[SECURITY] Fedora 22 Update: xen-4.5.2-9.fc22
updates at fedoraproject.org
updates at fedoraproject.org
Sat Mar 19 21:28:58 UTC 2016
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2016-38b20aa50f
2016-03-19 21:03:15.514835
--------------------------------------------------------------------------------
Name : xen
Product : Fedora 22
Version : 4.5.2
Release : 9.fc22
URL : http://xen.org/
Summary : Xen is a virtual machine monitor
Description :
This package contains the XenD daemon and xm command line
tools, needed to manage virtual machines running under the
Xen hypervisor
--------------------------------------------------------------------------------
Update Information:
Qemu: nvram: OOB r/w access in processing firmware configurations CVE-2016-1714
(#1296080)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1296060 - CVE-2016-1714 Qemu: nvram: OOB r/w access in processing firmware configurations
https://bugzilla.redhat.com/show_bug.cgi?id=1296060
[ 2 ] Bug #1283934 - CVE-2016-1922 Qemu: i386: null pointer dereference in vapic_write()
https://bugzilla.redhat.com/show_bug.cgi?id=1283934
[ 3 ] Bug #1284008 - CVE-2015-8613 Qemu: scsi: stack based buffer overflow in megasas_ctrl_get_info
https://bugzilla.redhat.com/show_bug.cgi?id=1284008
[ 4 ] Bug #1298570 - CVE-2016-1981 Qemu: net: e1000 infinite loop in start_xmit and e1000_receive_iov routines
https://bugzilla.redhat.com/show_bug.cgi?id=1298570
[ 5 ] Bug #1299455 - Qemu: usb ehci out-of-bounds read in ehci_process_itd
https://bugzilla.redhat.com/show_bug.cgi?id=1299455
[ 6 ] Bug #1301643 - CVE-2016-2198 Qemu: usb: ehci null pointer dereference in ehci_caps_write
https://bugzilla.redhat.com/show_bug.cgi?id=1301643
[ 7 ] Bug #1303106 - CVE-2016-2841 Qemu: net: ne2000: infinite loop in ne2000_receive
https://bugzilla.redhat.com/show_bug.cgi?id=1303106
[ 8 ] Bug #1303120 - CVE-2016-2538 Qemu: usb: integer overflow in remote NDIS control message handling
https://bugzilla.redhat.com/show_bug.cgi?id=1303120
[ 9 ] Bug #1302299 - CVE-2016-2392 Qemu: usb: null pointer dereference in remote NDIS control message handling
https://bugzilla.redhat.com/show_bug.cgi?id=1302299
[ 10 ] Bug #1304794 - CVE-2016-2391 Qemu: usb: multiple eof_timers in ohci module leads to null pointer dereference
https://bugzilla.redhat.com/show_bug.cgi?id=1304794
[ 11 ] Bug #1296567 - CVE-2016-2857 Qemu: net: out of bounds read in net_checksum_calculate()
https://bugzilla.redhat.com/show_bug.cgi?id=1296567
[ 12 ] Bug #1300771 - CVE-2015-8817 CVE-2015-8818 Qemu: OOB access in address_space_rw leads to segmentation fault
https://bugzilla.redhat.com/show_bug.cgi?id=1300771
[ 13 ] Bug #1314676 - CVE-2016-2858 Qemu: rng-random: arbitrary stack based allocation leading to corruption
https://bugzilla.redhat.com/show_bug.cgi?id=1314676
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update xen' at the command line.
For more information, refer to "Managing Software with yum",
available at https://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
More information about the package-announce
mailing list