Login
Login-Name Passwort


 
Newsletter
Werbung

Sicherheit: Mehrere Probleme in Xen
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in Xen
ID: FEDORA-2016-f4504e9445
Distribution: Fedora
Plattformen: Fedora 23
Datum: So, 20. März 2016, 08:06
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2841
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1981
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8817
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8818
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2198
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2857
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2391
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8613
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2858
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2538
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1922
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1714
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2392

Originalnachricht

Name        : xen
Product : Fedora 23
Version : 4.5.2
Release : 9.fc23
URL : http://xen.org/
Summary : Xen is a virtual machine monitor
Description :
This package contains the XenD daemon and xm command line
tools, needed to manage virtual machines running under the
Xen hypervisor

-------------------------------------------------------------------------------
-
Update Information:

Qemu: nvram: OOB r/w access in processing firmware configurations CVE-2016-1714
(#1296080) Qemu: i386: null pointer dereference in vapic_write() CVE-2016-1922
(#1292767) qemu: Stack-based buffer overflow in megasas_ctrl_get_info
CVE-2015-8613 (#1293305) qemu-kvm: Infinite loop and out-of-bounds transfer
start in start_xmit() and e1000_receive_iov() CVE-2016-1981 (#1299996) Qemu:
usb
ehci out-of-bounds read in ehci_process_itd (#1300235) Qemu: usb: ehci null
pointer dereference in ehci_caps_write CVE-2016-2198 (#1303135) Qemu: net:
ne2000: infinite loop in ne2000_receive CVE-2016-2841 (#1304048) Qemu: usb:
integer overflow in remote NDIS control message handling CVE-2016-2538
(#1305816) Qemu: usb: null pointer dereference in remote NDIS control message
handling CVE-2016-2392 (#1307116) Qemu: usb: multiple eof_timers in ohci module
leads to null pointer dereference CVE-2016-2391 (#1308882) Qemu: net: out of
bounds read in net_checksum_calculate() CVE-2016-2857 (#1309565) Qemu: OOB
access in address_space_rw leads to segmentation fault CVE-2015-8817
CVE-2015-8818 (#1313273) Qemu: rng-random: arbitrary stack based allocation
leading to corruption CVE-2016-2858 (#1314678)
-------------------------------------------------------------------------------
-
References:

[ 1 ] Bug #1296060 - CVE-2016-1714 Qemu: nvram: OOB r/w access in processing
firmware configurations
https://bugzilla.redhat.com/show_bug.cgi?id=1296060
[ 2 ] Bug #1283934 - CVE-2016-1922 Qemu: i386: null pointer dereference in
vapic_write()
https://bugzilla.redhat.com/show_bug.cgi?id=1283934
[ 3 ] Bug #1284008 - CVE-2015-8613 Qemu: scsi: stack based buffer overflow in
megasas_ctrl_get_info
https://bugzilla.redhat.com/show_bug.cgi?id=1284008
[ 4 ] Bug #1298570 - CVE-2016-1981 Qemu: net: e1000 infinite loop in
start_xmit and e1000_receive_iov routines
https://bugzilla.redhat.com/show_bug.cgi?id=1298570
[ 5 ] Bug #1299455 - Qemu: usb ehci out-of-bounds read in ehci_process_itd
https://bugzilla.redhat.com/show_bug.cgi?id=1299455
[ 6 ] Bug #1301643 - CVE-2016-2198 Qemu: usb: ehci null pointer dereference
in ehci_caps_write
https://bugzilla.redhat.com/show_bug.cgi?id=1301643
[ 7 ] Bug #1303106 - CVE-2016-2841 Qemu: net: ne2000: infinite loop in
ne2000_receive
https://bugzilla.redhat.com/show_bug.cgi?id=1303106
[ 8 ] Bug #1303120 - CVE-2016-2538 Qemu: usb: integer overflow in remote NDIS
control message handling
https://bugzilla.redhat.com/show_bug.cgi?id=1303120
[ 9 ] Bug #1302299 - CVE-2016-2392 Qemu: usb: null pointer dereference in
remote NDIS control message handling
https://bugzilla.redhat.com/show_bug.cgi?id=1302299
[ 10 ] Bug #1304794 - CVE-2016-2391 Qemu: usb: multiple eof_timers in ohci
module leads to null pointer dereference
https://bugzilla.redhat.com/show_bug.cgi?id=1304794
[ 11 ] Bug #1296567 - CVE-2016-2857 Qemu: net: out of bounds read in
net_checksum_calculate()
https://bugzilla.redhat.com/show_bug.cgi?id=1296567
[ 12 ] Bug #1300771 - CVE-2015-8817 CVE-2015-8818 Qemu: OOB access in
address_space_rw leads to segmentation fault
https://bugzilla.redhat.com/show_bug.cgi?id=1300771
[ 13 ] Bug #1314676 - CVE-2016-2858 Qemu: rng-random: arbitrary stack based
allocation leading to corruption
https://bugzilla.redhat.com/show_bug.cgi?id=1314676
-------------------------------------------------------------------------------
-

This update can be installed with the "yum" update program. Use
su -c 'yum update xen' at the command line.
For more information, refer to "Managing Software with yum",
available at https://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung