Alerts This Week
Warning Icon 1 646
Alerts This Week
Warning Icon 1 646

Fedora 22: 2015-08e4af5a20 Critical: Xen Buffer Overflow and DoS Issues

fedora
Calendar Grey December 20, 2015
Dist Fedora Esm H88
An important maintenance patch for Xen on Fedora 22 rectifying various security flaws and boosting overall system performance.
eepro100: Prevent two endless loops [CVE-2015-8345] (#1285215), pcnet: fix rx buffer overflow [CVE-2015-7512], ui: vnc: avoid floating point exception [CVE-2015-8504], additional p...

Summary

This package contains the XenD daemon and xm command line

tools, needed to manage virtual machines running under the

Xen hypervisor

Update Information:

eepro100: Prevent two endless loops [CVE-2015-8345] (#1285215), pcnet: fix rx buffer overflow [CVE-2015-7512], ui: vnc: avoid floating point exception [CVE-2015-8504], additional patch for [XSA-158, CVE-2015-8338] long running memory operations on ARM [XSA-158, CVE-2015-8338] XENMEM_exchange error handling issues [XSA-159, CVE-2015-8339, CVE-2015-8340] libxl leak of pv kernel and initrd on error [XSA-160, CVE-2015-8341] ---- heap buffer overflow vulnerability in pcnet emulator [XSA-162, CVE-2015-7504], virtual PMU is unsupported [XSA-163]

Topics%20covered

Topics Covered

security advisory buffer overflow critical Fedora DoS Xen memory operations

Change Log

References


[ 1 ] Bug #1285213 - CVE-2015-8345 Qemu: net: eepro100: infinite loop in processing command block list https://bugzilla.redhat.com/show_bug.cgi?id=1285213 [ 2 ] Bug #1285061 - CVE-2015-7512 Qemu: net: pcnet: buffer overflow in non-loopback mode https://bugzilla.redhat.com/show_bug.cgi?id=1285061 [ 3 ] Bug #1261461 - CVE-2015-7504 Qemu: net: pcnet: heap overflow vulnerability in pcnet_receive https://bugzilla.redhat.com/show_bug.cgi?id=1261461 [ 4 ] Bug #1285350 - xen: Virtual Performance Measurement Unit feature is unsupported https://bugzilla.redhat.com/show_bug.cgi?id=1285350 [ 5 ] Bug #1284933 - CVE-2015-8341 xen: libxl leak of PV kernel can cause OOM condition https://bugzilla.redhat.com/show_bug.cgi?id=1284933 [ 6 ] Bug #1284919 - CVE-2015-8339 CVE-2015-8340 xen: XENMEM_exchange error handling may cause DoS to host https://bugzilla.redhat.com/show_bug.cgi?id=1284919 [ 7 ] Bug #1284911 - CVE-2015-8338 xen: Long runnin...

Read the Full Advisory

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update xen' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
critical
Lowest
Low
Medium
High
Critical

Name: xen
Product: Fedora 22
Version: 4.5.2
Release: 5.fc22
URL: https://xenproject.org/
Summary: Xen is a virtual machine monitor

Topics%20covered

Topics Covered

security advisory buffer overflow critical Fedora DoS Xen memory operations

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here