FEDORA-2015-08e4af5a20

security update in Fedora 22 for xen

Status: stable 3 years ago

eepro100: Prevent two endless loops [CVE-2015-8345] (#1285215), pcnet: fix rx buffer overflow [CVE-2015-7512], ui: vnc: avoid floating point exception [CVE-2015-8504], additional patch for [XSA-158, CVE-2015-8338] long running memory operations on ARM [XSA-158, CVE-2015-8338] XENMEM_exchange error handling issues [XSA-159, CVE-2015-8339, CVE-2015-8340] libxl leak of pv kernel and initrd on error [XSA-160, CVE-2015-8341]


heap buffer overflow vulnerability in pcnet emulator [XSA-162, CVE-2015-7504], virtual PMU is unsupported [XSA-163]

How to install

sudo dnf upgrade --advisory=FEDORA-2015-08e4af5a20

Comments 8

This update has been submitted for testing by myoung.

This update has obsoleted xen-4.5.2-3.fc22, and has inherited its bugs and notes.

myoung edited this update.

This update has been pushed to testing.

no regressions noted

karma: +1

This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes

This update has been submitted for stable by myoung.

This update has been pushed to stable.

Add Comment & Feedback

Please login to add feedback.

Content Type
RPM
Status
stable
Test Gating
Submitted by
Update Type
security
Update Severity
unspecified
Karma
+1
stable threshold: 3
unstable threshold: -3
Autopush (karma)
Enabled
Autopush (time)
Disabled
Dates
submitted 3 years ago
in testing 3 years ago
in stable 3 years ago
modified 3 years ago

Related Bugs 13

00 #1261461 CVE-2015-7504 Qemu: net: pcnet: heap overflow vulnerability in pcnet_receive
00 #1284911 CVE-2015-8338 xen: Long running memory operations on ARM cause DoS
00 #1284919 CVE-2015-8339 CVE-2015-8340 xen: XENMEM_exchange error handling may cause DoS to host
00 #1284933 CVE-2015-8341 xen: libxl leak of PV kernel can cause OOM condition
00 #1285061 CVE-2015-7512 Qemu: net: pcnet: buffer overflow in non-loopback mode
00 #1285213 CVE-2015-8345 Qemu: net: eepro100: infinite loop in processing command block list
00 #1285215 CVE-2015-8345 xen: Qemu: net: eepro100: infinite loop in processing command block list [fedora-all]
00 #1285350 xen: Virtual Performance Measurement Unit feature is unsupported
00 #1285351 xen: Virtual Performance Measurement Unit feature is unsupported [fedora-all]
00 #1286544 CVE-2015-7504 xen: Qemu: net: pcnet: heap overflow vulnerability in pcnet_receive [fedora-all]
00 #1286563 CVE-2015-7512 xen: Qemu: net: pcnet: buffer overflow in non-loopback mode [fedora-all]
00 #1289544 CVE-2015-8504 xen: Qemu: ui: vnc: avoid floating point exception [fedora-all]
00 #1289568 CVE-2015-8338 CVE-2015-8339 CVE-2015-8340 CVE-2015-8341 xen: various flaws [fedora-all]

Automated Test Results