Описание
security update for xen
This security update of Xen fixes the following issues:
- bsc#939712 (XSA-140): QEMU leak of uninitialized heap memory in rtl8139 device model (CVE-2015-5165)
- bsc#939709 (XSA-139): Use after free in QEMU/Xen block unplug protocol (CVE-2015-5166)
Список пакетов
SUSE Linux Enterprise Desktop 12
xen-4.4.2_10-22.8.1
xen-kmp-default-4.4.2_10_k3.12.44_52.10-22.8.1
xen-libs-4.4.2_10-22.8.1
xen-libs-32bit-4.4.2_10-22.8.1
SUSE Linux Enterprise Server 12
xen-4.4.2_10-22.8.1
xen-doc-html-4.4.2_10-22.8.1
xen-kmp-default-4.4.2_10_k3.12.44_52.10-22.8.1
xen-libs-4.4.2_10-22.8.1
xen-libs-32bit-4.4.2_10-22.8.1
xen-tools-4.4.2_10-22.8.1
xen-tools-domU-4.4.2_10-22.8.1
SUSE Linux Enterprise Server for SAP Applications 12
xen-4.4.2_10-22.8.1
xen-doc-html-4.4.2_10-22.8.1
xen-kmp-default-4.4.2_10_k3.12.44_52.10-22.8.1
xen-libs-4.4.2_10-22.8.1
xen-libs-32bit-4.4.2_10-22.8.1
xen-tools-4.4.2_10-22.8.1
xen-tools-domU-4.4.2_10-22.8.1
SUSE Linux Enterprise Software Development Kit 12
xen-devel-4.4.2_10-22.8.1
Ссылки
- Link for SUSE-SU-2015:1384-1
- E-Mail link for SUSE-SU-2015:1384-1
- SUSE Security Ratings
- SUSE Bug 939709
- SUSE Bug 939712
- SUSE CVE CVE-2015-5165 page
- SUSE CVE CVE-2015-5166 page
Описание
The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors.
Затронутые продукты
SUSE Linux Enterprise Desktop 12:xen-4.4.2_10-22.8.1
SUSE Linux Enterprise Desktop 12:xen-kmp-default-4.4.2_10_k3.12.44_52.10-22.8.1
SUSE Linux Enterprise Desktop 12:xen-libs-32bit-4.4.2_10-22.8.1
SUSE Linux Enterprise Desktop 12:xen-libs-4.4.2_10-22.8.1
Ссылки
- CVE-2015-5165
- SUSE Bug 939712
- SUSE Bug 950367
Описание
Use-after-free vulnerability in QEMU in Xen 4.5.x and earlier does not completely unplug emulated block devices, which allows local HVM guest users to gain privileges by unplugging a block device twice.
Затронутые продукты
SUSE Linux Enterprise Desktop 12:xen-4.4.2_10-22.8.1
SUSE Linux Enterprise Desktop 12:xen-kmp-default-4.4.2_10_k3.12.44_52.10-22.8.1
SUSE Linux Enterprise Desktop 12:xen-libs-32bit-4.4.2_10-22.8.1
SUSE Linux Enterprise Desktop 12:xen-libs-4.4.2_10-22.8.1
Ссылки
- CVE-2015-5166
- SUSE Bug 939709
- SUSE Bug 950367