Xen was updated to fix seven security vulnerabilities:
* CVE-2015-4103: Potential unintended writes to host MSI message data
field via qemu. (XSA-128, bnc#931625)
* CVE-2015-4104: PCI MSI mask bits inadvertently exposed to guests.
(XSA-129, bnc#931626)
* CVE-2015-4105: Guest triggerable qemu MSI-X pass-through error
messages. (XSA-130, bnc#931627)
* CVE-2015-4106: Unmediated PCI register access in qemu. (XSA-131,
bnc#931628)
* CVE-2015-4163: GNTTABOP_swap_grant_ref operation misbehavior.
(XSA-134, bnc#932790)
* CVE-2015-3209: Heap overflow in qemu pcnet controller allowing guest
to host escape. (XSA-135, bnc#932770)
* CVE-2015-4164: DoS through iret hypercall handler. (XSA-136,
bnc#932996)
Security Issues:
* CVE-2015-4103
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4103>
* CVE-2015-4104
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4104>
* CVE-2015-4105
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4105>
* CVE-2015-4106
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4106>
* CVE-2015-4163
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4163>
* CVE-2015-4164
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4164>
* CVE-2015-3209
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3209>