openSUSE-SU-2015:2250-1: moderate: Security update for xen
openSUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: openSUSE-SU-2015:2250-1 Rating: moderate References: #947165 #950704 #954018 #954405 Cross-References: CVE-2015-5307 CVE-2015-7311 CVE-2015-7835 CVE-2015-7970 CVE-2015-8104 Affected Products: openSUSE 13.2 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update fixes the following security issues: - bsc#947165 - CVE-2015-7311: xen: libxl fails to honour readonly flag on disks with qemu-xen (xsa-142) - bsc#954405 - CVE-2015-8104: Xen: guest to host DoS by triggering an infinite loop in microcode via #DB exception - bsc#954018 - CVE-2015-5307: xen: x86: CPU lockup during fault delivery (XSA-156) - bsc#950704 - CVE-2015-7970: xen: x86: Long latency populate-on-demand operation is not preemptible (XSA-150) Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.2: zypper in -t patch openSUSE-2015-893=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.2 (i586 x86_64): xen-debugsource-4.4.3_04-33.1 xen-devel-4.4.3_04-33.1 xen-libs-4.4.3_04-33.1 xen-libs-debuginfo-4.4.3_04-33.1 xen-tools-domU-4.4.3_04-33.1 xen-tools-domU-debuginfo-4.4.3_04-33.1 - openSUSE 13.2 (x86_64): xen-4.4.3_04-33.1 xen-doc-html-4.4.3_04-33.1 xen-kmp-default-4.4.3_04_k3.16.7_29-33.1 xen-kmp-default-debuginfo-4.4.3_04_k3.16.7_29-33.1 xen-kmp-desktop-4.4.3_04_k3.16.7_29-33.1 xen-kmp-desktop-debuginfo-4.4.3_04_k3.16.7_29-33.1 xen-libs-32bit-4.4.3_04-33.1 xen-libs-debuginfo-32bit-4.4.3_04-33.1 xen-tools-4.4.3_04-33.1 xen-tools-debuginfo-4.4.3_04-33.1 References: https://www.suse.com/security/cve/CVE-2015-5307.html https://www.suse.com/security/cve/CVE-2015-7311.html https://www.suse.com/security/cve/CVE-2015-7835.html https://www.suse.com/security/cve/CVE-2015-7970.html https://www.suse.com/security/cve/CVE-2015-8104.html https://bugzilla.suse.com/947165 https://bugzilla.suse.com/950704 https://bugzilla.suse.com/954018 https://bugzilla.suse.com/954405
participants (1)
-
opensuse-security@opensuse.org