Lucene search

K
suseSuseSUSE-SU-2015:0923-1
HistoryMay 21, 2015 - 9:04 a.m.

Security update for xen (important)

2015-05-2109:04:52
lists.opensuse.org
11

0.013 Low

EPSS

Percentile

84.1%

XEN was updated to fix two security issues and bugs.

Security issues fixed:

  • CVE-2015-3340: Xen did not initialize certain fields, which allowed
    certain remote service domains to obtain sensitive information from
    memory via a (1) XEN_DOMCTL_gettscinfo or (2)
    XEN_SYSCTL_getdomaininfolist request.

  • CVE-2015-2751: Xen, when using toolstack disaggregation, allowed remote
    domains with partial management control to cause a denial of service
    (host lock) via unspecified domctl operations.

  • CVE-2015-2752: The XEN_DOMCTL_memory_mapping hypercall in Xen, when
    using a PCI passthrough device, was not preemptable, which allowed local
    x86 HVM domain users to cause a denial of service (host CPU consumption)
    via a crafted request to the device model (qemu-dm).

  • CVE-2015-3456: Fixed a buffer overflow in the floppy drive emulation,
    which could be used to denial of service attacks or potential code
    execution against the host.

Bugs fixed:

  • xentop: Fix memory leak on read failure

0.013 Low

EPSS

Percentile

84.1%

Related for SUSE-SU-2015:0923-1