Fedora 21 : xen-4.4.2-9.fc21 (2015-12714)

QEMU heap overflow flaw while processing certain ATAPI commands. XSA-138, CVE-2015-5154 1247142 rebuild efi grub.cfg if it is present 1239309, add gcc5 build fixes, one needed for the following patch, modify gnutls use in line with Fedora's crypto policies 117935 Note that Tenable Network Securit...

Fedora 22 : xen-4.5.1-5.fc22 (2015-12657)

QEMU heap overflow flaw while processing certain ATAPI commands. XSA-138, CVE-2015-5154 1247142 try again to fix xen-qemu-dom0-disk-backend.service 1242246 correct qemu location in xen-qemu-dom0-disk-backend.service 1242246, rebuild efi grub.cfg if it is present 1239309, re-enable remus by buildi...

OracleVM 3.3 : xen (OVMSA-2015-0095)

The remote OracleVM system is missing necessary patches to address critical security updates : - ide: Clear DRQ after handling all expected accesses This is additional hardening against an endtransferfunc that fails to clear the DRQ status bit. The bit must be unset as soon as the PIO transfer ha...

CVE-2015-5154

Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands...