1. Home
  2. Security Advisories
  3. SUSE
  4. SUSE-SU-2015:2306-1

[SUSE-SU-2015:2306-1] Security update for xen

Severity Moderate
Affected Packages 16
CVEs 10
Info Packages References Vulnerabilities

Security update for xen

This update fixes the following security issues:

  • bsc#956832 - CVE-2015-8345: xen: qemu: net: eepro100:
    infinite loop in processing command block list

  • bsc#956408 - CVE-2015-8339, CVE-2015-8340: xen:
    XENMEM_exchange error handling issues (XSA-159)
    xsa159.patch

  • bsc#956411 - CVE-2015-7504: xen: heap buffer overflow
    vulnerability in pcnet emulator (XSA-162)

  • bsc#954405 - CVE-2015-8104: Xen: guest to host DoS by
    triggering an infinite loop in microcode via #DB exception

  • bsc#953527 - CVE-2015-5307: kernel: kvm/xen: x86: avoid
    guest->host DOS by intercepting #AC (XSA-156)

  • bsc#950704 - CVE-2015-7970: xen: x86: Long latency
    populate-on-demand operation is not preemptible (XSA-150)

  • bsc#951845 - CVE-2015-7972: xen: x86: populate-on-demand
    balloon size inaccuracy can crash guests (XSA-153)

  • bsc#950703 - CVE-2015-7969: xen: leak of main per-domain
    vcpu pointer array (DoS) (XSA-149)

  • bsc#950705 - CVE-2015-7969: xen: x86: leak of per-domain
    profiling-related vcpu pointer array (DoS) (XSA-151)

  • bsc#950706 - CVE-2015-7971: xen: x86: some pmu and
    profiling hypercalls log without rate limiting (XSA-152)

