Описание
Security update for xen
Xen was updated to fix the following security issues:
- CVE-2015-5154: Host code execution via IDE subsystem CD-ROM (bsc#938344)
- CVE-2015-5165: QEMU leak of uninitialized heap memory in rtl8139 device model (XSA-140, bsc#939712)
Список пакетов
SUSE Linux Enterprise Server 11 SP1-LTSS
xen-4.0.3_21548_18-29.1
xen-doc-html-4.0.3_21548_18-29.1
xen-doc-pdf-4.0.3_21548_18-29.1
xen-kmp-default-4.0.3_21548_18_2.6.32.59_0.19-29.1
xen-kmp-pae-4.0.3_21548_18_2.6.32.59_0.19-29.1
xen-kmp-trace-4.0.3_21548_18_2.6.32.59_0.19-29.1
xen-libs-4.0.3_21548_18-29.1
xen-tools-4.0.3_21548_18-29.1
xen-tools-domU-4.0.3_21548_18-29.1
Ссылки
- Link for SUSE-SU-2015:1421-1
- E-Mail link for SUSE-SU-2015:1421-1
- SUSE Security Ratings
- SUSE Bug 938344
- SUSE Bug 939712
- SUSE CVE CVE-2015-5154 page
- SUSE CVE CVE-2015-5165 page
Описание
Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands.
Затронутые продукты
SUSE Linux Enterprise Server 11 SP1-LTSS:xen-4.0.3_21548_18-29.1
SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-html-4.0.3_21548_18-29.1
SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-pdf-4.0.3_21548_18-29.1
SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-default-4.0.3_21548_18_2.6.32.59_0.19-29.1
Ссылки
- CVE-2015-5154
- SUSE Bug 938344
- SUSE Bug 950367
Описание
The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors.
Затронутые продукты
SUSE Linux Enterprise Server 11 SP1-LTSS:xen-4.0.3_21548_18-29.1
SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-html-4.0.3_21548_18-29.1
SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-pdf-4.0.3_21548_18-29.1
SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-default-4.0.3_21548_18_2.6.32.59_0.19-29.1
Ссылки
- CVE-2015-5165
- SUSE Bug 939712
- SUSE Bug 950367