Difference between revisions of "Security Announcements (Historical)"

From Xen
(Linkify xen unstable changesets.)
(Add categories)
Line 73: Line 73:
 
: [http://xenbits.xen.org/hg/xen-unstable.hg/rev/xxxxxxxxx yyyy:xxxxxxxx]
 
: [http://xenbits.xen.org/hg/xen-unstable.hg/rev/xxxxxxxxx yyyy:xxxxxxxx]
 
-->
 
-->
  +
  +
[[Category:Developers]] [[Category:Users]]

Revision as of 17:07, 12 December 2011

The following security advisories have been made in accordance with the xen.org security problem response process.

Please contact security@xen.org if you wish to disclose a security vulnerability.

XSA-1 Host crash due to failure to correctly validate PV kernel execution state.

Date
14 March 2011
References
CVE-2011-1166
Advisory
Cannot specify user mode execution without specifying user-mode pagetables. Failure to validate this allows a malicious or buggy 64 bit PV guest to crash the host.
nb: predates vulnerability handling process and therefore no formal announcement
Fixes
xen-unstable.hg: 23034:c79aae866ad8


XSA-2 PV kernel validation vulnerabilities

Date
9 May 2011
References
CVE-2011-1583
Advisory
http://lists.xen.org/archives/html/xen-devel/2011-05/msg00483.html
Fixes
xen-unstable.hg: 23322:d9982136d8fa

XSA-3 VT-d (PCI passthrough) MSI

Date
12 May 2011
References
CVE-2011-1898
Advisory
http://lists.xen.org/archives/html/xen-devel/2011-05/msg00687.html
Fixes
xen-unstable.hg: 23337:cc91832a02c7

XSA-4 Xen 3.3 vaddr validation

Date
2 September 2011
References
CVE-2011-2901
Advisory
http://lists.xen.org/archives/html/xen-devel/2011-09/msg00119.html
Fixes
xen-unstable: 23800:72edc40e2942

XSA-5 IOMMU Fault Live lock

Date
12 August 2011
References
CVE-2011-3131
Advisory
http://lists.xen.org/archives/html/xen-devel/2011-08/msg00450.html
Fixes
xen-unstable: 23762:537ed3b74b3f