Package Affected Version
pkg:rpm/suse/xen?arch=x86_64&distro=sles-11&sp=2 < 4.1.6_08-23.1
pkg:rpm/suse/xen-tools?arch=x86_64&distro=sles-11&sp=2 < 4.1.6_08-23.1
pkg:rpm/suse/xen-tools-domU?arch=x86_64&distro=sles-11&sp=2 < 4.1.6_08-23.1
pkg:rpm/suse/xen-tools-domU?arch=i586&distro=sles-11&sp=2 < 4.1.6_08-23.1
pkg:rpm/suse/xen-libs?arch=x86_64&distro=sles-11&sp=2 < 4.1.6_08-23.1
pkg:rpm/suse/xen-libs?arch=i586&distro=sles-11&sp=2 < 4.1.6_08-23.1
pkg:rpm/suse/xen-libs-32bit?arch=x86_64&distro=sles-11&sp=2 < 4.1.6_08-23.1
pkg:rpm/suse/xen-kmp-trace?arch=x86_64&distro=sles-11&sp=2 < 4.1.6_08_3.0.101_0.7.37-23.1
pkg:rpm/suse/xen-kmp-trace?arch=i586&distro=sles-11&sp=2 < 4.1.6_08_3.0.101_0.7.37-23.1
pkg:rpm/suse/xen-kmp-pae?arch=i586&distro=sles-11&sp=2 < 4.1.6_08_3.0.101_0.7.37-23.1
pkg:rpm/suse/xen-kmp-default?arch=x86_64&distro=sles-11&sp=2 < 4.1.6_08_3.0.101_0.7.37-23.1
pkg:rpm/suse/xen-kmp-default?arch=i586&distro=sles-11&sp=2 < 4.1.6_08_3.0.101_0.7.37-23.1
pkg:rpm/suse/xen-doc-pdf?arch=x86_64&distro=sles-11&sp=2 < 4.1.6_08-23.1
pkg:rpm/suse/xen-doc-html?arch=x86_64&distro=sles-11&sp=2 < 4.1.6_08-23.1
pkg:rpm/suse/xen-devel?arch=x86_64&distro=sles-11&sp=2 < 4.1.6_08-23.1
pkg:rpm/suse/xen-devel?arch=i586&distro=sles-11&sp=2 < 4.1.6_08-23.1
ID
SUSE-SU-2015:2306-1
Severity
moderate
URL
https://www.suse.com/support/update/announcement/2015/suse-su-20152306-1/
Published
2015-12-18T17:18:02
(8 years ago)
Modified
2015-12-18T17:18:02
(8 years ago)
Rights
Copyright 2024 SUSE LLC. All rights reserved.
Other Advisories
Source # ID Name URL
Suse SUSE ratings https://www.suse.com/support/security/rating/
Suse URL of this CSAF notice https://ftp.suse.com/pub/projects/security/csaf/suse-su-2015_2306-1.json
Suse URL for SUSE-SU-2015:2306-1 https://www.suse.com/support/update/announcement/2015/suse-su-20152306-1/
Suse E-Mail link for SUSE-SU-2015:2306-1 https://lists.suse.com/pipermail/sle-security-updates/2015-December/001742.html
Bugzilla SUSE Bug 950703 https://bugzilla.suse.com/950703
Bugzilla SUSE Bug 950704 https://bugzilla.suse.com/950704
Bugzilla SUSE Bug 950705 https://bugzilla.suse.com/950705
Bugzilla SUSE Bug 950706 https://bugzilla.suse.com/950706
Bugzilla SUSE Bug 951845 https://bugzilla.suse.com/951845
Bugzilla SUSE Bug 953527 https://bugzilla.suse.com/953527
Bugzilla SUSE Bug 954405 https://bugzilla.suse.com/954405
Bugzilla SUSE Bug 956408 https://bugzilla.suse.com/956408
Bugzilla SUSE Bug 956411 https://bugzilla.suse.com/956411
Bugzilla SUSE Bug 956832 https://bugzilla.suse.com/956832
CVE SUSE CVE CVE-2015-5307 page https://www.suse.com/security/cve/CVE-2015-5307/
CVE SUSE CVE CVE-2015-7504 page https://www.suse.com/security/cve/CVE-2015-7504/
CVE SUSE CVE CVE-2015-7969 page https://www.suse.com/security/cve/CVE-2015-7969/
CVE SUSE CVE CVE-2015-7970 page https://www.suse.com/security/cve/CVE-2015-7970/
CVE SUSE CVE CVE-2015-7971 page https://www.suse.com/security/cve/CVE-2015-7971/
CVE SUSE CVE CVE-2015-7972 page https://www.suse.com/security/cve/CVE-2015-7972/
CVE SUSE CVE CVE-2015-8104 page https://www.suse.com/security/cve/CVE-2015-8104/
CVE SUSE CVE CVE-2015-8339 page https://www.suse.com/security/cve/CVE-2015-8339/
CVE SUSE CVE CVE-2015-8340 page https://www.suse.com/security/cve/CVE-2015-8340/
CVE SUSE CVE CVE-2015-8345 page https://www.suse.com/security/cve/CVE-2015-8345/
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:rpm/suse/xen?arch=x86_64&distro=sles-11&sp=2 suse xen < 4.1.6_08-23.1 sles-11 x86_64
Affected pkg:rpm/suse/xen-tools?arch=x86_64&distro=sles-11&sp=2 suse xen-tools < 4.1.6_08-23.1 sles-11 x86_64
Affected pkg:rpm/suse/xen-tools-domU?arch=x86_64&distro=sles-11&sp=2 suse xen-tools-domU < 4.1.6_08-23.1 sles-11 x86_64
Affected pkg:rpm/suse/xen-tools-domU?arch=i586&distro=sles-11&sp=2 suse xen-tools-domU < 4.1.6_08-23.1 sles-11 i586
Affected pkg:rpm/suse/xen-libs?arch=x86_64&distro=sles-11&sp=2 suse xen-libs < 4.1.6_08-23.1 sles-11 x86_64
Affected pkg:rpm/suse/xen-libs?arch=i586&distro=sles-11&sp=2 suse xen-libs < 4.1.6_08-23.1 sles-11 i586
Affected pkg:rpm/suse/xen-libs-32bit?arch=x86_64&distro=sles-11&sp=2 suse xen-libs-32bit < 4.1.6_08-23.1 sles-11 x86_64
Affected pkg:rpm/suse/xen-kmp-trace?arch=x86_64&distro=sles-11&sp=2 suse xen-kmp-trace < 4.1.6_08_3.0.101_0.7.37-23.1 sles-11 x86_64
Affected pkg:rpm/suse/xen-kmp-trace?arch=i586&distro=sles-11&sp=2 suse xen-kmp-trace < 4.1.6_08_3.0.101_0.7.37-23.1 sles-11 i586
Affected pkg:rpm/suse/xen-kmp-pae?arch=i586&distro=sles-11&sp=2 suse xen-kmp-pae < 4.1.6_08_3.0.101_0.7.37-23.1 sles-11 i586
Affected pkg:rpm/suse/xen-kmp-default?arch=x86_64&distro=sles-11&sp=2 suse xen-kmp-default < 4.1.6_08_3.0.101_0.7.37-23.1 sles-11 x86_64
Affected pkg:rpm/suse/xen-kmp-default?arch=i586&distro=sles-11&sp=2 suse xen-kmp-default < 4.1.6_08_3.0.101_0.7.37-23.1 sles-11 i586
Affected pkg:rpm/suse/xen-doc-pdf?arch=x86_64&distro=sles-11&sp=2 suse xen-doc-pdf < 4.1.6_08-23.1 sles-11 x86_64
Affected pkg:rpm/suse/xen-doc-html?arch=x86_64&distro=sles-11&sp=2 suse xen-doc-html < 4.1.6_08-23.1 sles-11 x86_64
Affected pkg:rpm/suse/xen-devel?arch=x86_64&distro=sles-11&sp=2 suse xen-devel < 4.1.6_08-23.1 sles-11 x86_64
Affected pkg:rpm/suse/xen-devel?arch=i586&distro=sles-11&sp=2 suse xen-devel < 4.1.6_08-23.1 sles-11 i586
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date