Описание
security update for xen
This security update of Xen fixes the following issues:
- bsc#939712 (XSA-140): QEMU leak of uninitialized heap memory in rtl8139 device model (CVE-2015-5165)
- bsc#939709 (XSA-139): Use after free in QEMU/Xen block unplug protocol (CVE-2015-5166)
Список пакетов
SUSE Linux Enterprise Desktop 11 SP4
xen-4.4.2_12-23.1
xen-doc-html-4.4.2_12-23.1
xen-kmp-default-4.4.2_12_3.0.101_63-23.1
xen-kmp-pae-4.4.2_12_3.0.101_63-23.1
xen-libs-4.4.2_12-23.1
xen-libs-32bit-4.4.2_12-23.1
xen-tools-4.4.2_12-23.1
xen-tools-domU-4.4.2_12-23.1
SUSE Linux Enterprise Server 11 SP4
xen-4.4.2_12-23.1
xen-doc-html-4.4.2_12-23.1
xen-kmp-default-4.4.2_12_3.0.101_63-23.1
xen-kmp-pae-4.4.2_12_3.0.101_63-23.1
xen-libs-4.4.2_12-23.1
xen-libs-32bit-4.4.2_12-23.1
xen-tools-4.4.2_12-23.1
xen-tools-domU-4.4.2_12-23.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4
xen-4.4.2_12-23.1
xen-doc-html-4.4.2_12-23.1
xen-kmp-default-4.4.2_12_3.0.101_63-23.1
xen-kmp-pae-4.4.2_12_3.0.101_63-23.1
xen-libs-4.4.2_12-23.1
xen-libs-32bit-4.4.2_12-23.1
xen-tools-4.4.2_12-23.1
xen-tools-domU-4.4.2_12-23.1
SUSE Linux Enterprise Software Development Kit 11 SP4
xen-devel-4.4.2_12-23.1
Ссылки
- Link for SUSE-SU-2015:1404-1
- E-Mail link for SUSE-SU-2015:1404-1
- SUSE Security Ratings
- SUSE Bug 939709
- SUSE Bug 939712
- SUSE CVE CVE-2015-5165 page
- SUSE CVE CVE-2015-5166 page
Описание
The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors.
Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP4:xen-4.4.2_12-23.1
SUSE Linux Enterprise Desktop 11 SP4:xen-doc-html-4.4.2_12-23.1
SUSE Linux Enterprise Desktop 11 SP4:xen-kmp-default-4.4.2_12_3.0.101_63-23.1
SUSE Linux Enterprise Desktop 11 SP4:xen-kmp-pae-4.4.2_12_3.0.101_63-23.1
Ссылки
- CVE-2015-5165
- SUSE Bug 939712
- SUSE Bug 950367
Описание
Use-after-free vulnerability in QEMU in Xen 4.5.x and earlier does not completely unplug emulated block devices, which allows local HVM guest users to gain privileges by unplugging a block device twice.
Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP4:xen-4.4.2_12-23.1
SUSE Linux Enterprise Desktop 11 SP4:xen-doc-html-4.4.2_12-23.1
SUSE Linux Enterprise Desktop 11 SP4:xen-kmp-default-4.4.2_12_3.0.101_63-23.1
SUSE Linux Enterprise Desktop 11 SP4:xen-kmp-pae-4.4.2_12_3.0.101_63-23.1
Ссылки
- CVE-2015-5166
- SUSE Bug 939709
- SUSE Bug 950367