Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2015-5166 (GCVE-0-2015-5166)
Vulnerability from cvelistv5 – Published: 2015-08-12 14:00 – Updated: 2024-08-06 06:41
VLAI?
EPSS
Summary
Use-after-free vulnerability in QEMU in Xen 4.5.x and earlier does not completely unplug emulated block devices, which allows local HVM guest users to gain privileges by unplugging a block device twice.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:41:07.558Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2015-15944",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167820.html"
},
{
"name": "FEDORA-2015-14361",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165373.html"
},
{
"name": "FEDORA-2015-15946",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167792.html"
},
{
"name": "76152",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/76152"
},
{
"name": "1033175",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033175"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://xenbits.xen.org/xsa/advisory-139.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-08-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in QEMU in Xen 4.5.x and earlier does not completely unplug emulated block devices, which allows local HVM guest users to gain privileges by unplugging a block device twice."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-20T16:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "FEDORA-2015-15944",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167820.html"
},
{
"name": "FEDORA-2015-14361",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165373.html"
},
{
"name": "FEDORA-2015-15946",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167792.html"
},
{
"name": "76152",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/76152"
},
{
"name": "1033175",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033175"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://xenbits.xen.org/xsa/advisory-139.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-5166",
"datePublished": "2015-08-12T14:00:00",
"dateReserved": "2015-07-01T00:00:00",
"dateUpdated": "2024-08-06T06:41:07.558Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"56BDB5A0-0839-4A20-A003-B8CD56F48171\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"253C303A-E577-4488-93E6-68A8DD942C38\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"4.5.0\", \"matchCriteriaId\": \"FE6592AF-775F-4B8A-8E33-57A1239852E3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:xen:xen:4.5.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F0ED340C-6746-471E-9F2D-19D62D224B7A\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Use-after-free vulnerability in QEMU in Xen 4.5.x and earlier does not completely unplug emulated block devices, which allows local HVM guest users to gain privileges by unplugging a block device twice.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de uso despu\\u00e9s de liberaci\\u00f3n en la memoria en QEMU en Xen 4.5.x y versiones anteriores, no desconecta completamente los dispositivos de bloque emulados, lo que permite a usuarios invitados HVM locales obtener privilegios desconectando un dispositivo de bloque dos veces.\"}]",
"id": "CVE-2015-5166",
"lastModified": "2024-11-21T02:32:29.130",
"metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 7.2, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 3.9, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2015-08-12T14:59:25.247",
"references": "[{\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165373.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167792.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167820.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.securityfocus.com/bid/76152\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.securitytracker.com/id/1033175\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://xenbits.xen.org/xsa/advisory-139.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165373.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167792.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167820.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/76152\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id/1033175\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://xenbits.xen.org/xsa/advisory-139.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}]",
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-264\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2015-5166\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2015-08-12T14:59:25.247\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Use-after-free vulnerability in QEMU in Xen 4.5.x and earlier does not completely unplug emulated block devices, which allows local HVM guest users to gain privileges by unplugging a block device twice.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de uso despu\u00e9s de liberaci\u00f3n en la memoria en QEMU en Xen 4.5.x y versiones anteriores, no desconecta completamente los dispositivos de bloque emulados, lo que permite a usuarios invitados HVM locales obtener privilegios desconectando un dispositivo de bloque dos veces.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":7.2,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":3.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-264\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"56BDB5A0-0839-4A20-A003-B8CD56F48171\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"253C303A-E577-4488-93E6-68A8DD942C38\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"4.5.0\",\"matchCriteriaId\":\"FE6592AF-775F-4B8A-8E33-57A1239852E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:xen:xen:4.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F0ED340C-6746-471E-9F2D-19D62D224B7A\"}]}]}],\"references\":[{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165373.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167792.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167820.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/bid/76152\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securitytracker.com/id/1033175\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://xenbits.xen.org/xsa/advisory-139.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165373.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167792.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167820.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/76152\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1033175\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://xenbits.xen.org/xsa/advisory-139.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
