Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 448
Alerts This Week
Warning Icon 1 448

Fedora 24: 2017-bb3f9a17a Moderate Xserver Buffer Overflow Vulnerability

fedora
Calendar Grey June 5, 2016
Dist Fedora Esm H88
The update for Fedora 23's Xen resolves vital out-of-bounds vulnerabilities in Qemu. Now, virtual machines can operate securely with improved logging capabilities!
cleaner way to set kernel module load list Unrestricted qemu logging [XSA-180, CVE-2014-3672] (#1339125) Qemu: scsi: esp: OOB write while writing to 's->cmdbuf' in esp_reg_write...

Summary

This package contains the XenD daemon and xm command line

tools, needed to manage virtual machines running under the

Xen hypervisor

Update Information:

cleaner way to set kernel module load list Unrestricted qemu logging [XSA-180, CVE-2014-3672] (#1339125) Qemu: scsi: esp: OOB write while writing to 's->cmdbuf' in esp_reg_write [CVE-2016-4439] (#1337502) Qemu: scsi: esp: OOB write while writing to 's->cmdbuf' in get_cmd [CVE-2016-4441] (#1337505) Qemu: scsi: megasas: out-of-bounds write while setting controller properties [CVE-2016-5106] (#1339578) Qemu: scsi: megasas: stack information leakage while reading configuration [CVE-2016-5105] (#1339583)

Change Log

References


[ 1 ] Bug #1337502 - CVE-2016-4439 Qemu: scsi: esp: OOB write while writing to 's->cmdbuf' in esp_reg_write https://bugzilla.redhat.com/show_bug.cgi?id=1337502 [ 2 ] Bug #1337505 - CVE-2016-4441 Qemu: scsi: esp: OOB write while writing to 's->cmdbuf' in get_cmd https://bugzilla.redhat.com/show_bug.cgi?id=1337505 [ 3 ] Bug #1339578 - CVE-2016-5106 Qemu: scsi: megasas: out-of-bounds write while setting controller properties https://bugzilla.redhat.com/show_bug.cgi?id=1339578 [ 4 ] Bug #1339583 - CVE-2016-5105 Qemu: scsi: megasas: stack information leakage while reading configuration https://bugzilla.redhat.com/show_bug.cgi?id=1339583 [ 5 ] Bug #1339123 - CVE-2014-3672 xen: Unrestricted qemu logging https://bugzilla.redhat.com/show_bug.cgi?id=1339123

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update xen' at the command line. For more information, refer to "Managing Software with yum", available at .

Name: xen
Product: Fedora 23
Version: 4.5.3
Release: 6.fc23
Summary: Xen is a virtual machine monitor

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.