[FEDORA-2015-9965] Fedora 20: xen
Severity
High
Affected Packages
1
CVEs
49
Heap overflow in QEMU PCNET controller, allowing guest->host escape
XSA-135, CVE-2015-3209
GNTTABOP_swap_grant_ref operation misbehavior [XSA-134, CVE-2015-4163]
vulnerability in the iret hypercall handler [XSA-136, CVE-2015-4164]
Potential unintended writes to host MSI message data field via qemu
[XSA-128, CVE-2015-4103],
PCI MSI mask bits inadvertently exposed to guests [XSA-129,
CVE-2015-4104],
Guest triggerable qemu MSI-X pass-through error messages [XSA-130,
CVE-2015-4105],
Unmediated PCI register access in qemu [XSA-131, CVE-2015-4106]
Package | Affected Version |
---|---|
pkg:rpm/fedora/xen?distro=fedora-20 | < 4.3.4.6.fc20 |
- ID
- FEDORA-2015-9965
- Severity
- high
- Severity from
- CVE-2014-7188
- URL
- https://bodhi.fedoraproject.org/updates/FEDORA-2015-9965
- Published
-
2015-06-24T16:04:11
(9 years ago) - Modified
-
2015-06-24T16:04:11
(9 years ago) - Rights
- Copyright 2015 Red Hat, Inc.
- Other Advisories
-
- DSA-2909-1
- DSA-2910-1
- DSA-3006-1
- DSA-3041-1
- DSA-3128-1
- DSA-3140-1
- DSA-3181-1
- DSA-3259-1
- DSA-3262-1
- DSA-3274-1
- DSA-3284-1
- DSA-3285-1
- DSA-3286-1
- DSA-3414-1
- ELSA-2014-0285
- ELSA-2014-0420
- ELSA-2014-0926
- ELSA-2014-3034
- ELSA-2015-0783
- ELSA-2015-0998
- ELSA-2015-0999
- ELSA-2015-1002
- ELSA-2015-1003
- ELSA-2015-1087
- ELSA-2015-1189
- ELSA-2016-0450
- FEDORA-2013-22312
- FEDORA-2013-22325
- FEDORA-2013-22754
- FEDORA-2013-22866
- FEDORA-2013-22888
- FEDORA-2013-23251
- FEDORA-2013-23457
- FEDORA-2013-23466
- FEDORA-2014-10445
- FEDORA-2014-11271
- FEDORA-2014-11641
- FEDORA-2014-12000
- FEDORA-2014-12002
- FEDORA-2014-12036
- FEDORA-2014-14033
- FEDORA-2014-15503
- FEDORA-2014-1552
- FEDORA-2014-15521
- FEDORA-2014-1559
- FEDORA-2014-15951
- FEDORA-2014-15995
- FEDORA-2014-16017
- FEDORA-2014-16626
- FEDORA-2014-2170
- FEDORA-2014-2188
- FEDORA-2014-2802
- FEDORA-2014-2862
- FEDORA-2014-4424
- FEDORA-2014-4458
- FEDORA-2014-5825
- FEDORA-2014-5915
- FEDORA-2014-5941
- FEDORA-2014-6288
- FEDORA-2014-6970
- FEDORA-2014-7408
- FEDORA-2014-7423
- FEDORA-2014-7722
- FEDORA-2014-7734
- FEDORA-2014-8183
- FEDORA-2014-9472
- FEDORA-2014-9493
- FEDORA-2015-0331
- FEDORA-2015-0345
- FEDORA-2015-10001
- FEDORA-2015-11247
- FEDORA-2015-11308
- FEDORA-2015-12657
- FEDORA-2015-12714
- FEDORA-2015-13358
- FEDORA-2015-13402
- FEDORA-2015-13404
- FEDORA-2015-1886
- FEDORA-2015-3721
- FEDORA-2015-3935
- FEDORA-2015-3944
- FEDORA-2015-5208
- FEDORA-2015-5295
- FEDORA-2015-5402
- FEDORA-2015-6569
- FEDORA-2015-6583
- FEDORA-2015-6670
- FEDORA-2015-8194
- FEDORA-2015-8220
- FEDORA-2015-8248
- FEDORA-2015-8249
- FEDORA-2015-8252
- FEDORA-2015-8270
- FEDORA-2015-9456
- FEDORA-2015-9466
- FEDORA-2015-9599
- FEDORA-2015-9601
- FEDORA-2015-9978
- FREEBSD:0D732FD1-27E0-11E5-A4A5-002590263BF5
- FREEBSD:103A47D5-27E7-11E5-A4A5-002590263BF5
- FREEBSD:2780E442-FC59-11E4-B18B-6805CA1D3BB1
- FREEBSD:3D657340-27EA-11E5-A4A5-002590263BF5
