Описание
Security update for xen
xen was updated to fix two security issues.
These security issues were fixed:
- CVE-2015-3259: xl command line config handling stack overflow (bsc#935634, XSA-137).
- CVE-2015-5154: Host code execution via IDE subsystem CD-ROM (bsc#938344).
This non-security issue was fixed:
- Kdump did not work in a XEN environment (bsc#925466).
Список пакетов
SUSE Linux Enterprise Desktop 11 SP4
xen-4.4.2_10-5.1
xen-doc-html-4.4.2_10-5.1
xen-kmp-default-4.4.2_10_3.0.101_63-5.1
xen-kmp-pae-4.4.2_10_3.0.101_63-5.1
xen-libs-4.4.2_10-5.1
xen-libs-32bit-4.4.2_10-5.1
xen-tools-4.4.2_10-5.1
xen-tools-domU-4.4.2_10-5.1
SUSE Linux Enterprise Server 11 SP4
xen-4.4.2_10-5.1
xen-doc-html-4.4.2_10-5.1
xen-kmp-default-4.4.2_10_3.0.101_63-5.1
xen-kmp-pae-4.4.2_10_3.0.101_63-5.1
xen-libs-4.4.2_10-5.1
xen-libs-32bit-4.4.2_10-5.1
xen-tools-4.4.2_10-5.1
xen-tools-domU-4.4.2_10-5.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4
xen-4.4.2_10-5.1
xen-doc-html-4.4.2_10-5.1
xen-kmp-default-4.4.2_10_3.0.101_63-5.1
xen-kmp-pae-4.4.2_10_3.0.101_63-5.1
xen-libs-4.4.2_10-5.1
xen-libs-32bit-4.4.2_10-5.1
xen-tools-4.4.2_10-5.1
xen-tools-domU-4.4.2_10-5.1
SUSE Linux Enterprise Software Development Kit 11 SP4
xen-devel-4.4.2_10-5.1
Ссылки
- Link for SUSE-SU-2015:1299-1
- E-Mail link for SUSE-SU-2015:1299-1
- SUSE Security Ratings
- SUSE Bug 925466
- SUSE Bug 935634
- SUSE Bug 938344
- SUSE CVE CVE-2015-3259 page
- SUSE CVE CVE-2015-5154 page
Описание
Stack-based buffer overflow in the xl command line utility in Xen 4.1.x through 4.5.x allows local guest administrators to gain privileges via a long configuration argument.
Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP4:xen-4.4.2_10-5.1
SUSE Linux Enterprise Desktop 11 SP4:xen-doc-html-4.4.2_10-5.1
SUSE Linux Enterprise Desktop 11 SP4:xen-kmp-default-4.4.2_10_3.0.101_63-5.1
SUSE Linux Enterprise Desktop 11 SP4:xen-kmp-pae-4.4.2_10_3.0.101_63-5.1
Ссылки
- CVE-2015-3259
- SUSE Bug 935634
- SUSE Bug 936281
- SUSE Bug 937018
- SUSE Bug 950367
Описание
Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands.
Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP4:xen-4.4.2_10-5.1
SUSE Linux Enterprise Desktop 11 SP4:xen-doc-html-4.4.2_10-5.1
SUSE Linux Enterprise Desktop 11 SP4:xen-kmp-default-4.4.2_10_3.0.101_63-5.1
SUSE Linux Enterprise Desktop 11 SP4:xen-kmp-pae-4.4.2_10_3.0.101_63-5.1
Ссылки
- CVE-2015-5154
- SUSE Bug 938344
- SUSE Bug 950367