FEDORA-2015-15946

security update in Fedora 21 for xen

Status: stable 4 years ago

libxl fails to honour readonly flag on disks with qemu-xen [XSA-142 (possible fix)]


update to xen-4.4.3, including Use after free in QEMU/Xen block unplug protocol [XSA-139, CVE-2015-5166], QEMU leak of uninitialized heap memory in rtl8139 device model [XSA-140, CVE-2015-5165]

How to install

sudo dnf upgrade --advisory=FEDORA-2015-15946

Comments 5

This update has been submitted for testing by myoung.

This update has obsoleted xen-4.4.3-1.fc21, and has inherited its bugs and notes.

This update has been pushed to testing.

This update has been submitted for stable by myoung.

This update has been pushed to stable.

Add Comment & Feedback

Please login to add feedback.

Content Type
RPM
Status
stable
Test Gating
Submitted by
Update Type
security
Update Severity
unspecified
Karma
0
stable threshold: 3
unstable threshold: -3
Autopush (karma)
Enabled
Autopush (time)
Disabled
Dates
submitted 4 years ago
in testing 4 years ago
in stable 4 years ago

Related Bugs 5

00 #1248760 CVE-2015-5165 Qemu: rtl8139 uninitialized heap memory information leakage to guest (XSA-140)
00 #1248997 CVE-2015-5166 Qemu: BlockBackend object use after free issue (XSA-139)
00 #1249756 CVE-2015-5165 xen: Qemu: rtl8139 uninitialized heap memory information leakage to guest [fedora-all]
00 #1249757 CVE-2015-5166 xen: Qemu: BlockBackend object use after free issue [fedora-all]
00 #1257893 Guests on Fedora22 Xen host are able to write to read-only disks with full device emulation type.

Automated Test Results