Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 446
Alerts This Week
Warning Icon 1 446

Fedora 23: 2016-35d7b09908 Critical: Xen and QEMU Buffer Flaws

fedora
Calendar Grey April 30, 2016
Dist Fedora Esm H88
Keep updated regarding recent security patches for Fedora 23, focusing on serious vulnerabilities in the Xen virtualization framework.
x86 shadow pagetables: address width overflow [XSA-173, CVE-2016-3960] Qemu: net: buffer overflow in stellaris_enet emulator [CVE-2016-4001] Qemu: net: buffer overflow in MIPSnet e...

Summary

This package contains the XenD daemon and xm command line

tools, needed to manage virtual machines running under the

Xen hypervisor

Update Information:

x86 shadow pagetables: address width overflow [XSA-173, CVE-2016-3960] Qemu: net: buffer overflow in stellaris_enet emulator [CVE-2016-4001] Qemu: net: buffer overflow in MIPSnet emulator [CVE-2016-4002] qemu: Infinite loop vulnerability in usb_ehci using siTD process [CVE-2016-4037]

Change Log

References


[ 1 ] Bug #1323955 - CVE-2016-3960 xsa173 xen: x86 shadow pagetables: address width overflow (XSA-173) https://bugzilla.redhat.com/show_bug.cgi?id=1323955 [ 2 ] Bug #1325884 - CVE-2016-4001 Qemu: net: buffer overflow in stellaris_enet emulator https://bugzilla.redhat.com/show_bug.cgi?id=1325884 [ 3 ] Bug #1326082 - CVE-2016-4002 Qemu: net: buffer overflow in MIPSnet emulator https://bugzilla.redhat.com/show_bug.cgi?id=1326082 [ 4 ] Bug #1325129 - CVE-2016-4037 Qemu: usb: Infinite loop vulnerability in usb_ehci using siTD process https://bugzilla.redhat.com/show_bug.cgi?id=1325129

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update xen' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
critical
Lowest
Low
Medium
High
Critical

Name: xen
Product: Fedora 23
Version: 4.5.3
Release: 2.fc23
Summary: Xen is a virtual machine monitor

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.