Fedora alert FEDORA-2016-38b20aa50f (xen)

From:
    	     
 
updates@fedoraproject.org 
To:
    	     
 
package-announce@lists.fedoraproject.org 
Subject:
    	     
 
[SECURITY] Fedora 22 Update: xen-4.5.2-9.fc22 
Date:
    	     
 
Sat, 19 Mar 2016 21:28:58 +0000 (UTC)
Message-ID:
    	     
 
<20160319212858.0BA3A605A0E5@bastion01.phx2.fedoraproject.org>
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2016-38b20aa50f
2016-03-19 21:03:15.514835
--------------------------------------------------------------------------------

Name        : xen
Product     : Fedora 22
Version     : 4.5.2
Release     : 9.fc22
URL         : http://xen.org/
Summary     : Xen is a virtual machine monitor
Description :
This package contains the XenD daemon and xm command line
tools, needed to manage virtual machines running under the
Xen hypervisor

--------------------------------------------------------------------------------
Update Information:

Qemu: nvram: OOB r/w access in processing firmware configurations CVE-2016-1714
(#1296080)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1296060 - CVE-2016-1714 Qemu: nvram: OOB r/w access in processing firmware
configurations
        https://bugzilla.redhat.com/show_bug.cgi?id=1296060
  [ 2 ] Bug #1283934 - CVE-2016-1922 Qemu: i386: null pointer dereference in vapic_write()
        https://bugzilla.redhat.com/show_bug.cgi?id=1283934
  [ 3 ] Bug #1284008 - CVE-2015-8613 Qemu: scsi: stack based buffer overflow in
megasas_ctrl_get_info
        https://bugzilla.redhat.com/show_bug.cgi?id=1284008
  [ 4 ] Bug #1298570 - CVE-2016-1981 Qemu: net: e1000 infinite loop in start_xmit and
e1000_receive_iov routines
        https://bugzilla.redhat.com/show_bug.cgi?id=1298570
  [ 5 ] Bug #1299455 - Qemu: usb ehci out-of-bounds read in ehci_process_itd
        https://bugzilla.redhat.com/show_bug.cgi?id=1299455
  [ 6 ] Bug #1301643 - CVE-2016-2198 Qemu: usb: ehci null pointer dereference in ehci_caps_write
        https://bugzilla.redhat.com/show_bug.cgi?id=1301643
  [ 7 ] Bug #1303106 - CVE-2016-2841 Qemu: net: ne2000: infinite loop in ne2000_receive
        https://bugzilla.redhat.com/show_bug.cgi?id=1303106
  [ 8 ] Bug #1303120 - CVE-2016-2538 Qemu: usb: integer overflow in remote NDIS control message
handling
        https://bugzilla.redhat.com/show_bug.cgi?id=1303120
  [ 9 ] Bug #1302299 - CVE-2016-2392 Qemu: usb: null pointer dereference in remote NDIS control
message handling
        https://bugzilla.redhat.com/show_bug.cgi?id=1302299
  [ 10 ] Bug #1304794 - CVE-2016-2391 Qemu: usb: multiple eof_timers in ohci module leads to null
pointer dereference
        https://bugzilla.redhat.com/show_bug.cgi?id=1304794
  [ 11 ] Bug #1296567 - CVE-2016-2857 Qemu: net: out of bounds read in net_checksum_calculate()
        https://bugzilla.redhat.com/show_bug.cgi?id=1296567
  [ 12 ] Bug #1300771 - CVE-2015-8817 CVE-2015-8818 Qemu: OOB access in address_space_rw leads to
segmentation fault
        https://bugzilla.redhat.com/show_bug.cgi?id=1300771
  [ 13 ] Bug #1314676 - CVE-2016-2858 Qemu: rng-random: arbitrary stack based allocation leading to
corruption
        https://bugzilla.redhat.com/show_bug.cgi?id=1314676
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program. Use
su -c 'yum update xen' at the command line.
For more information, refer to "Managing Software with yum",
available at https://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-...