- FREEBSD:4DB8A0F4-27E9-11E5-A4A5-002590263BF5
- FREEBSD:5023F559-27E2-11E5-A4A5-002590263BF5
- FREEBSD:79F401CD-27E6-11E5-A4A5-002590263BF5
- FREEBSD:80E846FF-27EB-11E5-A4A5-002590263BF5
- FREEBSD:83A28417-27E3-11E5-A4A5-002590263BF5
- FREEBSD:8C31B288-27EC-11E5-A4A5-002590263BF5
- FREEBSD:ACD5D037-1C33-11E5-BE9C-6805CA1D3BB1
- FREEBSD:AF38CFEC-27E7-11E5-A4A5-002590263BF5
- FREEBSD:CBE1A0F9-27E9-11E5-A4A5-002590263BF5
- FREEBSD:CE658051-27EA-11E5-A4A5-002590263BF5
- FREEBSD:D40C66CB-27E4-11E5-A4A5-002590263BF5
- FREEBSD:EF9D041E-27E2-11E5-A4A5-002590263BF5
- GLSA-201407-03
- GLSA-201408-17
- GLSA-201412-42
- GLSA-201504-04
- GLSA-201510-02
- GLSA-201602-01
- GLSA-201604-03
- GLSA-201612-27
- RHSA-2014:0420
- RHSA-2015:0998
- RHSA-2015:0999
- RHSA-2015:1087
- SUSE-SU-2015:0481-1
- SUSE-SU-2015:0581-1
- SUSE-SU-2015:0613-1
- SUSE-SU-2015:0652-1
- SUSE-SU-2015:0701-1
- SUSE-SU-2015:0736-1
- SUSE-SU-2015:0745-1
- SUSE-SU-2015:0746-1
- SUSE-SU-2015:0747-1
- SUSE-SU-2015:0870-1
- SUSE-SU-2015:0889-1
- SUSE-SU-2015:0896-1
- SUSE-SU-2015:0923-1
- SUSE-SU-2015:0927-1
- SUSE-SU-2015:0929-1
- SUSE-SU-2015:0940-1
- SUSE-SU-2015:0943-1
- SUSE-SU-2015:0944-1
- SUSE-SU-2015:1042-1
- SUSE-SU-2015:1045-1
- SUSE-SU-2015:1152-1
- SUSE-SU-2015:1156-1
- SUSE-SU-2015:1157-1
- SUSE-SU-2015:1174-1
- SUSE-SU-2015:1376-1
- SUSE-SU-2015:1426-1
- SUSE-SU-2015:1479-1
- SUSE-SU-2015:1479-2
- SUSE-SU-2015:1519-1
- SUSE-SU-2015:2324-1
- USN-2182-1
- USN-2608-1
- USN-2630-1
- XSA-100
- XSA-104
- XSA-105
- XSA-106
- XSA-108
- XSA-109
- XSA-110
- XSA-111
- XSA-112
- XSA-113
- XSA-114
- XSA-116
- XSA-119
- XSA-121
- XSA-122
- XSA-123
- XSA-125
- XSA-126
- XSA-127
- XSA-128
- XSA-129
- XSA-130
- XSA-131
- XSA-132
- XSA-133
- XSA-134
- XSA-135
- XSA-136
- XSA-60
- XSA-74
- XSA-76
- XSA-78
- XSA-80
- XSA-82
- XSA-83
- XSA-84
- XSA-85
- XSA-86
- XSA-87
- XSA-88
- XSA-89
- XSA-92
- XSA-96
- XSA-97
Source | # ID | Name | URL |
---|---|---|---|
Bugzilla | 1223851 | Bug #1223851 - CVE-2015-4104 xen: PCI MSI mask bits inadvertently exposed to guests (xsa-129) | https://bugzilla.redhat.com/show_bug.cgi?id=1223851 |
Bugzilla | 1223859 | Bug #1223859 - xen: unmediated PCI register access in qemu (xsa-131) | https://bugzilla.redhat.com/show_bug.cgi?id=1223859 |
Bugzilla | 1225882 | Bug #1225882 - CVE-2015-3209 qemu: pcnet: multi-tmd buffer overflow in the tx path | https://bugzilla.redhat.com/show_bug.cgi?id=1225882 |
Bugzilla | 1223853 | Bug #1223853 - xen: guest triggerable qemu MSI-X pass-through error messages (xsa-130) | https://bugzilla.redhat.com/show_bug.cgi?id=1223853 |
Bugzilla | 1223846 | Bug #1223846 - CVE-2015-4103 xen: potential unintended writes to host MSI message data field via qemu (xsa-128) | https://bugzilla.redhat.com/show_bug.cgi?id=1223846 |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/fedora/xen?distro=fedora-20 | fedora | xen | < 4.3.4.6.fc20 | fedora-20 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |