Xen was updated to fix seven security issues and one non-security bug.
The following vulnerabilities were fixed:
- CVE-2015-4103: Potential unintended writes to host MSI message data
field via qemu (XSA-128) (bnc#931625)
- CVE-2015-4104: PCI MSI mask bits inadvertently exposed to guests
(XSA-129) (bnc#931626)
- CVE-2015-4105: Guest triggerable qemu MSI-X pass-through error messages
(XSA-130) (bnc#931627)
- CVE-2015-4106: Unmediated PCI register access in qemu (XSA-131)
(bnc#931628)
- CVE-2015-4163: GNTTABOP_swap_grant_ref operation misbehavior (XSA-134)
(bnc#932790)
- CVE-2015-3209: heap overflow in qemu pcnet controller allowing guest to
host escape (XSA-135) (bnc#932770)
- CVE-2015-4164: DoS through iret hypercall handler (XSA-136) (bnc#932996)
The following non-security bug was fixed:
- bnc#906689: let systemd schedule xencommons after network-online.target
and remote-fs.target so that xendomains has access to remote shares