SUSE Linux 12: 2015:1302-1 Important: Host Code Exec and Stack Overflow
suse
July 28, 2015
An update that solves two vulnerabilities and has two fixes An update that solves two vulnerabilities and has two fixes An update that solves two vulnerabilities and has two fixes ...
Summary
xen was updated to fix two security issues. These security issues were fixed: - CVE-2015-3259: xl command line config handling stack overflow (bsc#935634, XSA-137). - CVE-2015-5154: Host code execution via IDE subsystem CD-ROM (bsc#938344). These non-security issues were fixed: - Restart of xencommons service did lead to loss of xenstore data (bsc#935256). - Kdump did not work in a XEN environment (bsc#925466). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-344=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-344=1 - SUSE Linux Enterprise Desktop 12:
References
#925466 #935256 #935634 #938344
Cross- CVE-2015-3259 CVE-2015-5154
Affected Products:
SUSE Linux Enterprise Software Development Kit 12
SUSE Linux Enterprise Server 12
SUSE Linux Enterprise Desktop 12
https://www.suse.com/security/cve/CVE-2015-3259.html
https://www.suse.com/security/cve/CVE-2015-5154.html
https://bugzilla.suse.com/925466
https://bugzilla.suse.com/935256
https://bugzilla.suse.com/935634
https://bugzilla.suse.com/938344
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: SUSE-SU-2015:1302-1
Rating: important
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!