FEDORA-2016-2c15b72b01

security update in Fedora 23 for xen

Status: stable 3 years ago

PV superpage functionality missing sanity checks [XSA-167, CVE-2016-1570] VMX: intercept issue with INVLPG on non-canonical address [XSA-168, CVE-2016-1571] Qemu: pci: null pointer dereference issue CVE-2015-7549 qemu: DoS by infinite loop in ehci_advance_state CVE-2015-8558 qemu: Heap-based buffer overrun during VM migration CVE-2015-8666 Qemu: net: vmxnet3: incorrect l2 header validation leads to a crash via assert(2) call CVE-2015-8744 qemu: Support reading IMR registers on bar0 CVE-2015-8745 Qemu: net: vmxnet3: host memory leakage CVE-2015-8567 CVE-2015-8568 Qemu: net: ne2000: OOB memory access in ioport r/w functions CVE-2015-8743

How to install

sudo dnf upgrade --advisory=FEDORA-2016-2c15b72b01

Comments 7

This update has been submitted for testing by myoung.

This update has been pushed to testing.

works for me

karma: +1

Works great! LGTM =)

karma: +1

This update has been submitted for stable by bodhi.

wfm

karma: +1

This update has been pushed to stable.


Add Comment & Feedback
Toggle Preview

Comment fields support Fedora-Flavored Markdown. Comments are governed under this privacy policy.

-1 0 +1 Feedback Guidelines

Is the update generally functional? (karma)

You need to be logged in to add karma!

#1264929 CVE-2015-8743 Qemu: net: ne2000: OOB memory access in ioport r/w functions
#1270871 CVE-2015-8744 Qemu: net: vmxnet3: incorrect l2 header validation leads to a crash via assert(2) call
#1270876 CVE-2015-8745 Qemu: net: vmxnet3: reading IMR registers leads to a crash via assert(2) call
#1277983 CVE-2015-8558 Qemu: usb: infinite loop in ehci_advance_state results in DoS
#1283722 CVE-2015-8666 Qemu: acpi: heap based buffer overrun during VM migration
#1289816 CVE-2015-8568 CVE-2015-8567 Qemu: net: vmxnet3: host memory leakage
#1289817 CVE-2015-8567 CVE-2015-8568 xen: Qemu: net: vmxnet3: host memory leakage [fedora-all]
#1291137 CVE-2015-7549 Qemu: pci: null pointer dereference issue
#1291139 CVE-2015-7549 xen: Qemu: pci: null pointer dereference issue [fedora-all]
#1291310 CVE-2015-8558 xen: qemu: DoS by infinite loop in ehci_advance_state [fedora-all]
#1294028 CVE-2015-8666 xen: qemu: Heap-based buffer overrun during VM migration [fedora-all]
#1294788 CVE-2015-8743 xen: Qemu: net: ne2000: OOB memory access in ioport r/w functions [fedora-all]
#1295441 CVE-2015-8744 xen: qemu: Incorrect l2 header validation causes crash for packets shorter than 22 bytes [fedora-all]
#1295443 CVE-2015-8745 xen: qemu: Support reading IMR registers on bar0 [fedora-all]
#1296539 CVE-2016-1570 xen: PV superpage functionality missing sanity checks
#1296544 CVE-2016-1571 xen: Intercept issue with INVLPG on non-canonical address causing host to crash
#1300342 CVE-2016-1571 xen: Intercept issue with INVLPG on non-canonical address causing host to crash [fedora-all]
#1300345 CVE-2016-1570 xen: PV superpage functionality missing sanity checks [fedora-all]
Content Type
RPM
Status
stable
Test Gating
Submitted by
Update Type
security
Update Severity
unspecified
Karma
+3
stable threshold: 3
unstable threshold: -3
Autopush
Enabled
Dates
submitted 3 years ago
in testing 3 years ago
in stable 3 years ago

Related Bugs 18

00 #1264929 CVE-2015-8743 Qemu: net: ne2000: OOB memory access in ioport r/w functions
00 #1270871 CVE-2015-8744 Qemu: net: vmxnet3: incorrect l2 header validation leads to a crash via assert(2) call
00 #1270876 CVE-2015-8745 Qemu: net: vmxnet3: reading IMR registers leads to a crash via assert(2) call
00 #1277983 CVE-2015-8558 Qemu: usb: infinite loop in ehci_advance_state results in DoS
00 #1283722 CVE-2015-8666 Qemu: acpi: heap based buffer overrun during VM migration
00 #1289816 CVE-2015-8568 CVE-2015-8567 Qemu: net: vmxnet3: host memory leakage
00 #1289817 CVE-2015-8567 CVE-2015-8568 xen: Qemu: net: vmxnet3: host memory leakage [fedora-all]
00 #1291137 CVE-2015-7549 Qemu: pci: null pointer dereference issue
00 #1291139 CVE-2015-7549 xen: Qemu: pci: null pointer dereference issue [fedora-all]
00 #1291310 CVE-2015-8558 xen: qemu: DoS by infinite loop in ehci_advance_state [fedora-all]
00 #1294028 CVE-2015-8666 xen: qemu: Heap-based buffer overrun during VM migration [fedora-all]
00 #1294788 CVE-2015-8743 xen: Qemu: net: ne2000: OOB memory access in ioport r/w functions [fedora-all]
00 #1295441 CVE-2015-8744 xen: qemu: Incorrect l2 header validation causes crash for packets shorter than 22 bytes [fedora-all]
00 #1295443 CVE-2015-8745 xen: qemu: Support reading IMR registers on bar0 [fedora-all]
00 #1296539 CVE-2016-1570 xen: PV superpage functionality missing sanity checks
00 #1296544 CVE-2016-1571 xen: Intercept issue with INVLPG on non-canonical address causing host to crash
00 #1300342 CVE-2016-1571 xen: Intercept issue with INVLPG on non-canonical address causing host to crash [fedora-all]
00 #1300345 CVE-2016-1570 xen: PV superpage functionality missing sanity checks [fedora-all]

Automated Test Results