K75269595: QEMU vulnerability CVE-2015-5166

Security Advisory Description Use-after-free vulnerability in QEMU in Xen 4.5.x and earlier does not completely unplug emulated block devices, which allows local HVM guest users to gain privileges by unplugging a block device twice. CVE-2015-5166 Impact There is no impact; F5 products are not...

SUSE: Security Advisory (SUSE-SU-2015:1479-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE Security Update : xen (openSUSE-2015-750)

xen was updated to fix 12 security issues. These security issues were fixed : - CVE-2015-7972: Populate-on-demand balloon size inaccuracy can crash guests bsc951845. - CVE-2015-7969: Leak of main per-domain vcpu pointer array DoS bsc950703. - CVE-2015-7969: Leak of per-domain profiling-related vc...

openSUSE: Security Advisory for xen (openSUSE-SU-2015:2003-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security update for xen (important)

xen was updated to fix 12 security issues. These security issues were fixed: - CVE-2015-7972: Populate-on-demand balloon size inaccuracy can crash guests bsc951845. - CVE-2015-7969: Leak of main per-domain vcpu pointer array DoS bsc950703. - CVE-2015-7969: Leak of per-domain profiling-related vcp...

openSUSE Security Update : xen (openSUSE-2015-729)

xen was updated to fix 13 security issues. These security issues were fixed : - CVE-2015-7972: Populate-on-demand balloon size inaccuracy can crash guests bsc951845. - CVE-2015-7969: Leak of main per-domain vcpu pointer array DoS bsc950703. - CVE-2015-7969: Leak of per-domain profiling-related vc...

Security update for xen (important)

xen was updated to fix 13 security issues. These security issues were fixed: - CVE-2015-7972: Populate-on-demand balloon size inaccuracy can crash guests bsc951845. - CVE-2015-7969: Leak of main per-domain vcpu pointer array DoS bsc950703. - CVE-2015-7969: Leak of per-domain profiling-related vcp...

Fedora 21 : xen-4.4.3-3.fc21 (2015-15946)

libxl fails to honour readonly flag on disks with qemu-xen XSA-142 possible fix ---- update to xen-4.4.3, including Use after free in QEMU/Xen block unplug protocol XSA-139, CVE-2015-5166, QEMU leak of uninitialized heap memory in rtl8139 device model XSA-140, CVE-2015-5165 Note that Tenable...

Fedora Update for xen FEDORA-2015-15946

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLED11 Security Update : xen (SUSE-SU-2015:1479-2)

xen was updated to fix the following security issues : - CVE-2015-5165: QEMU leak of uninitialized heap memory in rtl8139 device model bsc939712, XSA-140 - CVE-2015-5166: Use after free in QEMU/Xen block unplug protocol bsc939709, XSA-139 - CVE-2015-2751: Certain domctl operations could have be...

SUSE SLED11 / SLES11 Security Update : xen (SUSE-SU-2015:1479-1)

xen was updated to fix the following security issues : - CVE-2015-5165: QEMU leak of uninitialized heap memory in rtl8139 device model bsc939712, XSA-140 - CVE-2015-5166: Use after free in QEMU/Xen block unplug protocol bsc939709, XSA-139 - CVE-2015-2751: Certain domctl operations could have be...

[USN-2724-1] QEMU vulnerabilities

========================================================================== Ubuntu Security Notice USN-2724-1 August 27, 2015 qemu, qemu-kvm vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its...

USN-2724-1: QEMU vulnerabilities

It was discovered that QEMU incorrectly handled a PRDT with zero complete sectors in the IDE functionality. A malicious guest could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. CVE-2014-9718 Donghai Zhu discovered that QEMU...

Fedora 23 : qemu-2.4.0-1.fc23 (2015-13358)

Rebased to version 2.4.0 Support for virtio-gpu, 2D only Support for virtio-based keyboard/mouse/tablet emulation x86 support for memory hot-unplug - ACPI v5.1 table support for 'virt' board CVE-2015-3209: pcnet: multi-tmd buffer overflow in the tx path bz 1230536 CVE-2015-3214: i8254: out-of-...

Fedora Update for qemu FEDORA-2015-13402

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLED11 / SLES11 Security Update : xen (SUSE-SU-2015:1404-1)

This security update of Xen fixes the following issues : - bsc939712 XSA-140: QEMU leak of uninitialized heap memory in rtl8139 device model CVE-2015-5165 - bsc939709 XSA-139: Use after free in QEMU/Xen block unplug protocol CVE-2015-5166 Note that Tenable Network Security has extracted the...

Fedora 22 : qemu-2.3.1-1.fc22 (2015-13402)

Rebased to version 2.3.1 - Fix crash in qemuspicecreatedisplay bz 1163047 - Fix qemu-img map crash for unaligned image bz 1229394 - CVE-2015-3209: pcnet: multi-tmd buffer overflow in the tx path bz 1230536 - CVE-2015-3214: i8254: out-of-bounds memory access bz 1243728 - CVE-2015-5158: scsi...

CVE-2015-5166

Use-after-free vulnerability in QEMU in Xen 4.5.x and earlier does not completely unplug emulated block devices, which allows local HVM guest users to gain privileges by unplugging a block device twice...

OracleVM 3.3 : xen (OVMSA-2015-0111)

The remote OracleVM system is missing necessary patches to address critical security updates in xen %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The package checks in this plugin were extracted from OracleVM Security Advisory OVMSA-2015-0111. include'deprecatednasllevel.inc';...