Xen was updated to fix six security issues:
* CVE-2015-4103: Potential unintended writes to host MSI message data
field via qemu. (XSA-128, bsc#931625)
* CVE-2015-4104: PCI MSI mask bits inadvertently exposed to guests.
(XSA-129, bsc#931626)
* CVE-2015-4105: Guest triggerable qemu MSI-X pass-through error
messages. (XSA-130, bsc#931627)
* CVE-2015-4106: Unmediated PCI register access in qemu. (XSA-131,
bsc#931628)
* CVE-2015-3209: heap overflow in qemu pcnet controller allowing guest
to host escape. (XSA-135, bsc#932770)
* CVE-2015-4164: DoS through iret hypercall handler. (XSA-136,
bsc#932996)
Security Issues:
* CVE-2015-4103
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4103">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4103</a>>
* CVE-2015-4104
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4104">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4104</a>>
* CVE-2015-4105
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4105">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4105</a>>
* CVE-2015-4106
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4106">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4106</a>>
* CVE-2015-4164
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4164">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4164</a>>
* CVE-2015-3209
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3209">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3209</a>>