Lucene search

K
suseSuseOPENSUSE-SU-2015:1964-1
HistoryNov 12, 2015 - 12:10 p.m.

Security update for xen (important)

2015-11-1212:10:04
lists.opensuse.org
11

0.04 Low

EPSS

Percentile

91.1%

xen was updated to fix 13 security issues.

These security issues were fixed:

  • CVE-2015-7972: Populate-on-demand balloon size inaccuracy can crash
    guests (bsc#951845).
  • CVE-2015-7969: Leak of main per-domain vcpu pointer array (DoS)
    (bsc#950703).
  • CVE-2015-7969: Leak of per-domain profiling-related vcpu pointer array
    (DoS) (bsc#950705).
  • CVE-2015-7971: Some pmu and profiling hypercalls log without rate
    limiting (bsc#950706).
  • CVE-2015-4037: Insecure temporary file use in /net/slirp.c (bsc#932267).
  • CVE-2014-0222: Validate L2 table size to avoid integer overflows
    (bsc#877642).
  • CVE-2015-7835: Uncontrolled creation of large page mappings by PV guests
    (bsc#950367).
  • CVE-2015-7311: libxl fails to honour readonly flag on disks with
    qemu-xen (bsc#947165).
  • CVE-2015-5165: QEMU leak of uninitialized heap memory in rtl8139 device
    model (bsc#939712).
  • CVE-2015-5166: Use after free in QEMU/Xen block unplug protocol
    (bsc#939709).
  • CVE-2015-5239: Integer overflow in vnc_client_read() and
    protocol_client_msg() (bsc#944463).
  • CVE-2015-6815: e1000: infinite loop issue (bsc#944697).
  • CVE-2015-5154: Host code execution via IDE subsystem CD-ROM (bsc#938344).

This non-security issues was fixed:

  • bsc#941074: VmError: Device 51728 (vbd) could not be connected. Hotplug
    scripts not working.