SUSE 11 SP3: SUSE-SU-2015:0927-1 Important: Xen Buffer Overflow
suse
May 22, 2015
An update that solves one vulnerability and has two fixes An update that solves one vulnerability and has two fixes An update that solves one vulnerability and has two fixes is now...
Summary
Xen was updated to fix two security issues and a bug:
* CVE-2015-3456: A buffer overflow in the floppy drive emulation,
which could be used to carry out denial of service attacks or
potential code execution against the host. This vulnerability is
also known as VENOM.
* CVE-2015-3340: Xen did not initialize certain fields, which allowed
certain remote service domains to obtain sensitive information from
memory via a (1) XEN_DOMCTL_gettscinfo or (2)
XEN_SYSCTL_getdomaininfolist request.
* An exception in setCPUAffinity when restoring guests. (bsc#910441)
Security Issues:
* CVE-2015-3456
References
#910441 #927967 #929339
Cross- CVE-2015-3456
Affected Products:
SUSE Linux Enterprise Software Development Kit 11 SP3
SUSE Linux Enterprise Server 11 SP3
SUSE Linux Enterprise Desktop 11 SP3
https://www.suse.com/security/cve/CVE-2015-3456.html
https://bugzilla.suse.com/910441
https://bugzilla.suse.com/927967
https://bugzilla.suse.com/929339
https://scc.suse.com:443/patches/
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: SUSE-SU-2015:0927-1
Rating: important
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!