SUSE-SU-2015:0927-1

See a problem?

Import Source

https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2015:0927-1.json

JSON Data

https://api.osv.dev/v1/vulns/SUSE-SU-2015:0927-1

Related

CVE-2015-3456

Published

2015-05-13T08:31:50Z

Modified

2015-05-13T08:31:50Z

Summary

Security update for Xen

Details

Xen was updated to fix two security issues and a bug:

* CVE-2015-3456: A buffer overflow in the floppy drive emulation, which
  could be used to carry out denial of service attacks or potential
  code execution against the host. This vulnerability is also known as
  VENOM.
* CVE-2015-3340: Xen did not initialize certain fields, which allowed
  certain remote service domains to obtain sensitive information from
  memory via a (1) XEN_DOMCTL_gettscinfo or (2)
  XEN_SYSCTL_getdomaininfolist request.
* An exception in setCPUAffinity when restoring guests. (bsc#910441)

Security Issues:

* CVE-2015-3456
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3456>
* CVE-2015-3340
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3340>

References

SUSE-SU-2015:0927-1

Affected packages