Overview

File _patchinfo of Package patchinfo.653

<patchinfo incident="653">
  <packager>charlesa</packager>
  <issue tracker="bnc" id="932790">VUL-0: CVE-2015-4163: xen: GNTTABOP_swap_grant_ref operation misbehavior (XSA-134)</issue>
  <issue tracker="bnc" id="932770">VUL-0: CVE-2015-3209: qemu,xen,kvm: heap overflow in qemu pcnet controller allowing guest to host escape</issue>
  <issue tracker="bnc" id="932996">VUL-0: CVE-2015-4164: xen: DoS through iret hypercall handler (XSA-136)</issue>
  <issue tracker="bnc" id="906689">xendomains fails to auto start domus</issue>
  <issue tracker="bnc" id="931628">VUL-0: CVE-2015-4106: xen: Unmediated PCI register access in qemu (XSA-131)</issue>
  <issue tracker="bnc" id="931625">VUL-0: CVE-2015-4103: xen: Potential unintended writes to host MSI message data field via qemu (XSA-128)</issue>
  <issue tracker="bnc" id="931627">VUL-0: CVE-2015-4105: xen: Guest triggerable qemu MSI-X pass-through error messages (XSA-130)</issue>
  <issue tracker="bnc" id="931626">VUL-0: CVE-2015-4104: xen: PCI MSI mask bits inadvertently exposed to guests (XSA-129)</issue>
  <issue tracker="cve" id="CVE-2015-4163"></issue>
  <issue tracker="cve" id="CVE-2015-4164"></issue>
  <issue tracker="cve" id="CVE-2015-4106"></issue>
  <issue tracker="cve" id="CVE-2015-4104"></issue>
  <issue tracker="cve" id="CVE-2015-4105"></issue>
  <issue tracker="cve" id="CVE-2015-4103"></issue>
  <issue tracker="cve" id="CVE-2015-3209"></issue>
  <category>security</category>
  <rating>important</rating>
  <summary>Security update for xen</summary>
  <description>Xen was updated to fix seven security issues and one non-security bug.

The following vulnerabilities were fixed:

* CVE-2015-4103: Potential unintended writes to host MSI message data field via qemu (XSA-128) (bnc#931625)
* CVE-2015-4104: PCI MSI mask bits inadvertently exposed to guests (XSA-129) (bnc#931626)
* CVE-2015-4105: Guest triggerable qemu MSI-X pass-through error messages (XSA-130) (bnc#931627)
* CVE-2015-4106: Unmediated PCI register access in qemu (XSA-131) (bnc#931628)
* CVE-2015-4163: GNTTABOP_swap_grant_ref operation misbehavior (XSA-134) (bnc#932790)
* CVE-2015-3209: heap overflow in qemu pcnet controller allowing guest to host escape (XSA-135) (bnc#932770)
* CVE-2015-4164: DoS through iret hypercall handler (XSA-136) (bnc#932996)

The following non-security bug was fixed:

* bnc#906689: let systemd schedule xencommons after network-online.target and remote-fs.target so that xendomains has access to remote shares
</description>
  <reboot_needed/>
</patchinfo>
openSUSE Build Service is sponsored by
Places