Alerts This Week
Warning Icon 1 483
Alerts This Week
Warning Icon 1 483

Fedora 22: c44bd3e0fa Moderate: Xen Memory Handling Issues

fedora
Calendar Grey January 2, 2016
Dist Fedora Esm H88
The latest enhancement for Xen in Fedora 22 tackles a range of vulnerabilities, notably those related to memory management and possible data exposure risks.
paravirtualized drivers incautious about shared memory contents [XSA-155, CVE-2015-8550] qemu-dm buffer overrun in MSI-X handling [XSA-164, CVE-2015-8554] information leak in legac...

Summary

This package contains the XenD daemon and xm command line

tools, needed to manage virtual machines running under the

Xen hypervisor

Update Information:

paravirtualized drivers incautious about shared memory contents [XSA-155, CVE-2015-8550] qemu-dm buffer overrun in MSI-X handling [XSA-164, CVE-2015-8554] information leak in legacy x86 FPU/XMM initialization [XSA-165, CVE-2015-8555] ioreq handling possibly susceptible to multiple read issue [XSA-166]

Change Log

References


[ 1 ] Bug #1290365 - xsa166 xen: ioreq handling possibly susceptible to multiple read issue (XSA-166) https://bugzilla.redhat.com/show_bug.cgi?id=1290365 [ 2 ] Bug #1289129 - CVE-2015-8554 xsa164 xen: qemu-dm buffer overrun in MSI-X handling (XSA-164) https://bugzilla.redhat.com/show_bug.cgi?id=1289129 [ 3 ] Bug #1289130 - CVE-2015-8555 xsa165 xen: information leak in legacy x86 FPU/XMM initialization (XSA-165) https://bugzilla.redhat.com/show_bug.cgi?id=1289130 [ 4 ] Bug #1289125 - CVE-2015-8550 xsa155 xen: paravirtualized drivers incautious about shared memory contents (XSA-155) https://bugzilla.redhat.com/show_bug.cgi?id=1289125

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update xen' at the command line. For more information, refer to "Managing Software with yum", available at .

Name: xen
Product: Fedora 22
Version: 4.5.2
Release: 6.fc22
Summary: Xen is a virtual machine monitor

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here