Alerts This Week
Warning Icon 1 540
Alerts This Week
Warning Icon 1 540

openSUSE 13.1: 2015:1094-1 Important: Xen Security Fixes

opensuse
Calendar Grey June 22, 2015
Dist Opensuse Esm H88
Important patch released for Debian addressing multiple vulnerabilities in OpenSSL, improving overall system robustness and safety.
An update that fixes 8 vulnerabilities is now available

Description

Xen was updated to fix eight vulnerabilities.

The following vulnerabilities were fixed:

* CVE-2015-2751: Certain domctl operations may be abused to lock up the

host (XSA-127 boo#922709)

* CVE-2015-4103: Potential unintended writes to host MSI message data

field via qemu (XSA-128) (boo#931625)

* CVE-2015-4104: PCI MSI mask bits inadvertently exposed to guests

(XSA-129) (boo#931626)

* CVE-2015-4105: Guest triggerable qemu MSI-X pass-through error messages

(XSA-130) (boo#931627)

* CVE-2015-4106: Unmediated PCI register access in qemu (XSA-131)

(boo#931628)

* CVE-2015-4163: GNTTABOP_swap_grant_ref operation misbehavior (XSA-134)

(boo#932790)

* CVE-2015-3209: heap overflow in qemu pcnet controller allowing guest to

host escape (XSA-135) (boo#932770)

* CVE-2015-4164: DoS through iret hypercall handler (XSA-136) (boo#932996)

Topics%20covered

Topics Covered

security advisory security issue security fix system update important advisory xen openSUSE

Patch

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

- openSUSE 13.1:

zypper in -t patch openSUSE-2015-435=1

To bring your system up-to-date, use "zypper patch".

Package List

- openSUSE 13.1 (i586 x86_64):

xen-debugsource-4.3.4_05-47.1

xen-devel-4.3.4_05-47.1

xen-kmp-default-4.3.4_05_k3.11.10_29-47.1

xen-kmp-default-debuginfo-4.3.4_05_k3.11.10_29-47.1

xen-kmp-desktop-4.3.4_05_k3.11.10_29-47.1

xen-kmp-desktop-debuginfo-4.3.4_05_k3.11.10_29-47.1

xen-libs-4.3.4_05-47.1

xen-libs-debuginfo-4.3.4_05-47.1

xen-tools-domU-4.3.4_05-47.1

xen-tools-domU-debuginfo-4.3.4_05-47.1

- openSUSE 13.1 (x86_64):

xen-4.3.4_05-47.1

xen-doc-html-4.3.4_05-47.1

xen-libs-32bit-4.3.4_05-47.1

xen-libs-debuginfo-32bit-4.3.4_05-47.1

xen-tools-4.3.4_05-47.1

xen-tools-debuginfo-4.3.4_05-47.1

xen-xend-tools-4.3.4_05-47.1

xen-xend-tools-debuginfo-4.3.4_05-47.1

- openSUSE 13.1 (i586):

xen-kmp-pae-4.3.4_05_k3.11.10_29-47.1

xen-kmp-pae-debuginfo-4.3.4_05_k3.11.10_29-47.1

References

https://www.suse.com/security/cve/CVE-2015-2751.html

https://www.suse.com/security/cve/CVE-2015-3209.html

https://www.suse.com/security/cve/CVE-2015-4103.html

https://www.suse.com/security/cve/CVE-2015-4104.html

https://www.suse.com/security/cve/CVE-2015-4105.html

https://www.suse.com/security/cve/CVE-2015-4106.html

https://www.suse.com/security/cve/CVE-2015-4163.html

https://www.suse.com/security/cve/CVE-2015-4164.html

https://bugzilla.suse.com/922709

https://bugzilla.suse.com/931625

https://bugzilla.suse.com/931626

https://bugzilla.suse.com/931627

https://bugzilla.suse.com/931628

https://bugzilla.suse.com/932770

https://bugzilla.suse.com/932790

https://bugzilla.suse.com/932996

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2015:1094-1
Rating: important
Affected Products: openSUSE 13.1 .

Topics%20covered

Topics Covered

security advisory security issue security fix system update important advisory xen openSUSE

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here