SuSE: 2015:0940-1: important: Xen
Summary
Xen was updated to fix two security issues:
* CVE-2015-3456: A buffer overflow in the floppy drive emulation,
which could be used to carry out denial of service attacks or
potential code execution against the host. This vulnerability is
also known as VENOM.
* CVE-2015-3340: An information leak through XEN_DOMCTL_gettscinfo().
(XSA-132)
Security Issues:
* CVE-2015-3456
References
#927967 #929339
Cross- CVE-2015-3340 CVE-2015-3456
Affected Products:
SUSE Linux Enterprise Server 11 SP1 LTSS
https://www.suse.com/security/cve/CVE-2015-3340.html
https://www.suse.com/security/cve/CVE-2015-3456.html
https://bugzilla.suse.com/927967
https://bugzilla.suse.com/929339
https://scc.suse.com:443/patches/