Fedora 21: XSA-139, XSA-140 Critical Fixes for QEMU and Xen
fedora
September 26, 2015
libxl fails to honour readonly flag on disks with qemu-xen [XSA-142 (possible fix)] ---- update to xen-4.4.3, including Use after free in QEMU/Xen block unplug protocol [XSA-139, C...
Summary
This package contains the XenD daemon and xm command line
tools, needed to manage virtual machines running under the
Xen hypervisor
Update Information:
libxl fails to honour readonly flag on disks with qemu-xen [XSA-142 (possible fix)] ---- update to xen-4.4.3, including Use after free in QEMU/Xen block unplug protocol [XSA-139, CVE-2015-5166], QEMU leak of uninitialized heap memory in rtl8139 device model [XSA-140, CVE-2015-5165]
Topics Covered
Change Log
References
[ 1 ] Bug #1248997 - CVE-2015-5166 Qemu: BlockBackend object use after free issue (XSA-139) https://bugzilla.redhat.com/show_bug.cgi?id=1248997 [ 2 ] Bug #1248760 - CVE-2015-5165 Qemu: rtl8139 uninitialized heap memory information leakage to guest (XSA-140) https://bugzilla.redhat.com/show_bug.cgi?id=1248760
Update Instructions
This update can be installed with the "yum" update program. Use su -c 'yum update xen' at the command line. For more information, refer to "Managing Software with yum", available at .
PREVIOUS 
NEXT Severity
critical
Lowest
Low
Medium
High
Critical
Name: xen
Product: Fedora 21
Version: 4.4.3
Release: 3.fc21
Summary: Xen is a virtual machine monitor
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!