Port-xen archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Security vulnerability in Xen hypervisors

On 16/05/2015 05:20, Pierre Pronchery wrote:
> On 05/13/15 17:05, Pierre Pronchery wrote:
>> "VENOM, CVE-2015-3456, is a security vulnerability in the virtual floppy
>> drive code used by many computer virtualization platforms.", see
>> http://venom.crowdstrike.com/
>> [...]
>> For qemu:
>> http://git.qemu.org/?p=qemu.git;a=commitdiff;h=e907746266721f305d67bc0718795fedee2e824c
> This patch is now in emulators/qemu version 2.3.0nb1.

I have just patched sysutils/xen{kernel,tools}{42,45} for this
vulnerability as well. I will request pull-ups soon.

FWIW the package vulnerability database mentions xenkernel45 as being
vulnerable, whereas I suspect the issue really is with xentools45.


Home | Main Index | Thread Index | Old Index