——————————————————————————–
Fedora Update Notification
FEDORA-2016-38b20aa50f
2016-03-19 21:03:15.514835
——————————————————————————–
Name : xen
Product : Fedora 22
Version : 4.5.2
Release : 9.fc22
URL : http://xen.org/
Summary : Xen is a virtual machine monitor
Description :
This package contains the XenD daemon and xm command line
tools, needed to manage virtual machines running under the
Xen hypervisor
——————————————————————————–
Update Information:
Qemu: nvram: OOB r/w access in processing firmware configurations CVE-2016-1714
(#1296080)
——————————————————————————–
References:
[ 1 ] Bug #1296060 – CVE-2016-1714 Qemu: nvram: OOB r/w access in processing firmware configurations
https://bugzilla.redhat.com/show_bug.cgi?id=1296060
[ 2 ] Bug #1283934 – CVE-2016-1922 Qemu: i386: null pointer dereference in vapic_write()
https://bugzilla.redhat.com/show_bug.cgi?id=1283934
[ 3 ] Bug #1284008 – CVE-2015-8613 Qemu: scsi: stack based buffer overflow in megasas_ctrl_get_info
https://bugzilla.redhat.com/show_bug.cgi?id=1284008
[ 4 ] Bug #1298570 – CVE-2016-1981 Qemu: net: e1000 infinite loop in start_xmit and e1000_receive_iov routines
https://bugzilla.redhat.com/show_bug.cgi?id=1298570
[ 5 ] Bug #1299455 – Qemu: usb ehci out-of-bounds read in ehci_process_itd
https://bugzilla.redhat.com/show_bug.cgi?id=1299455
[ 6 ] Bug #1301643 – CVE-2016-2198 Qemu: usb: ehci null pointer dereference in ehci_caps_write
https://bugzilla.redhat.com/show_bug.cgi?id=1301643
[ 7 ] Bug #1303106 – CVE-2016-2841 Qemu: net: ne2000: infinite loop in ne2000_receive
https://bugzilla.redhat.com/show_bug.cgi?id=1303106
[ 8 ] Bug #1303120 – CVE-2016-2538 Qemu: usb: integer overflow in remote NDIS control message handling
https://bugzilla.redhat.com/show_bug.cgi?id=1303120
[ 9 ] Bug #1302299 – CVE-2016-2392 Qemu: usb: null pointer dereference in remote NDIS control message handling
https://bugzilla.redhat.com/show_bug.cgi?id=1302299
[ 10 ] Bug #1304794 – CVE-2016-2391 Qemu: usb: multiple eof_timers in ohci module leads to null pointer dereference
https://bugzilla.redhat.com/show_bug.cgi?id=1304794
[ 11 ] Bug #1296567 – CVE-2016-2857 Qemu: net: out of bounds read in net_checksum_calculate()
https://bugzilla.redhat.com/show_bug.cgi?id=1296567
[ 12 ] Bug #1300771 – CVE-2015-8817 CVE-2015-8818 Qemu: OOB access in address_space_rw leads to segmentation fault
https://bugzilla.redhat.com/show_bug.cgi?id=1300771
[ 13 ] Bug #1314676 – CVE-2016-2858 Qemu: rng-random: arbitrary stack based allocation leading to corruption
https://bugzilla.redhat.com/show_bug.cgi?id=1314676
——————————————————————————–
This update can be installed with the “yum” update program. Use
su -c ‘yum update xen’ at the command line.
