FEDORA-2015-12a089920e

security update in Fedora 23 for xen

Status: stable 3 years ago

eepro100: Prevent two endless loops [CVE-2015-8345], pcnet: fix rx buffer overflow [CVE-2015-7512], ui: vnc: avoid floating point exception [CVE-2015-8504], additional patch for [XSA-158, CVE-2015-8338] long running memory operations on ARM [XSA-158, CVE-2015-8338] XENMEM_exchange error handling issues [XSA-159, CVE-2015-8339, CVE-2015-8340] libxl leak of pv kernel and initrd on error [XSA-160, CVE-2015-8341]


heap buffer overflow vulnerability in pcnet emulator [XSA-162, CVE-2015-7504], virtual PMU is unsupported [XSA-163]

Comments 9

This update has been submitted for testing by myoung.

This update has obsoleted xen-4.5.2-3.fc23, and has inherited its bugs and notes.

myoung edited this update.

This update has been pushed to testing.

works for me

karma: +1

Works for me.

karma: +1

This update has been submitted for stable by bodhi.

looks ok

karma: +1

This update has been pushed to stable.

Add Comment & Feedback

Please login to add feedback.

Content Type
RPM
Status
stable
Test Gating
Submitted by
Update Type
security
Update Severity
unspecified
Karma
+3
stable threshold: 3
unstable threshold: -3
Autopush (karma)
Enabled
Autopush (time)
Disabled
Dates
submitted 3 years ago
in testing 3 years ago
in stable 3 years ago
modified 3 years ago

Related Bugs 14

00 #1261461 CVE-2015-7504 Qemu: net: pcnet: heap overflow vulnerability in pcnet_receive
00 #1284911 CVE-2015-8338 xen: Long running memory operations on ARM cause DoS
00 #1284919 CVE-2015-8339 CVE-2015-8340 xen: XENMEM_exchange error handling may cause DoS to host
00 #1284933 CVE-2015-8341 xen: libxl leak of PV kernel can cause OOM condition
00 #1285061 CVE-2015-7512 Qemu: net: pcnet: buffer overflow in non-loopback mode
00 #1285213 CVE-2015-8345 Qemu: net: eepro100: infinite loop in processing command block list
00 #1285215 CVE-2015-8345 xen: Qemu: net: eepro100: infinite loop in processing command block list [fedora-all]
00 #1285350 xen: Virtual Performance Measurement Unit feature is unsupported
00 #1285351 xen: Virtual Performance Measurement Unit feature is unsupported [fedora-all]
00 #1286544 CVE-2015-7504 xen: Qemu: net: pcnet: heap overflow vulnerability in pcnet_receive [fedora-all]
00 #1286563 CVE-2015-7512 xen: Qemu: net: pcnet: buffer overflow in non-loopback mode [fedora-all]
00 #1289541 CVE-2015-8504 Qemu: ui: vnc: avoid floating point exception
00 #1289544 CVE-2015-8504 xen: Qemu: ui: vnc: avoid floating point exception [fedora-all]
00 #1289568 CVE-2015-8338 CVE-2015-8339 CVE-2015-8340 CVE-2015-8341 xen: various flaws [fedora-all]

Automated Test Results