FEDORA-2015-10001

security update in Fedora 22 for xen

Status: stable 4 years ago

stubs-32.h is back, so revert to previous behaviour. Heap overflow in QEMU PCNET controller, allowing guest->host escape [XSA-135, CVE-2015-3209]. GNTTABOP_swap_grant_ref operation misbehavior [XSA-134, CVE-2015-4163]. vulnerability in the iret hypercall handler [XSA-136, CVE-2015-4164].

How to install

sudo dnf upgrade --advisory=FEDORA-2015-10001

Comments 12

This update has been submitted for testing by myoung.

Taskotron: depcheck test PASSED on i386. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/81663/steps/runtask/logs/stdio (results are informative only)

Taskotron: depcheck test PASSED on x86_64. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/81663/steps/runtask/logs/stdio (results are informative only)

This update is currently being pushed to the Fedora 22 testing updates repository.

This update has been pushed to testing

No issues noted

karma: +1

This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes

works for me

karma: +1

This update has been submitted for stable by myoung.

Taskotron: upgradepath test PASSED on noarch. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/99928/steps/runtask/logs/stdio (results are informative only)

This update is currently being pushed to the Fedora 22 stable updates repository.

This update has been pushed to stable

Add Comment & Feedback

Please login to add feedback.

Content Type
RPM
Status
stable
Test Gating
Submitted by
Update Type
security
Update Severity
unspecified
Karma
+2
stable threshold: 3
unstable threshold: -3
Autopush (karma)
Disabled
Autopush (time)
Disabled
Dates
submitted 4 years ago
in testing 4 years ago
in stable 4 years ago

Related Bugs 2

00 #1225882 CVE-2015-3209 qemu: pcnet: multi-tmd buffer overflow in the tx path
00 #1230537 CVE-2015-3209 xen: qemu: pcnet: multi-tmd buffer overflow in the tx path [fedora-all]

Automated Test Results