Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 498
Alerts This Week
Warning Icon 1 498

openSUSE 13.2: 2015:1092-1 Important: Xen Security Issues Resolved

opensuse
Calendar Grey June 22, 2015
Dist Opensuse Esm H88
Key security patch for openSUSE addressing 17 vulnerabilities in xen, featuring crucial repairs and improvements as part of the update.
An update that solves 17 vulnerabilities and has 10 fixes is now available.

Description

Xen was updated to 4.4.2 to fix multiple vulnerabilities and non-security

bugs.

The following vulnerabilities were fixed:

* CVE-2015-4103: Potential unintended writes to host MSI message data

field via qemu (XSA-128) (boo#931625)

* CVE-2015-4104: PCI MSI mask bits inadvertently exposed to guests

(XSA-129) (boo#931626)

* CVE-2015-4105: Guest triggerable qemu MSI-X pass-through error messages

(XSA-130) (boo#931627)

* CVE-2015-4106: Unmediated PCI register access in qemu (XSA-131)

(boo#931628)

* CVE-2015-4164: DoS through iret hypercall handler (XSA-136) (boo#932996)

* CVE-2015-4163: GNTTABOP_swap_grant_ref operation misbehavior (XSA-134)

(boo#932790)

* CVE-2015-3209: heap overflow in qemu pcnet controller allowing guest to

host escape (XSA-135) (boo#932770)

* CVE-2015-3456: Fixed a buffer overflow in the floppy drive emulation,

which could be used to denial of service attacks or potential code

execution against...

Read the Full Advisory

Patch

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

- openSUSE 13.2:

zypper in -t patch openSUSE-2015-434=1

To bring your system up-to-date, use "zypper patch".

Package List

- openSUSE 13.2 (i586 x86_64):

xen-debugsource-4.4.2_06-23.1

xen-devel-4.4.2_06-23.1

xen-libs-4.4.2_06-23.1

xen-libs-debuginfo-4.4.2_06-23.1

xen-tools-domU-4.4.2_06-23.1

xen-tools-domU-debuginfo-4.4.2_06-23.1

- openSUSE 13.2 (x86_64):

xen-4.4.2_06-23.1

xen-doc-html-4.4.2_06-23.1

xen-kmp-default-4.4.2_06_k3.16.7_21-23.1

xen-kmp-default-debuginfo-4.4.2_06_k3.16.7_21-23.1

xen-kmp-desktop-4.4.2_06_k3.16.7_21-23.1

xen-kmp-desktop-debuginfo-4.4.2_06_k3.16.7_21-23.1

xen-libs-32bit-4.4.2_06-23.1

xen-libs-debuginfo-32bit-4.4.2_06-23.1

xen-tools-4.4.2_06-23.1

xen-tools-debuginfo-4.4.2_06-23.1

References

https://www.suse.com/security/cve/CVE-2014-3615.html

https://www.suse.com/security/cve/CVE-2015-2044.html

https://www.suse.com/security/cve/CVE-2015-2045.html

https://www.suse.com/security/cve/CVE-2015-2151.html

https://www.suse.com/security/cve/CVE-2015-2152.html

https://www.suse.com/security/cve/CVE-2015-2751.html

https://www.suse.com/security/cve/CVE-2015-2752.html

https://www.suse.com/security/cve/CVE-2015-2756.html

https://www.suse.com/security/cve/CVE-2015-3209.html

https://www.suse.com/security/cve/CVE-2015-3340.html

https://www.suse.com/security/cve/CVE-2015-3456.html

https://www.suse.com/security/cve/CVE-2015-4103.html

https://www.suse.com/security/cve/CVE-2015-4104.html

https://www.suse.com/security/cve/CVE-2015-4105.html

https://www.suse.com/security/cve/CVE-2015-4106.html

https://www.suse.com/security/cve/CVE-2015-4163.html

https://www.suse.com/security/cve/CVE-2015-4164.html

https://bugzilla.suse.com/861318

https://bugzilla.suse.com/882089

https://bugzilla.suse.com/895528

https://bugzilla.sus...

Read the Full Advisory

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2015:1092-1
Rating: important
Affected Products: openSUSE 13.2 le.

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.