Difference between revisions of "Security Announcements (Historical)"
From Xen
(First pass. Needs linkifying.) |
(Linkify CVEs) |
||
| Line 8: | Line 8: | ||
: 14 March 2011 |
: 14 March 2011 |
||
; References |
; References |
||
| − | : CVE-2011-1166 |
+ | : [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1166 CVE-2011-1166] |
; Advisory |
; Advisory |
||
: Cannot specify user mode execution without specifying user-mode pagetables. Failure to validate this allows a malicious or buggy 64 bit PV guest to crash the host. |
: Cannot specify user mode execution without specifying user-mode pagetables. Failure to validate this allows a malicious or buggy 64 bit PV guest to crash the host. |
||
| Line 22: | Line 22: | ||
: 9 May 2011 |
: 9 May 2011 |
||
; References |
; References |
||
| − | : CVE-2011-1583 |
+ | : [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1583 CVE-2011-1583] |
; Advisory |
; Advisory |
||
: http://lists.xen.org/archives/html/xen-devel/2011-05/msg00483.html |
: http://lists.xen.org/archives/html/xen-devel/2011-05/msg00483.html |
||
| Line 33: | Line 33: | ||
: 12 May 2011 |
: 12 May 2011 |
||
; References |
; References |
||
| − | : CVE-2011-1898 |
+ | : [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1898 CVE-2011-1898] |
; Advisory |
; Advisory |
||
: http://lists.xen.org/archives/html/xen-devel/2011-05/msg00687.html |
: http://lists.xen.org/archives/html/xen-devel/2011-05/msg00687.html |
||
| Line 44: | Line 44: | ||
: 2 September 2011 |
: 2 September 2011 |
||
; References |
; References |
||
| + | : [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2901 CVE-2011-2901] |
||
| − | : CVE-2011-2901 |
||
; Advisory |
; Advisory |
||
: http://lists.xen.org/archives/html/xen-devel/2011-09/msg00119.html |
: http://lists.xen.org/archives/html/xen-devel/2011-09/msg00119.html |
||
| Line 55: | Line 55: | ||
: 12 August 2011 |
: 12 August 2011 |
||
; References |
; References |
||
| + | : [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3131 CVE-2011-3131] |
||
| − | : CVE-2011-3131 |
||
; Advisory |
; Advisory |
||
: http://lists.xen.org/archives/html/xen-devel/2011-08/msg00450.html |
: http://lists.xen.org/archives/html/xen-devel/2011-08/msg00450.html |
||
| Line 65: | Line 65: | ||
: <WHEN> |
: <WHEN> |
||
; References |
; References |
||
| − | : < |
+ | : <CVE bugzilla's etc> |
| + | : [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-YYYY-ZZZZ CVE-YYYY-ZZZZ] |
||
; Advisory |
; Advisory |
||
: <Link to ML archive of advisory> |
: <Link to ML archive of advisory> |
||
Revision as of 17:05, 12 December 2011
The following security advisories have been made in accordance with the xen.org security problem response process.
Please contact security@xen.org if you wish to disclose a security vulnerability.
Contents
XSA-1 Host crash due to failure to correctly validate PV kernel execution state.
- Date
- 14 March 2011
- References
- CVE-2011-1166
- Advisory
- Cannot specify user mode execution without specifying user-mode pagetables. Failure to validate this allows a malicious or buggy 64 bit PV guest to crash the host.
- nb: predates vulnerability handling process and therefore no formal announcement
- Fixes
- xen-unstable.hg: 23034:c79aae866ad8
XSA-2 PV kernel validation vulnerabilities
- Date
- 9 May 2011
- References
- CVE-2011-1583
- Advisory
- http://lists.xen.org/archives/html/xen-devel/2011-05/msg00483.html
- Fixes
- xen-unstable.hg: 23322:d9982136d8fa
XSA-3 VT-d (PCI passthrough) MSI
- Date
- 12 May 2011
- References
- CVE-2011-1898
- Advisory
- http://lists.xen.org/archives/html/xen-devel/2011-05/msg00687.html
- Fixes
- xen-unstable.hg: 23337:cc91832a02c7
XSA-4 Xen 3.3 vaddr validation
- Date
- 2 September 2011
- References
- CVE-2011-2901
- Advisory
- http://lists.xen.org/archives/html/xen-devel/2011-09/msg00119.html
- Fixes
- xen-unstable: 23800:72edc40e2942
XSA-5 IOMMU Fault Live lock
- Date
- 12 August 2011
- References
- CVE-2011-3131
- Advisory
- http://lists.xen.org/archives/html/xen-devel/2011-08/msg00450.html
- Fixes
- xen-unstable: 23762:537ed3b74b3f
