XEN was updated to fix two security issues and bugs.
Security issues fixed:
CVE-2015-3340: Xen did not initialize certain fields, which allowed
certain remote service domains to obtain sensitive information from
memory via a (1) XEN_DOMCTL_gettscinfo or (2)
XEN_SYSCTL_getdomaininfolist request.
CVE-2015-2751: Xen, when using toolstack disaggregation, allowed remote
domains with partial management control to cause a denial of service
(host lock) via unspecified domctl operations.
CVE-2015-2752: The XEN_DOMCTL_memory_mapping hypercall in Xen, when
using a PCI passthrough device, was not preemptable, which allowed local
x86 HVM domain users to cause a denial of service (host CPU consumption)
via a crafted request to the device model (qemu-dm).
CVE-2015-3456: Fixed a buffer overflow in the floppy drive emulation,
which could be used to denial of service attacks or potential code
execution against the host.
Bugs fixed: