Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 573
Alerts This Week
Warning Icon 1 573

Ubuntu 20.04: 2021-ab3e56d8c7b Major: KVM Buffer Overflow Risk

fedora
Calendar Grey March 20, 2016
Dist Fedora Esm H88
The latest kernel patch for Ubuntu 20.04 addresses multiple security flaws, including memory leaks and invalid input handling issues.
Qemu: nvram: OOB r/w access in processing firmware configurations CVE-2016-1714 (#1296080) Qemu: i386: null pointer dereference in vapic_write() CVE-2016-1922 (#1292767) qemu: Stac...

Summary

This package contains the XenD daemon and xm command line

tools, needed to manage virtual machines running under the

Xen hypervisor

Update Information:

Qemu: nvram: OOB r/w access in processing firmware configurations CVE-2016-1714 (#1296080) Qemu: i386: null pointer dereference in vapic_write() CVE-2016-1922 (#1292767) qemu: Stack-based buffer overflow in megasas_ctrl_get_info CVE-2015-8613 (#1293305) qemu-kvm: Infinite loop and out-of-bounds transfer start in start_xmit() and e1000_receive_iov() CVE-2016-1981 (#1299996) Qemu: usb ehci out-of-bounds read in ehci_process_itd (#1300235) Qemu: usb: ehci null pointer dereference in ehci_caps_write CVE-2016-2198 (#1303135) Qemu: net: ne2000: infinite loop in ne2000_receive CVE-2016-2841 (#1304048) Qemu: usb: integer overflow in remote NDIS control message handling CVE-2016-2538 (#1305816) Qemu: usb: null pointer dereference in remote NDIS control message handling CVE-2016-2392 (#1307116) Qemu: usb: multiple eof_timers in ohci module leads to null pointer dereference CVE-2016-2391 (#1308882) Qemu: net: out of bounds read in net_checksum_calculate() CVE-2016-2857 (#1309565) Qemu: OOB acc...

Change Log

References


[ 1 ] Bug #1296060 - CVE-2016-1714 Qemu: nvram: OOB r/w access in processing firmware configurations https://bugzilla.redhat.com/show_bug.cgi?id=1296060 [ 2 ] Bug #1283934 - CVE-2016-1922 Qemu: i386: null pointer dereference in vapic_write() https://bugzilla.redhat.com/show_bug.cgi?id=1283934 [ 3 ] Bug #1284008 - CVE-2015-8613 Qemu: scsi: stack based buffer overflow in megasas_ctrl_get_info https://bugzilla.redhat.com/show_bug.cgi?id=1284008 [ 4 ] Bug #1298570 - CVE-2016-1981 Qemu: net: e1000 infinite loop in start_xmit and e1000_receive_iov routines https://bugzilla.redhat.com/show_bug.cgi?id=1298570 [ 5 ] Bug #1299455 - Qemu: usb ehci out-of-bounds read in ehci_process_itd https://bugzilla.redhat.com/show_bug.cgi?id=1299455 [ 6 ] Bug #1301643 - CVE-2016-2198 Qemu: usb: ehci null pointer dereference in ehci_caps_write https://bugzilla.redhat.com/show_bug.cgi?id=1301643 [ 7 ] Bug #1303106 - CVE-2016-2841 Qemu: net: ne2000...

Read the Full Advisory

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update xen' at the command line. For more information, refer to "Managing Software with yum", available at .

Name: xen
Product: Fedora 23
Version: 4.5.2
Release: 9.fc23
Summary: Xen is a virtual machine monitor

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.