FEDORA-2015-15944

security update in Fedora 22 for xen

Status: stable 4 years ago

libxl fails to honour readonly flag on disks with qemu-xen [XSA-142 (possible fix)]


Use after free in QEMU/Xen block unplug protocol [XSA-139, CVE-2015-5166] QEMU leak of uninitialized heap memory in rtl8139 device model [XSA-140, CVE-2015-5165]

How to install

sudo dnf upgrade --advisory=FEDORA-2015-15944

Comments 7

This update has been submitted for testing by myoung.

This update has obsoleted xen-4.5.1-6.fc22, and has inherited its bugs and notes.

This update has been pushed to testing.

Works for me.

karma: +1

works for me

karma: +1

This update has been submitted for stable by myoung.

This update has been pushed to stable.

Add Comment & Feedback

Please login to add feedback.

Content Type
RPM
Status
stable
Test Gating
Submitted by
Update Type
security
Update Severity
unspecified
Karma
+2
stable threshold: 3
unstable threshold: -3
Autopush (karma)
Enabled
Autopush (time)
Disabled
Dates
submitted 4 years ago
in testing 4 years ago
in stable 4 years ago

Related Bugs 5

00 #1248760 CVE-2015-5165 Qemu: rtl8139 uninitialized heap memory information leakage to guest (XSA-140)
00 #1248997 CVE-2015-5166 Qemu: BlockBackend object use after free issue (XSA-139)
00 #1249756 CVE-2015-5165 xen: Qemu: rtl8139 uninitialized heap memory information leakage to guest [fedora-all]
00 #1249757 CVE-2015-5166 xen: Qemu: BlockBackend object use after free issue [fedora-all]
00 #1257893 Guests on Fedora22 Xen host are able to write to read-only disks with full device emulation type.

Automated Test Results