11 settembre 2012
Il team di sicurezza di Xen ha pubblicato otto avvisi di sicurezza relativi all'hypervisor Xen. I problemi non hanno alcun impatto sui clienti di AWS. Le informazioni sugli avvisi sono riportate di seguito:
Xen Security Advisory 12 (CVE-2012-3494) - hypercall set_debugreg vulnerability
http://lists.xen.org/archives/html/xen-announce/2012-09/msg00000.html
Xen Security Advisory 13 (CVE-2012-3495) - hypercall physdev_get_free_pirq vulnerability
http://lists.xen.org/archives/html/xen-announce/2012-09/msg00001.html
Xen Security Advisory 14 (CVE-2012-3496) - XENMEM_populate_physmap DoS vulnerability
http://lists.xen.org/archives/html/xen-announce/2012-09/msg00002.html
Xen Security Advisory 15 (CVE-2012-3497) - multiple TMEM hypercall vulnerabilities
http://lists.xen.org/archives/html/xen-announce/2012-09/msg00006.html
Xen Security Advisory 16 (CVE-2012-3498) - PHYSDEVOP_map_pirq index vulnerability
http://lists.xen.org/archives/html/xen-announce/2012-09/msg00005.html
Xen Security Advisory 17 (CVE-2012-3515) - Qemu VT100 emulation vulnerability
http://lists.xen.org/archives/html/xen-announce/2012-09/msg00003.html
Xen Security Advisory 18 (CVE-2012-3516) - grant table entry swaps have inadequate bounds checking
http://lists.xen.org/archives/html/xen-announce/2012-09/msg00004.html
Xen Security Advisory 19 (CVE-2012-4411) - guest administrator can access qemu monitor console
http://lists.xen.org/archives/html/xen-announce/2012-09/msg00008.html