For more information, refer to “Managing Software with yum”,
available at https://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
——————————————————————————–
Fedora Update Notification
FEDORA-2016-f4504e9445
2016-03-19 22:17:41.316242
——————————————————————————–
Name : xen
Product : Fedora 23
Version : 4.5.2
Release : 9.fc23
URL : http://xen.org/
Summary : Xen is a virtual machine monitor
Description :
This package contains the XenD daemon and xm command line
tools, needed to manage virtual machines running under the
Xen hypervisor
——————————————————————————–
Update Information:
Qemu: nvram: OOB r/w access in processing firmware configurations CVE-2016-1714
(#1296080) Qemu: i386: null pointer dereference in vapic_write() CVE-2016-1922
(#1292767) qemu: Stack-based buffer overflow in megasas_ctrl_get_info
CVE-2015-8613 (#1293305) qemu-kvm: Infinite loop and out-of-bounds transfer
start in start_xmit() and e1000_receive_iov() CVE-2016-1981 (#1299996) Qemu: usb
ehci out-of-bounds read in ehci_process_itd (#1300235) Qemu: usb: ehci null
pointer dereference in ehci_caps_write CVE-2016-2198 (#1303135) Qemu: net:
ne2000: infinite loop in ne2000_receive CVE-2016-2841 (#1304048) Qemu: usb:
integer overflow in remote NDIS control message handling CVE-2016-2538
(#1305816) Qemu: usb: null pointer dereference in remote NDIS control message
handling CVE-2016-2392 (#1307116) Qemu: usb: multiple eof_timers in ohci module
leads to null pointer dereference CVE-2016-2391 (#1308882) Qemu: net: out of
bounds read in net_checksum_calculate() CVE-2016-2857 (#1309565) Qemu: OOB
access in address_space_rw leads to segmentation fault CVE-2015-8817
CVE-2015-8818 (#1313273) Qemu: rng-random: arbitrary stack based allocation
leading to corruption CVE-2016-2858 (#1314678)
——————————————————————————–
References:
[ 1 ] Bug #1296060 – CVE-2016-1714 Qemu: nvram: OOB r/w access in processing firmware configurations
https://bugzilla.redhat.com/show_bug.cgi?id=1296060
[ 2 ] Bug #1283934 – CVE-2016-1922 Qemu: i386: null pointer dereference in vapic_write()
https://bugzilla.redhat.com/show_bug.cgi?id=1283934
[ 3 ] Bug #1284008 – CVE-2015-8613 Qemu: scsi: stack based buffer overflow in megasas_ctrl_get_info
https://bugzilla.redhat.com/show_bug.cgi?id=1284008
[ 4 ] Bug #1298570 – CVE-2016-1981 Qemu: net: e1000 infinite loop in start_xmit and e1000_receive_iov routines
https://bugzilla.redhat.com/show_bug.cgi?id=1298570
[ 5 ] Bug #1299455 – Qemu: usb ehci out-of-bounds read in ehci_process_itd
https://bugzilla.redhat.com/show_bug.cgi?id=1299455
[ 6 ] Bug #1301643 – CVE-2016-2198 Qemu: usb: ehci null pointer dereference in ehci_caps_write
https://bugzilla.redhat.com/show_bug.cgi?id=1301643
[ 7 ] Bug #1303106 – CVE-2016-2841 Qemu: net: ne2000: infinite loop in ne2000_receive
https://bugzilla.redhat.com/show_bug.cgi?id=1303106
[ 8 ] Bug #1303120 – CVE-2016-2538 Qemu: usb: integer overflow in remote NDIS control message handling
https://bugzilla.redhat.com/show_bug.cgi?id=1303120
[ 9 ] Bug #1302299 – CVE-2016-2392 Qemu: usb: null pointer dereference in remote NDIS control message handling
https://bugzilla.redhat.com/show_bug.cgi?id=1302299
[ 10 ] Bug #1304794 – CVE-2016-2391 Qemu: usb: multiple eof_timers in ohci module leads to null pointer dereference
https://bugzilla.redhat.com/show_bug.cgi?id=1304794
[ 11 ] Bug #1296567 – CVE-2016-2857 Qemu: net: out of bounds read in net_checksum_calculate()
https://bugzilla.redhat.com/show_bug.cgi?id=1296567
[ 12 ] Bug #1300771 – CVE-2015-8817 CVE-2015-8818 Qemu: OOB access in address_space_rw leads to segmentation fault
https://bugzilla.redhat.com/show_bug.cgi?id=1300771
[ 13 ] Bug #1314676 – CVE-2016-2858 Qemu: rng-random: arbitrary stack based allocation leading to corruption
https://bugzilla.redhat.com/show_bug.cgi?id=1314676
——————————————————————————–
This update can be installed with the “yum” update program. Use
su -c ‘yum update xen’ at the command line.
For more information, refer to “Managing Software with yum”,
available at https://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce