Alerts This Week
Warning Icon 1 626
Alerts This Week
Warning Icon 1 626

Fedora 23: FEDORA-2015-28cfce6702 Critical: Xen Security Issues

fedora
Calendar Grey October 3, 2015
Dist Fedora Esm H88
The latest Xen security update for Fedora 23 resolves significant vulnerabilities such as memory corruption and denial of service in handling requests.
ui/vnc: limit client_cut_text msg payload size [CVE-2015-5239] (#1259504), e1000: Avoid infinite loop in processing transmit descriptor [CVE-2015-6815] (#1260224), net: add checks ...

Summary

This package contains the XenD daemon and xm command line

tools, needed to manage virtual machines running under the

Xen hypervisor

Update Information:

ui/vnc: limit client_cut_text msg payload size [CVE-2015-5239] (#1259504), e1000: Avoid infinite loop in processing transmit descriptor [CVE-2015-6815] (#1260224), net: add checks to validate ring buffer pointers [CVE-2015-5279] (#1263278), net: avoid infinite loop when receiving packets [CVE-2015-5278] (#1263281), qemu buffer overflow in virtio-serial [CVE-2015-5745] (#1251354)

Topics%20covered

Topics Covered

security advisory buffer overflow critical Fedora infinite loop xen virtual machine

Change Log

References


[ 1 ] Bug #1257735 - CVE-2015-5239 qemu-kvm: Integer overflow in vnc_client_read() and protocol_client_msg() https://bugzilla.redhat.com/show_bug.cgi?id=1257735 [ 2 ] Bug #1260076 - CVE-2015-6815 qemu: net: e1000: infinite loop issue https://bugzilla.redhat.com/show_bug.cgi?id=1260076 [ 3 ] Bug #1256672 - CVE-2015-5279 qemu: Heap overflow vulnerability in ne2000_receive() function https://bugzilla.redhat.com/show_bug.cgi?id=1256672 [ 4 ] Bug #1256661 - CVE-2015-5278 qemu: Infinite loop in ne2000_receive() function https://bugzilla.redhat.com/show_bug.cgi?id=1256661 [ 5 ] Bug #1251157 - CVE-2015-5745 kernel: qemu buffer overflow in virtio-serial https://bugzilla.redhat.com/show_bug.cgi?id=1251157

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update xen' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
critical
Lowest
Low
Medium
High
Critical

Name: xen
Product: Fedora 23
Version: 4.5.1
Release: 9.fc23
URL: https://xenproject.org/
Summary: Xen is a virtual machine monitor

Topics%20covered

Topics Covered

security advisory buffer overflow critical Fedora infinite loop xen virtual machine

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here