Xen was updated to fix the following security issues:
* CVE-2015-5154: Host code execution via IDE subsystem CD-ROM.
(bsc#938344)
* CVE-2015-3209: Heap overflow in QEMU's pcnet controller allowing
guest to host escape. (bsc#932770)
* CVE-2015-4164: DoS through iret hypercall handler. (bsc#932996)
* CVE-2015-5165: QEMU leak of uninitialized heap memory in rtl8139
device model. (XSA-140, bsc#939712)
Security Issues:
* CVE-2015-5154
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5154">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5154</a>>
* CVE-2015-3209
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3209">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3209</a>>
* CVE-2015-4164
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4164">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4164</a>>
* CVE-2015-5165
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5165">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5165</a>>