}
}
CERTFR-2015-AVI-325
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans Xen. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Xen 4.3.x",
"product": {
"name": "Xen",
"vendor": {
"name": "XEN",
"scada": false
}
}
},
{
"description": "Xen 4.5.x",
"product": {
"name": "Xen",
"vendor": {
"name": "XEN",
"scada": false
}
}
},
{
"description": "Xen unstable",
"product": {
"name": "Xen",
"vendor": {
"name": "XEN",
"scada": false
}
}
},
{
"description": "Xen 4.2.x",
"product": {
"name": "Xen",
"vendor": {
"name": "XEN",
"scada": false
}
}
},
{
"description": "Xen 4.4.x",
"product": {
"name": "Xen",
"vendor": {
"name": "XEN",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2015-5166",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5166"
},
{
"name": "CVE-2015-5165",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5165"
}
],
"links": [],
"reference": "CERTFR-2015-AVI-325",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2015-08-04T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eXen\u003c/span\u003e. Elles permettent \u00e0 un attaquant de provoquer\nune atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation de\nprivil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Xen",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Xen XSA-140 du 03 ao\u00fbt 2015",
"url": "http://xenbits.xen.org/xsa/advisory-140.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Xen XSA-139 du 03 ao\u00fbt 2015",
"url": "http://xenbits.xen.org/xsa/advisory-139.html"
}
]
}
CERTFR-2015-AVI-325
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans Xen. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Xen 4.3.x",
"product": {
"name": "Xen",
"vendor": {
"name": "XEN",
"scada": false
}
}
},
{
"description": "Xen 4.5.x",
"product": {
"name": "Xen",
"vendor": {
"name": "XEN",
"scada": false
}
}
},
{
"description": "Xen unstable",
"product": {
"name": "Xen",
"vendor": {
"name": "XEN",
"scada": false
}
}
},
{
"description": "Xen 4.2.x",
"product": {
"name": "Xen",
"vendor": {
"name": "XEN",
"scada": false
}
}
},
{
"description": "Xen 4.4.x",
"product": {
"name": "Xen",
"vendor": {
"name": "XEN",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2015-5166",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5166"
},
{
"name": "CVE-2015-5165",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5165"
}
],
"links": [],
"reference": "CERTFR-2015-AVI-325",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2015-08-04T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eXen\u003c/span\u003e. Elles permettent \u00e0 un attaquant de provoquer\nune atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation de\nprivil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Xen",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Xen XSA-140 du 03 ao\u00fbt 2015",
"url": "http://xenbits.xen.org/xsa/advisory-140.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Xen XSA-139 du 03 ao\u00fbt 2015",
"url": "http://xenbits.xen.org/xsa/advisory-139.html"
}
]
}
SUSE-SU-2015:1384-1
Vulnerability from csaf_suse - Published: 2015-08-11 08:27 - Updated: 2015-08-11 08:27Summary
security update for xen
Notes
Title of the patch
security update for xen
Description of the patch
This security update of Xen fixes the following issues:
* bsc#939712 (XSA-140): QEMU leak of uninitialized heap
memory in rtl8139 device model (CVE-2015-5165)
* bsc#939709 (XSA-139): Use after free in QEMU/Xen
block unplug protocol (CVE-2015-5166)
Patchnames
SUSE-SLE-DESKTOP-12-2015-398,SUSE-SLE-SDK-12-2015-398,SUSE-SLE-SERVER-12-2015-398
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "security update for xen",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\n\nThis security update of Xen fixes the following issues:\n\n* bsc#939712 (XSA-140): QEMU leak of uninitialized heap\n memory in rtl8139 device model (CVE-2015-5165)\n* bsc#939709 (XSA-139): Use after free in QEMU/Xen\n block unplug protocol (CVE-2015-5166)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-DESKTOP-12-2015-398,SUSE-SLE-SDK-12-2015-398,SUSE-SLE-SERVER-12-2015-398",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2015_1384-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2015:1384-1",
"url": "https://www.suse.com/support/update/announcement/2015/suse-su-20151384-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2015:1384-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2015-August/001541.html"
},
{
"category": "self",
"summary": "SUSE Bug 939709",
"url": "https://bugzilla.suse.com/939709"
},
{
"category": "self",
"summary": "SUSE Bug 939712",
"url": "https://bugzilla.suse.com/939712"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-5165 page",
"url": "https://www.suse.com/security/cve/CVE-2015-5165/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-5166 page",
"url": "https://www.suse.com/security/cve/CVE-2015-5166/"
}
],
"title": "security update for xen",
"tracking": {
"current_release_date": "2015-08-11T08:27:01Z",
"generator": {
"date": "2015-08-11T08:27:01Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2015:1384-1",
"initial_release_date": "2015-08-11T08:27:01Z",
