FEDORA-2016-2c15b72b01

security update in Fedora 23 for xen

Status: stable 3 years ago

PV superpage functionality missing sanity checks [XSA-167, CVE-2016-1570] VMX: intercept issue with INVLPG on non-canonical address [XSA-168, CVE-2016-1571] Qemu: pci: null pointer dereference issue CVE-2015-7549 qemu: DoS by infinite loop in ehci_advance_state CVE-2015-8558 qemu: Heap-based buffer overrun during VM migration CVE-2015-8666 Qemu: net: vmxnet3: incorrect l2 header validation leads to a crash via assert(2) call CVE-2015-8744 qemu: Support reading IMR registers on bar0 CVE-2015-8745 Qemu: net: vmxnet3: host memory leakage CVE-2015-8567 CVE-2015-8568 Qemu: net: ne2000: OOB memory access in ioport r/w functions CVE-2015-8743

Comments 7

This update has been submitted for testing by myoung.

This update has been pushed to testing.

works for me

karma: +1

Works great! LGTM =)

karma: +1

This update has been submitted for stable by bodhi.

wfm

karma: +1

This update has been pushed to stable.

Add Comment & Feedback

Please login to add feedback.

Content Type
RPM
Status
stable
Test Gating
Submitted by
Update Type
security
Update Severity
unspecified
Karma
+3
stable threshold: 3
unstable threshold: -3
Autopush (karma)
Enabled
Autopush (time)
Disabled
Dates
submitted 3 years ago
in testing 3 years ago
in stable 3 years ago

Related Bugs 18

00 #1264929 CVE-2015-8743 Qemu: net: ne2000: OOB memory access in ioport r/w functions
00 #1270871 CVE-2015-8744 Qemu: net: vmxnet3: incorrect l2 header validation leads to a crash via assert(2) call
00 #1270876 CVE-2015-8745 Qemu: net: vmxnet3: reading IMR registers leads to a crash via assert(2) call
00 #1277983 CVE-2015-8558 Qemu: usb: infinite loop in ehci_advance_state results in DoS
00 #1283722 CVE-2015-8666 Qemu: acpi: heap based buffer overrun during VM migration
00 #1289816 CVE-2015-8568 CVE-2015-8567 Qemu: net: vmxnet3: host memory leakage
00 #1289817 CVE-2015-8567 CVE-2015-8568 xen: Qemu: net: vmxnet3: host memory leakage [fedora-all]
00 #1291137 CVE-2015-7549 Qemu: pci: null pointer dereference issue
00 #1291139 CVE-2015-7549 xen: Qemu: pci: null pointer dereference issue [fedora-all]
00 #1291310 CVE-2015-8558 xen: qemu: DoS by infinite loop in ehci_advance_state [fedora-all]
00 #1294028 CVE-2015-8666 xen: qemu: Heap-based buffer overrun during VM migration [fedora-all]
00 #1294788 CVE-2015-8743 xen: Qemu: net: ne2000: OOB memory access in ioport r/w functions [fedora-all]
00 #1295441 CVE-2015-8744 xen: qemu: Incorrect l2 header validation causes crash for packets shorter than 22 bytes [fedora-all]
00 #1295443 CVE-2015-8745 xen: qemu: Support reading IMR registers on bar0 [fedora-all]
00 #1296539 CVE-2016-1570 xen: PV superpage functionality missing sanity checks
00 #1296544 CVE-2016-1571 xen: Intercept issue with INVLPG on non-canonical address causing host to crash
00 #1300342 CVE-2016-1571 xen: Intercept issue with INVLPG on non-canonical address causing host to crash [fedora-all]
00 #1300345 CVE-2016-1570 xen: PV superpage functionality missing sanity checks [fedora-all]

Automated Test Results