Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 493
Alerts This Week
Warning Icon 1 493

Fedora 21: 2015-015aec3bf2 moderate: Xen Buffer Overflow Threats

fedora
Calendar Grey October 4, 2015
Dist Fedora Esm H88
The recent Xen security patch for Fedora 21 resolves major vulnerabilities such as memory leaks and denial-of-service conditions.
ui/vnc: limit client_cut_text msg payload size [CVE-2015-5239] (#1259504), e1000: Avoid infinite loop in processing transmit descriptor [CVE-2015-6815] (#1260224), net: add checks ...

Summary

This package contains the XenD daemon and xm command line

tools, needed to manage virtual machines running under the

Xen hypervisor

Update Information:

ui/vnc: limit client_cut_text msg payload size [CVE-2015-5239] (#1259504), e1000: Avoid infinite loop in processing transmit descriptor [CVE-2015-6815] (#1260224), net: add checks to validate ring buffer pointers [CVE-2015-5279] (#1263278), net: avoid infinite loop when receiving packets [CVE-2015-5278] (#1263281), qemu buffer overflow in virtio-serial [CVE-2015-5745] (#1251354)

Change Log

References


[ 1 ] Bug #1257735 - CVE-2015-5239 qemu-kvm: Integer overflow in vnc_client_read() and protocol_client_msg() https://bugzilla.redhat.com/show_bug.cgi?id=1257735 [ 2 ] Bug #1260076 - CVE-2015-6815 qemu: net: e1000: infinite loop issue https://bugzilla.redhat.com/show_bug.cgi?id=1260076 [ 3 ] Bug #1256672 - CVE-2015-5279 qemu: Heap overflow vulnerability in ne2000_receive() function https://bugzilla.redhat.com/show_bug.cgi?id=1256672 [ 4 ] Bug #1256661 - CVE-2015-5278 qemu: Infinite loop in ne2000_receive() function https://bugzilla.redhat.com/show_bug.cgi?id=1256661 [ 5 ] Bug #1251157 - CVE-2015-5745 kernel: qemu buffer overflow in virtio-serial https://bugzilla.redhat.com/show_bug.cgi?id=1251157

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update xen' at the command line. For more information, refer to "Managing Software with yum", available at .

Name: xen
Product: Fedora 21
Version: 4.4.3
Release: 4.fc21
Summary: Xen is a virtual machine monitor

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.