(posted this already to opensuse-virtual ML; was suggested that I post
it here as well)
I run latest Xen from d.o.o's Virtualization/openSUSE_13.2 repo
rpm -qa | grep -i ^xen | sort
xen-4.5.1_10-390.1.x86_64
xen-libs-4.5.1_10-390.1.x86_64
xen-tools-4.5.1_10-390.1.x86_64
Xen's now made public it's latest critical advisory
http://arstechnica.com/security/2015/10/xen-patches-7-year-old-bug-that-sha…
"Xen patches 7-year-old bug that shattered hypervisor security.
Critical vulnerability allowed some guests to access underlying
operating system."
http://xenbits.xen.org/xsa/advisory-148.html
Advisory XSA-148
Public release 2015-10-29 11:59
...
CVE(s) CVE-2015-7835
Title x86: Uncontrolled creation of large page mappings by PV guests
The advisory instructs patching to resolve
RESOLUTION
==========
Applying the appropriate attached patch resolves this issue.
xsa148.patch xen-unstable, Xen 4.6.x
xsa148-4.5.patch Xen 4.5.x
xsa148-4.4.patch Xen 4.4.x, Xen 4.3.x
Checking installed Xen's changelog
rpm -q --changelog xen | egrep "CVE-2015-7835|xsa148"
(empty)
it's not been applied. Or, afaict from obs, even submitted.
Where's this security patch in the package tree?
--
To unsubscribe, e-mail: opensuse-security+unsubscribe(a)opensuse.org
To contact the owner, e-mail: opensuse-security+owner(a)opensuse.org
Hi all,
it's that time of the year and we need to rally the Geekos to tell the
world all the great things you have done this past year that are now in
Leap. Please take the time to update the features page on the openSUSE
wiki - https://en.opensuse.org/Features
Please add the current information, new and relevant information related
to Leap. We highly is appreciated.
If you haven't read already, we are having a Wikithon
(https://news.opensuse.org/2015/10/19/weekend-wikithon-to-refresh-content/)
this weekend to refresh the wiki and add new features to our newest
release. Without your help, it won't be possible. Please help where you
can and try to win one of the four hats we are awarding to the people
with the most contributions.
v/r
Doug
--
To unsubscribe, e-mail: opensuse-security+unsubscribe(a)opensuse.org
To contact the owner, e-mail: opensuse-security+owner(a)opensuse.org
opensuse-security(a)opensuse.org wrote:
> openSUSE Security Update: Security update for MozillaFirefox
> ______________________________________________________________________________
>
> Announcement ID: openSUSE-SU-2015:1658-1
> Rating: important
> References: #947003
> Cross-References: CVE-2015-4476 CVE-2015-4500 CVE-2015-4501
> CVE-2015-4502 CVE-2015-4503 CVE-2015-4504
> CVE-2015-4505 CVE-2015-4506 CVE-2015-4507
> CVE-2015-4508 CVE-2015-4509 CVE-2015-4510
> CVE-2015-4511 CVE-2015-4512 CVE-2015-4516
> CVE-2015-4517 CVE-2015-4519 CVE-2015-4520
> CVE-2015-4521 CVE-2015-4522 CVE-2015-7174
> CVE-2015-7175 CVE-2015-7176 CVE-2015-7177
> CVE-2015-7178 CVE-2015-7179 CVE-2015-7180
>
> Affected Products:
> openSUSE 13.2
> openSUSE 13.1
> ______________________________________________________________________________
>
> An update that fixes 27 vulnerabilities is now available.
>
Why are the updates for Firefox and Chromium tracked continuously, while Seamonkey is
updated only very occasionally? The version on openSUSE 13.1 is still 2.33.1 and Seamonkey
complains it is outdated.
Regards,
Rob Janssen
--
To unsubscribe, e-mail: opensuse-security+unsubscribe(a)opensuse.org
To contact the owner, e-mail: opensuse-security+owner(a)opensuse.org