SUSE: 2015:0923-1 Important: Xen Denial Of Service And Code Exec Risks
suse
May 21, 2015
An update that fixes four vulnerabilities is now available
Summary
XEN was updated to fix two security issues and bugs. Security issues fixed: * CVE-2015-3340: Xen did not initialize certain fields, which allowed certain remote service domains to obtain sensitive information from memory via a (1) XEN_DOMCTL_gettscinfo or (2) XEN_SYSCTL_getdomaininfolist request. * CVE-2015-2751: Xen, when using toolstack disaggregation, allowed remote domains with partial management control to cause a denial of service (host lock) via unspecified domctl operations. * CVE-2015-2752: The XEN_DOMCTL_memory_mapping hypercall in Xen, when using a PCI passthrough device, was not preemptable, which allowed local x86 HVM domain users to cause a denial of service (host CPU consumption) via a crafted request to the device model (qemu-dm).
References
#922705 #922709 #927967 #929339
Cross- CVE-2015-2751 CVE-2015-2752 CVE-2015-3340
CVE-2015-3456
Affected Products:
SUSE Linux Enterprise Software Development Kit 12
SUSE Linux Enterprise Server 12
SUSE Linux Enterprise Desktop 12
https://www.suse.com/security/cve/CVE-2015-2751.html
https://www.suse.com/security/cve/CVE-2015-2752.html
https://www.suse.com/security/cve/CVE-2015-3340.html
https://www.suse.com/security/cve/CVE-2015-3456.html
https://bugzilla.suse.com/show_bug.cgi?id=922705
https://bugzilla.suse.com/922709
https://bugzilla.suse.com/927967
https://bugzilla.suse.com/show_bug.cgi?id=929339
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: SUSE-SU-2015:0923-1
Rating: important
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!