FEDORA-2015-15944 — security update for xen

stable

xen-4.5.1-8.fc22

FEDORA-2015-15944 created by myoung 10 years ago for Fedora 22

libxl fails to honour readonly flag on disks with qemu-xen [XSA-142 (possible fix)]

Use after free in QEMU/Xen block unplug protocol [XSA-139, CVE-2015-5166] QEMU leak of uninitialized heap memory in rtl8139 device model [XSA-140, CVE-2015-5165]

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2015-15944

This update has been submitted for testing by myoung.

10 years ago

This update has obsoleted xen-4.5.1-6.fc22, and has inherited its bugs and notes.

10 years ago

This update has been pushed to testing.

10 years ago

mhayden commented & provided feedback 10 years ago

karma

Works for me.

cserpentis commented & provided feedback 10 years ago

karma

works for me

This update has been submitted for stable by myoung.

10 years ago

This update has been pushed to stable.

10 years ago

Please log in to add feedback.

Metadata

Type

security

Karma

Signed

Content Type

RPM

Test Gating

None

Autopush Settings

Unstable by Karma

-3

Stable by Karma

Stable by Time

disabled

Dates

submitted

10 years ago

in testing

10 years ago

in stable

10 years ago

Builds

xen-4.5.1-8.fc22

BZ#1248760 CVE-2015-5165 Qemu: rtl8139 uninitialized heap memory information leakage to guest (XSA-140)

BZ#1248997 CVE-2015-5166 Qemu: BlockBackend object use after free issue (XSA-139)

BZ#1249756 CVE-2015-5165 xen: Qemu: rtl8139 uninitialized heap memory information leakage to guest [fedora-all]

BZ#1249757 CVE-2015-5166 xen: Qemu: BlockBackend object use after free issue [fedora-all]

BZ#1257893 Guests on Fedora22 Xen host are able to write to read-only disks with full device emulation type.

xen-4.5.1-8.fc22

Automated Test Results

None