Alerts This Week
Warning Icon 1 485
Alerts This Week
Warning Icon 1 485

Fedora 23: 2015-d8253e2b1d Critical: Xen Buffer Overrun Threat

fedora
Calendar Grey December 22, 2015
Dist Fedora Esm H88
Urgent security patch released for Fedora 23 targeting various vulnerabilities in Xen. Use the yum package manager to strengthen your system's defenses.
paravirtualized drivers incautious about shared memory contents [XSA-155, CVE-2015-8550] qemu-dm buffer overrun in MSI-X handling [XSA-164, CVE-2015-8554] information leak in legac...

Summary

This package contains the XenD daemon and xm command line

tools, needed to manage virtual machines running under the

Xen hypervisor

Update Information:

paravirtualized drivers incautious about shared memory contents [XSA-155, CVE-2015-8550] qemu-dm buffer overrun in MSI-X handling [XSA-164, CVE-2015-8554] information leak in legacy x86 FPU/XMM initialization [XSA-165, CVE-2015-8555] ioreq handling possibly susceptible to multiple read issue [XSA-166]

Change Log

References


[ 1 ] Bug #1290365 - xsa166 xen: ioreq handling possibly susceptible to multiple read issue (XSA-166) https://bugzilla.redhat.com/show_bug.cgi?id=1290365 [ 2 ] Bug #1289129 - CVE-2015-8554 xsa164 xen: qemu-dm buffer overrun in MSI-X handling (XSA-164) https://bugzilla.redhat.com/show_bug.cgi?id=1289129 [ 3 ] Bug #1289130 - CVE-2015-8555 xsa165 xen: information leak in legacy x86 FPU/XMM initialization (XSA-165) https://bugzilla.redhat.com/show_bug.cgi?id=1289130 [ 4 ] Bug #1289125 - CVE-2015-8550 xsa155 xen: paravirtualized drivers incautious about shared memory contents (XSA-155) https://bugzilla.redhat.com/show_bug.cgi?id=1289125

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update xen' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
critical
Lowest
Low
Medium
High
Critical

Name: xen
Product: Fedora 23
Version: 4.5.2
Release: 6.fc23
Summary: Xen is a virtual machine monitor

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here