7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
39.4%
The xen packages contain administration tools and the xend service for
managing the kernel-xen kernel for virtualization on Red Hat Enterprise
Linux.
A heap buffer overflow flaw was found in the way QEMU’s NE2000 NIC
emulation implementation handled certain packets received over the network.
A privileged user inside a guest could use this flaw to crash the QEMU
instance (denial of service) or potentially execute arbitrary code on the
host. (CVE-2015-5279)
Red Hat would like to thank Qinghao Tang of QIHU 360 Inc. for reporting
this issue.
All xen users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. After installing the
updated packages, all running fully-virtualized guests must be restarted
for this update to take effect.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 5 | ia64 | xen | < 3.0.3-147.el5_11 | xen-3.0.3-147.el5_11.ia64.rpm |
RedHat | 5 | i386 | xen-devel | < 3.0.3-147.el5_11 | xen-devel-3.0.3-147.el5_11.i386.rpm |
RedHat | 5 | x86_64 | xen-libs | < 3.0.3-147.el5_11 | xen-libs-3.0.3-147.el5_11.x86_64.rpm |
RedHat | 5 | x86_64 | xen-devel | < 3.0.3-147.el5_11 | xen-devel-3.0.3-147.el5_11.x86_64.rpm |
RedHat | 5 | x86_64 | xen | < 3.0.3-147.el5_11 | xen-3.0.3-147.el5_11.x86_64.rpm |
RedHat | 5 | x86_64 | xen-debuginfo | < 3.0.3-147.el5_11 | xen-debuginfo-3.0.3-147.el5_11.x86_64.rpm |
RedHat | 5 | i386 | xen-debuginfo | < 3.0.3-147.el5_11 | xen-debuginfo-3.0.3-147.el5_11.i386.rpm |
RedHat | 5 | ia64 | xen-devel | < 3.0.3-147.el5_11 | xen-devel-3.0.3-147.el5_11.ia64.rpm |
RedHat | 5 | ia64 | xen-libs | < 3.0.3-147.el5_11 | xen-libs-3.0.3-147.el5_11.ia64.rpm |
RedHat | 5 | i386 | xen-libs | < 3.0.3-147.el5_11 | xen-libs-3.0.3-147.el5_11.i386.rpm |