Описание
Security update for xen
xen was updated to fix two security issues.
These security issues were fixed:
- CVE-2015-3259: xl command line config handling stack overflow (bsc#935634, XSA-137).
- CVE-2015-5154: Host code execution via IDE subsystem CD-ROM (bsc#938344).
These non-security issues were fixed:
- Restart of xencommons service did lead to loss of xenstore data (bsc#935256).
- Kdump did not work in a XEN environment (bsc#925466).
Список пакетов
SUSE Linux Enterprise Desktop 12
xen-4.4.2_08-22.5.1
xen-kmp-default-4.4.2_08_k3.12.43_52.6-22.5.1
xen-libs-4.4.2_08-22.5.1
xen-libs-32bit-4.4.2_08-22.5.1
SUSE Linux Enterprise Server 12
xen-4.4.2_08-22.5.1
xen-doc-html-4.4.2_08-22.5.1
xen-kmp-default-4.4.2_08_k3.12.43_52.6-22.5.1
xen-libs-4.4.2_08-22.5.1
xen-libs-32bit-4.4.2_08-22.5.1
xen-tools-4.4.2_08-22.5.1
xen-tools-domU-4.4.2_08-22.5.1
SUSE Linux Enterprise Server for SAP Applications 12
xen-4.4.2_08-22.5.1
xen-doc-html-4.4.2_08-22.5.1
xen-kmp-default-4.4.2_08_k3.12.43_52.6-22.5.1
xen-libs-4.4.2_08-22.5.1
xen-libs-32bit-4.4.2_08-22.5.1
xen-tools-4.4.2_08-22.5.1
xen-tools-domU-4.4.2_08-22.5.1
SUSE Linux Enterprise Software Development Kit 12
xen-devel-4.4.2_08-22.5.1
Ссылки
- Link for SUSE-SU-2015:1302-1
- E-Mail link for SUSE-SU-2015:1302-1
- SUSE Security Ratings
- SUSE Bug 925466
- SUSE Bug 935256
- SUSE Bug 935634
- SUSE Bug 938344
- SUSE CVE CVE-2015-3259 page
- SUSE CVE CVE-2015-5154 page
Описание
Stack-based buffer overflow in the xl command line utility in Xen 4.1.x through 4.5.x allows local guest administrators to gain privileges via a long configuration argument.
Затронутые продукты
SUSE Linux Enterprise Desktop 12:xen-4.4.2_08-22.5.1
SUSE Linux Enterprise Desktop 12:xen-kmp-default-4.4.2_08_k3.12.43_52.6-22.5.1
SUSE Linux Enterprise Desktop 12:xen-libs-32bit-4.4.2_08-22.5.1
SUSE Linux Enterprise Desktop 12:xen-libs-4.4.2_08-22.5.1
Ссылки
- CVE-2015-3259
- SUSE Bug 935634
- SUSE Bug 936281
- SUSE Bug 937018
- SUSE Bug 950367
Описание
Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands.
Затронутые продукты
SUSE Linux Enterprise Desktop 12:xen-4.4.2_08-22.5.1
SUSE Linux Enterprise Desktop 12:xen-kmp-default-4.4.2_08_k3.12.43_52.6-22.5.1
SUSE Linux Enterprise Desktop 12:xen-libs-32bit-4.4.2_08-22.5.1
SUSE Linux Enterprise Desktop 12:xen-libs-4.4.2_08-22.5.1
Ссылки
- CVE-2015-5154
- SUSE Bug 938344
- SUSE Bug 950367