SUSE-SU-2015:0927-1

Source
https://www.suse.com/support/update/announcement/2015/suse-su-20150927-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2015:0927-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2015:0927-1
Related
Published
2015-05-13T08:31:50Z
Modified
2015-05-13T08:31:50Z
Summary
Security update for Xen
Details

Xen was updated to fix two security issues and a bug:

* CVE-2015-3456: A buffer overflow in the floppy drive emulation, which
  could be used to carry out denial of service attacks or potential
  code execution against the host. This vulnerability is also known as
  VENOM.
* CVE-2015-3340: Xen did not initialize certain fields, which allowed
  certain remote service domains to obtain sensitive information from
  memory via a (1) XEN_DOMCTL_gettscinfo or (2)
  XEN_SYSCTL_getdomaininfolist request.
* An exception in setCPUAffinity when restoring guests. (bsc#910441)

Security Issues:

* CVE-2015-3456
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3456>
* CVE-2015-3340
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3340>
References

Affected packages