SUSE-SU-2015:1643-1: important: Security update for Xen

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Fri Sep 25 13:10:22 MDT 2015


   SUSE Security Update: Security update for Xen
______________________________________________________________________________

Announcement ID:    SUSE-SU-2015:1643-1
Rating:             important
References:         #932770 #932996 #938344 #939712 
Cross-References:   CVE-2015-3209 CVE-2015-4164 CVE-2015-5154
                    CVE-2015-5165
Affected Products:
                    SUSE Linux Enterprise Server 10 SP4 LTSS
______________________________________________________________________________

   An update that fixes four vulnerabilities is now available.

Description:


   Xen was updated to fix the following security issues:

       * CVE-2015-5154: Host code execution via IDE subsystem CD-ROM.
         (bsc#938344)
       * CVE-2015-3209: Heap overflow in QEMU's pcnet controller allowing
         guest to host escape. (bsc#932770)
       * CVE-2015-4164: DoS through iret hypercall handler. (bsc#932996)
       * CVE-2015-5165: QEMU leak of uninitialized heap memory in rtl8139
         device model. (XSA-140, bsc#939712)

   Security Issues:

       * CVE-2015-5154
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5154>
       * CVE-2015-3209
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3209>
       * CVE-2015-4164
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4164>
       * CVE-2015-5165
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5165>



Package List:

   - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 x86_64):

      xen-3.2.3_17040_46-0.21.1
      xen-devel-3.2.3_17040_46-0.21.1
      xen-doc-html-3.2.3_17040_46-0.21.1
      xen-doc-pdf-3.2.3_17040_46-0.21.1
      xen-doc-ps-3.2.3_17040_46-0.21.1
      xen-kmp-debug-3.2.3_17040_46_2.6.16.60_0.132.4-0.21.1
      xen-kmp-default-3.2.3_17040_46_2.6.16.60_0.132.4-0.21.1
      xen-kmp-kdump-3.2.3_17040_46_2.6.16.60_0.132.4-0.21.1
      xen-kmp-smp-3.2.3_17040_46_2.6.16.60_0.132.4-0.21.1
      xen-libs-3.2.3_17040_46-0.21.1
      xen-tools-3.2.3_17040_46-0.21.1
      xen-tools-domU-3.2.3_17040_46-0.21.1
      xen-tools-ioemu-3.2.3_17040_46-0.21.1

   - SUSE Linux Enterprise Server 10 SP4 LTSS (x86_64):

      xen-libs-32bit-3.2.3_17040_46-0.21.1

   - SUSE Linux Enterprise Server 10 SP4 LTSS (i586):

      xen-kmp-bigsmp-3.2.3_17040_46_2.6.16.60_0.132.4-0.21.1
      xen-kmp-kdumppae-3.2.3_17040_46_2.6.16.60_0.132.4-0.21.1
      xen-kmp-vmi-3.2.3_17040_46_2.6.16.60_0.132.4-0.21.1
      xen-kmp-vmipae-3.2.3_17040_46_2.6.16.60_0.132.4-0.21.1


References:

   https://www.suse.com/security/cve/CVE-2015-3209.html
   https://www.suse.com/security/cve/CVE-2015-4164.html
   https://www.suse.com/security/cve/CVE-2015-5154.html
   https://www.suse.com/security/cve/CVE-2015-5165.html
   https://bugzilla.suse.com/932770
   https://bugzilla.suse.com/932996
   https://bugzilla.suse.com/938344
   https://bugzilla.suse.com/939712
   https://download.suse.com/patch/finder/?keywords=8837c9fd890aaac522c74dc7741b001c



More information about the sle-security-updates mailing list