00004.html
Fixes
xen-unstable.hg: 26150:c7a01b6450e4
xen-4.2-testing.hg: 25921:159080b58dda
xen-4.1-testing.hg: 23409:61eb3d030f52
xen-4.0-testing.hg: 21620:c52d74b254dc

XSA 24 Grant table hypercall infinite loop DoS vulnerability

Date
13 November 2012
References
CVE-2012-4539
Advisory
http://lists.xen.org/archives/html/xen-announce/2012-11/msg00002.html
Fixes
xen-unstable.hg: 26151:b64a7d868f06
xen-4.2-testing.hg: 25922:8ca6372315f8
xen-4.1-testing.hg: 23410:178f63286b02
xen-4.0-testing.hg: 21621:68d7b9cc8259

XSA 25 Xen domain builder Out-of-memory due to malicious kernel/ramdisk

Date
13 November 2012
References
CVE-2012-4544,CVE-2012-2625
Advisory
http://lists.xen.org/archives/html/xen-announce/2012-11/msg00006.html
Fixes
xen-unstable.hg: 25589:60f09d1ab1fe 26115:37a8946eeb9d
xen-4.2-testing.hg: 25589:60f09d1ab1fe 25883:537776f51f79
xen-4.1-testing.hg: 23385:69d1cc78a5bd