Re: Security vulnerability in Xen hypervisors

To: port-xen%NetBSD.org@localhost
Subject: Re: Security vulnerability in Xen hypervisors
From: Pierre Pronchery <khorben%defora.org@localhost>
Date: Sat, 06 Jun 2015 00:41:48 +0200

On 16/05/2015 05:20, Pierre Pronchery wrote:
> On 05/13/15 17:05, Pierre Pronchery wrote:
>> "VENOM, CVE-2015-3456, is a security vulnerability in the virtual floppy
>> drive code used by many computer virtualization platforms.", see
>> http://venom.crowdstrike.com/
>> [...]
>>
>> For qemu:
>> http://git.qemu.org/?p=qemu.git;a=commitdiff;h=e907746266721f305d67bc0718795fedee2e824c
> 
> This patch is now in emulators/qemu version 2.3.0nb1.

I have just patched sysutils/xen{kernel,tools}{42,45} for this
vulnerability as well. I will request pull-ups soon.

FWIW the package vulnerability database mentions xenkernel45 as being
vulnerable, whereas I suspect the issue really is with xentools45.

HTH,
-- 
khorben

References:
- Security vulnerability in Xen hypervisors
  - From: Pierre Pronchery
- Re: Security vulnerability in Xen hypervisors
  - From: Pierre Pronchery

Prev by Date: Re: HVM disc corruption (was Re: Xen won't start its device backend?)
Next by Date: xen-4.5 and -current/amd64
Previous by Thread: Re: Security vulnerability in Xen hypervisors
Next by Thread: Xen guest types
Indexes:

Home | Main Index | Thread Index | Old Index