What Are You Looking For?

Sign Up
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2015-14361
2015-09-01 18:30:52.011678
--------------------------------------------------------------------------------

Name        : xen
Product     : Fedora 23
Version     : 4.5.1
Release     : 6.fc23
URL         : https://xen.org/
Summary     : Xen is a virtual machine monitor
Description :
This package contains the XenD daemon and xm command line
tools, needed to manage virtual machines running under the
Xen hypervisor

--------------------------------------------------------------------------------
Update Information:

Use after free in QEMU/Xen block unplug protocol [XSA-139, CVE-2015-5166] QEMU
leak of uninitialized heap memory in rtl8139 device model [XSA-140,
CVE-2015-5165]
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1248997 - CVE-2015-5166 Qemu: BlockBackend object use after free issue (XSA-139)
        https://bugzilla.redhat.com/show_bug.cgi?id=1248997
  [ 2 ] Bug #1248760 - CVE-2015-5165 Qemu: rtl8139 uninitialized heap memory information leakage to guest (XSA-140)
        https://bugzilla.redhat.com/show_bug.cgi?id=1248760
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program. Use
su -c 'yum update xen' at the command line.
For more information, refer to "Managing Software with yum",
available at .

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce

Fedora 23: xen Security Update

September 1, 2015
Use after free in QEMU/Xen block unplug protocol [XSA-139, CVE-2015-5166] QEMU leak of uninitialized heap memory in rtl8139 device model [XSA-140, CVE-2015-5165]

Summary

This package contains the XenD daemon and xm command line

tools, needed to manage virtual machines running under the

Xen hypervisor

Update Information:

Use after free in QEMU/Xen block unplug protocol [XSA-139, CVE-2015-5166] QEMU leak of uninitialized heap memory in rtl8139 device model [XSA-140, CVE-2015-5165]

Change Log

References

[ 1 ] Bug #1248997 - CVE-2015-5166 Qemu: BlockBackend object use after free issue (XSA-139) https://bugzilla.redhat.com/show_bug.cgi?id=1248997 [ 2 ] Bug #1248760 - CVE-2015-5165 Qemu: rtl8139 uninitialized heap memory information leakage to guest (XSA-140) https://bugzilla.redhat.com/show_bug.cgi?id=1248760

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update xen' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
Name : xen
Product : Fedora 23
Version : 4.5.1
Release : 6.fc23
URL : https://xen.org/
Summary : Xen is a virtual machine monitor

Related News

What Is the Difference between vsftpd and ProFTPd?

Mar 29, 2023

Linux Tries to Dump Windows' Notoriously Insecure RNDIS Protocol

Oct 5, 2023

What Is OpenSSL?

Feb 21, 2023

News

Advisories

HOWTOs

Features

Using Open Source to Ensure Compliance & Data Integrity through Data Governance
Critical Linux Kernel Bugs Lead to DoS, Privilege Escalation - Patch Now!
Unlocking the Future of Authentication: Passkeys vs. Passwords
Empowering MSPs with Straightforward Linux Device Management
A Complete Guide to Torrenting Safely in 2024

About Us

Powered By

Footer Logo