SUSE-SU-2015:1206-1: important: Security update for Xen

sle-updates at lists.suse.com sle-updates at lists.suse.com
Wed Jul 8 09:08:08 MDT 2015


   SUSE Security Update: Security update for Xen
______________________________________________________________________________

Announcement ID:    SUSE-SU-2015:1206-1
Rating:             important
References:         #932770 #932996 
Cross-References:   CVE-2015-3209 CVE-2015-4164
Affected Products:
                    SUSE Linux Enterprise Server 10 SP4 LTSS
______________________________________________________________________________

   An update that fixes two vulnerabilities is now available.

Description:


   Xen was updated to fix two security issues:

       * CVE-2015-3209: Heap overflow in qemu pcnet controller allowing guest
         to host escape. (XSA-135, bsc#932770)
       * CVE-2015-4164: DoS through iret hypercall handler. (XSA-136,
         bsc#932996)

   Security Issues:

       * CVE-2015-4164
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4164>
       * CVE-2015-3209
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3209>


Special Instructions and Notes:

   Please reboot the system after installing this update.


Package List:

   - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 x86_64):

      xen-3.2.3_17040_46-0.17.1
      xen-devel-3.2.3_17040_46-0.17.1
      xen-doc-html-3.2.3_17040_46-0.17.1
      xen-doc-pdf-3.2.3_17040_46-0.17.1
      xen-doc-ps-3.2.3_17040_46-0.17.1
      xen-kmp-debug-3.2.3_17040_46_2.6.16.60_0.132.3-0.17.1
      xen-kmp-default-3.2.3_17040_46_2.6.16.60_0.132.3-0.17.1
      xen-kmp-kdump-3.2.3_17040_46_2.6.16.60_0.132.3-0.17.1
      xen-kmp-smp-3.2.3_17040_46_2.6.16.60_0.132.3-0.17.1
      xen-libs-3.2.3_17040_46-0.17.1
      xen-tools-3.2.3_17040_46-0.17.1
      xen-tools-domU-3.2.3_17040_46-0.17.1
      xen-tools-ioemu-3.2.3_17040_46-0.17.1

   - SUSE Linux Enterprise Server 10 SP4 LTSS (x86_64):

      xen-libs-32bit-3.2.3_17040_46-0.17.1

   - SUSE Linux Enterprise Server 10 SP4 LTSS (i586):

      xen-kmp-bigsmp-3.2.3_17040_46_2.6.16.60_0.132.3-0.17.1
      xen-kmp-kdumppae-3.2.3_17040_46_2.6.16.60_0.132.3-0.17.1
      xen-kmp-vmi-3.2.3_17040_46_2.6.16.60_0.132.3-0.17.1
      xen-kmp-vmipae-3.2.3_17040_46_2.6.16.60_0.132.3-0.17.1


References:

   https://www.suse.com/security/cve/CVE-2015-3209.html
   https://www.suse.com/security/cve/CVE-2015-4164.html
   https://bugzilla.suse.com/932770
   https://bugzilla.suse.com/932996
   https://download.suse.com/patch/finder/?keywords=f26fb5291b18bbfa26447df16a7ab90f



More information about the sle-updates mailing list