Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Fedora 23 FEDORA-2015-14361 Critical: Xen Memory Leak Flaws

fedora
Calendar Grey September 1, 2015
Dist Fedora Esm H88
Essential patches for Fedora 23 tackling vulnerabilities within Xen's disk disconnection process and addressing memory management errors.
Use after free in QEMU/Xen block unplug protocol [XSA-139, CVE-2015-5166] QEMU leak of uninitialized heap memory in rtl8139 device model [XSA-140, CVE-2015-5165]

Summary

This package contains the XenD daemon and xm command line

tools, needed to manage virtual machines running under the

Xen hypervisor

Update Information:

Use after free in QEMU/Xen block unplug protocol [XSA-139, CVE-2015-5166] QEMU leak of uninitialized heap memory in rtl8139 device model [XSA-140, CVE-2015-5165]

Topics%20covered

Topics Covered

security advisory critical Fedora memory leak Xen block unplug

Change Log

References


[ 1 ] Bug #1248997 - CVE-2015-5166 Qemu: BlockBackend object use after free issue (XSA-139) https://bugzilla.redhat.com/show_bug.cgi?id=1248997 [ 2 ] Bug #1248760 - CVE-2015-5165 Qemu: rtl8139 uninitialized heap memory information leakage to guest (XSA-140) https://bugzilla.redhat.com/show_bug.cgi?id=1248760

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update xen' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
critical
Lowest
Low
Medium
High
Critical

Name: xen
Product: Fedora 23
Version: 4.5.1
Release: 6.fc23
URL: https://xenproject.org/
Summary: Xen is a virtual machine monitor

Topics%20covered

Topics Covered

security advisory critical Fedora memory leak Xen block unplug

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here