File _patchinfo of Package patchinfo.4140
<patchinfo incident="4140"> <issue id="877642" tracker="bnc">VUL-0: CVE-2014-0222: qemu: qcow1: validate L2 table size to avoid integer overflows</issue> <issue id="932267" tracker="bnc">VUL-1: CVE-2015-4037: qemu,kvm,xen: insecure temporary file use in /net/slirp.c</issue> <issue id="950367" tracker="bnc">VUL-0: CVE-2015-7835: xen: x86: Uncontrolled creation of large page mappings by PV guests (XSA-148)</issue> <issue id="950703" tracker="bnc">VUL-1: CVE-2015-7969: xen: leak of main per-domain vcpu pointer array (DoS) (XSA-149)</issue> <issue id="950705" tracker="bnc">VUL-1: CVE-2015-7969: xen: x86: leak of per-domain profiling-related vcpu pointer array (DoS) (XSA-151)</issue> <issue id="950706" tracker="bnc">VUL-0: CVE-2015-7971: xen: x86: some pmu and profiling hypercalls log without rate limiting (XSA-152)</issue> <issue id="951845" tracker="bnc">VUL-1: CVE-2015-7972: xen: x86: populate-on-demand balloon size inaccuracy can crash guests (XSA-153)</issue> <issue id="CVE-2014-0222" tracker="cve" /> <issue id="CVE-2015-4037" tracker="cve" /> <issue id="CVE-2015-7835" tracker="cve" /> <issue id="CVE-2015-7969" tracker="cve" /> <issue id="CVE-2015-7971" tracker="cve" /> <issue id="CVE-2015-7972" tracker="cve" /> <category>security</category> <rating>moderate</rating> <packager>charlesa</packager> <description> Xen was updated to fix 6 security issues. These security issues were fixed: - CVE-2014-0222: Validate L2 table size to avoid integer overflows (bsc#877642). - CVE-2015-4037: Insecure temporary file use in /net/slirp.c (bsc#932267). - CVE-2015-7835: Uncontrolled creation of large page mappings by PV guests (bsc#950367). - CVE-2015-7969: Leak of per-domain profiling-related vcpu pointer array (DoS) (bsc#950705 bsc#950703). - CVE-2015-7971: Some pmu and profiling hypercalls log without rate limiting (bsc#950706). - CVE-2015-7972: Populate-on-demand balloon size inaccuracy can crash guests (bsc#951845). </description> <summary>Security update for xen</summary> </patchinfo>
