Overview

File _patchinfo of Package patchinfo.3676

<patchinfo incident="3676">
  <packager>charlesa</packager>
  <issue tracker="bnc" id="895528">VUL-1: CVE-2014-3615: xen,kvm,qemu: inf e rmation leakage when guest sets high resolution</issue>
  <issue tracker="bnc" id="918998">VUL-0: CVE-2015-2045: xen: XSA-122: Information leak through version information hypercall</issue>
  <issue tracker="bnc" id="918995">VUL-0: CVE-2015-2044: xen: XSA-121: Information leak via internal x86 system device emulation</issue>
  <issue tracker="bnc" id="861318">xentop reports "Found interface vif101.0 but domain 101 does not exist."</issue>
  <issue tracker="bnc" id="919098">XEN blktap device intermittently fails to connect</issue>
  <issue tracker="bnc" id="903680">Problems with detecting free loop devices on Xen guest startup</issue>
  <issue tracker="bnc" id="901488">Intel ixgbe driver assigns rx/tx queues per core resulting in irq problems on servers with a large amount of CPU cores</issue>
  <issue tracker="bnc" id="910254">SLES11 SP3 Xen VT-d igb NIC doesn't work</issue>
  <issue tracker="bnc" id="919663">VUL-0: CVE-2015-2152: xen: XSA-119: HVM qemu unexpectedly enabling emulated VGA graphics backends</issue>
  <issue tracker="bnc" id="922706">VUL-0: CVE-2015-2756: xen: XSA-126: Unmediated PCI command register access in qemu</issue>
  <issue tracker="bnc" id="919464">VUL-0: CVE-2015-2151: xen: XSA-123: Hypervisor memory corruption due to x86 emulator flaw</issue>
  <issue tracker="bnc" id="922705">VUL-0: CVE-2015-2752: xen: XSA-125: Long latency MMIO mapping operations are not preemptible</issue>
  <issue tracker="cve" id="CVE-2015-2756"></issue>
  <issue tracker="cve" id="CVE-2015-2152"></issue>
  <issue tracker="cve" id="CVE-2015-2151"></issue>
  <issue tracker="cve" id="CVE-2015-2752"></issue>
  <issue tracker="cve" id="CVE-2015-2045"></issue>
  <issue tracker="cve" id="CVE-2015-2044"></issue>
  <issue tracker="cve" id="CVE-2014-3615"></issue>
  <category>security</category>
  <rating>important</rating>
  <summary>Security update for xen</summary>
  <description>Xen was updated to 4.3.4 to fix multiple vulnerabities and non-security bugs.

The following vulnerabilities were fixed:

- Long latency MMIO mapping operations are not preemptible (XSA-125 CVE-2015-2752 bnc#922705)
- Unmediated PCI command register access in qemu (XSA-126 CVE-2015-2756 bnc#922706)
- Hypervisor memory corruption due to x86 emulator flaw (bnc#919464 CVE-2015-2151 XSA-123)
- Information leak through version information hypercall (bnc#918998  CVE-2015-2045 XSA-122)
- Information leak via internal x86 system device emulation (bnc#918995 (CVE-2015-2044 XSA-121)
- HVM qemu unexpectedly enabling emulated VGA graphics backends (bnc#919663 CVE-2015-2152 XSA-119)
- information leakage when guest sets high resolution (bnc#895528 CVE-2014-3615)

The following non-security bugs were fixed:

- L3: XEN blktap device intermittently fails to connect (bnc#919098) 
- Problems with detecting free loop devices on Xen guest startup (bnc#903680)
- xentop reports "Found interface vif101.0 but domain 101 does not exist." (bnc#861318) 
- Intel ixgbe driver assigns rx/tx queues per core resulting in irq problems on servers with a large amount of CPU cores (bnc#901488)
- SLES11 SP3 Xen VT-d igb NIC doesn't work (bnc#910254)
</description>
  <reboot_needed/>
</patchinfo>
openSUSE Build Service is sponsored by
Places