[Bug 214936] emulators/xen {-tools/-kernel}: security advisories (XSA-185 - XSA-201)

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Tue Nov 29 23:20:52 UTC 2016 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=214936

            Bug ID: 214936
           Summary: emulators/xen {-tools/-kernel}: security advisories
                    (XSA-185 - XSA-201)
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: Individual Port(s)
          Assignee: royger at freebsd.org
          Reporter: junovitch at freebsd.org
          Assignee: royger at freebsd.org
             Flags: maintainer-feedback?(royger at freebsd.org)

Roger,
There was a handful of Xen advisories earlier last week and a few missed in
September. Please advise on applicability for VuXML and take a look at what we
need to do to get our end users safeguared.

Advisory        Public release  Updated Version CVE(s)  Title
XSA-201 2016-11-29 14:48        2016-11-29 14:48        1       none (yet)
assigned     ARM guests may induce host asynchronous abort
XSA-200 2016-12-13 12:00                        none (yet) assigned    
(Prereleased, but embargoed)
XSA-199 2016-12-06 12:00                        assigned, but embargoed
(Prereleased, but embargoed)
XSA-198 2016-11-22 12:00        2016-11-22 12:00        3       CVE-2016-9379
CVE-2016-9380     delimiter injection vulnerabilities in pygrub
XSA-197 2016-11-22 12:00        2016-11-22 12:00        3       CVE-2016-9381  
qemu incautious about shared ring processing
XSA-196 2016-11-22 12:00        2016-11-22 12:00        3       CVE-2016-9377
CVE-2016-9378     x86 software interrupt injection mis-handled
XSA-195 2016-11-22 12:00        2016-11-22 12:00        3       CVE-2016-9383  
x86 64-bit bit test instruction emulation broken
XSA-194 2016-11-22 12:00        2016-11-22 12:00        3       CVE-2016-9384  
guest 32-bit ELF symbol table load leaking host data
XSA-193 2016-11-22 12:00        2016-11-22 12:00        3       CVE-2016-9385  
x86 segment base write emulation lacking canonical address checks
XSA-192 2016-11-22 12:00        2016-11-22 12:00        3       CVE-2016-9382  
x86 task switch to VM86 mode mis-handled
XSA-191 2016-11-22 12:00        2016-11-22 12:00        3       CVE-2016-9386  
x86 null segments not always treated as unusable
XSA-190 2016-10-04 12:00        2016-10-04 12:50        5       CVE-2016-7777  
CR0.TS and CR0.EM not always honored for x86 HVM guests
XSA-189 2016-09-21 09:46                -       -       Unused Xen Security
Advisory number
XSA-188 2016-09-08 12:00        2016-09-08 12:00        3       CVE-2016-7154  
use after free in FIFO event channel code
XSA-187 2016-09-08 12:00        2016-09-08 12:04        3       CVE-2016-7094  
x86 HVM: Overflow of sh_ctxt->seg_reg[]
XSA-186 2016-09-08 12:00        2016-09-08 12:00        4       CVE-2016-7093  
x86: Mishandling of instruction pointer truncation during emulation
XSA-185 2016-09-08 12:00        2016-09-08 12:00        3       CVE-2016-7092  
x86: Disallow L3 recursive pagetable for 32-bit PV guests

-- 
You are receiving this mail because:
You are the assignee for the bug.

More information about the freebsd-ports-bugs mailing list