"revision_history": [
{
"date": "2015-08-11T08:27:01Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "xen-4.4.2_10-22.8.1.x86_64",
"product": {
"name": "xen-4.4.2_10-22.8.1.x86_64",
"product_id": "xen-4.4.2_10-22.8.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-kmp-default-4.4.2_10_k3.12.44_52.10-22.8.1.x86_64",
"product": {
"name": "xen-kmp-default-4.4.2_10_k3.12.44_52.10-22.8.1.x86_64",
"product_id": "xen-kmp-default-4.4.2_10_k3.12.44_52.10-22.8.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.4.2_10-22.8.1.x86_64",
"product": {
"name": "xen-libs-4.4.2_10-22.8.1.x86_64",
"product_id": "xen-libs-4.4.2_10-22.8.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-32bit-4.4.2_10-22.8.1.x86_64",
"product": {
"name": "xen-libs-32bit-4.4.2_10-22.8.1.x86_64",
"product_id": "xen-libs-32bit-4.4.2_10-22.8.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-devel-4.4.2_10-22.8.1.x86_64",
"product": {
"name": "xen-devel-4.4.2_10-22.8.1.x86_64",
"product_id": "xen-devel-4.4.2_10-22.8.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.4.2_10-22.8.1.x86_64",
"product": {
"name": "xen-doc-html-4.4.2_10-22.8.1.x86_64",
"product_id": "xen-doc-html-4.4.2_10-22.8.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.4.2_10-22.8.1.x86_64",
"product": {
"name": "xen-tools-4.4.2_10-22.8.1.x86_64",
"product_id": "xen-tools-4.4.2_10-22.8.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.4.2_10-22.8.1.x86_64",
"product": {
"name": "xen-tools-domU-4.4.2_10-22.8.1.x86_64",
"product_id": "xen-tools-domU-4.4.2_10-22.8.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Desktop 12",
"product": {
"name": "SUSE Linux Enterprise Desktop 12",
"product_id": "SUSE Linux Enterprise Desktop 12",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sled:12"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 12",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 12",
"product_id": "SUSE Linux Enterprise Software Development Kit 12",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-sdk:12"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12",
"product": {
"name": "SUSE Linux Enterprise Server 12",
"product_id": "SUSE Linux Enterprise Server 12",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.4.2_10-22.8.1.x86_64 as component of SUSE Linux Enterprise Desktop 12",
"product_id": "SUSE Linux Enterprise Desktop 12:xen-4.4.2_10-22.8.1.x86_64"
},
"product_reference": "xen-4.4.2_10-22.8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-default-4.4.2_10_k3.12.44_52.10-22.8.1.x86_64 as component of SUSE Linux Enterprise Desktop 12",
"product_id": "SUSE Linux Enterprise Desktop 12:xen-kmp-default-4.4.2_10_k3.12.44_52.10-22.8.1.x86_64"
},
"product_reference": "xen-kmp-default-4.4.2_10_k3.12.44_52.10-22.8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.4.2_10-22.8.1.x86_64 as component of SUSE Linux Enterprise Desktop 12",
"product_id": "SUSE Linux Enterprise Desktop 12:xen-libs-4.4.2_10-22.8.1.x86_64"
},
"product_reference": "xen-libs-4.4.2_10-22.8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.4.2_10-22.8.1.x86_64 as component of SUSE Linux Enterprise Desktop 12",
"product_id": "SUSE Linux Enterprise Desktop 12:xen-libs-32bit-4.4.2_10-22.8.1.x86_64"
},
"product_reference": "xen-libs-32bit-4.4.2_10-22.8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.4.2_10-22.8.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12",
"product_id": "SUSE Linux Enterprise Software Development Kit 12:xen-devel-4.4.2_10-22.8.1.x86_64"
},
"product_reference": "xen-devel-4.4.2_10-22.8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.4.2_10-22.8.1.x86_64 as component of SUSE Linux Enterprise Server 12",
"product_id": "SUSE Linux Enterprise Server 12:xen-4.4.2_10-22.8.1.x86_64"
},
"product_reference": "xen-4.4.2_10-22.8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.4.2_10-22.8.1.x86_64 as component of SUSE Linux Enterprise Server 12",
"product_id": "SUSE Linux Enterprise Server 12:xen-doc-html-4.4.2_10-22.8.1.x86_64"
},
"product_reference": "xen-doc-html-4.4.2_10-22.8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-default-4.4.2_10_k3.12.44_52.10-22.8.1.x86_64 as component of SUSE Linux Enterprise Server 12",
"product_id": "SUSE Linux Enterprise Server 12:xen-kmp-default-4.4.2_10_k3.12.44_52.10-22.8.1.x86_64"
},
"product_reference": "xen-kmp-default-4.4.2_10_k3.12.44_52.10-22.8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.4.2_10-22.8.1.x86_64 as component of SUSE Linux Enterprise Server 12",
"product_id": "SUSE Linux Enterprise Server 12:xen-libs-4.4.2_10-22.8.1.x86_64"
},
"product_reference": "xen-libs-4.4.2_10-22.8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.4.2_10-22.8.1.x86_64 as component of SUSE Linux Enterprise Server 12",
"product_id": "SUSE Linux Enterprise Server 12:xen-libs-32bit-4.4.2_10-22.8.1.x86_64"
},
"product_reference": "xen-libs-32bit-4.4.2_10-22.8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.4.2_10-22.8.1.x86_64 as component of SUSE Linux Enterprise Server 12",
"product_id": "SUSE Linux Enterprise Server 12:xen-tools-4.4.2_10-22.8.1.x86_64"
},
"product_reference": "xen-tools-4.4.2_10-22.8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.4.2_10-22.8.1.x86_64 as component of SUSE Linux Enterprise Server 12",
"product_id": "SUSE Linux Enterprise Server 12:xen-tools-domU-4.4.2_10-22.8.1.x86_64"
},
"product_reference": "xen-tools-domU-4.4.2_10-22.8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.4.2_10-22.8.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12:xen-4.4.2_10-22.8.1.x86_64"
},
"product_reference": "xen-4.4.2_10-22.8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.4.2_10-22.8.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12:xen-doc-html-4.4.2_10-22.8.1.x86_64"
},
"product_reference": "xen-doc-html-4.4.2_10-22.8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-default-4.4.2_10_k3.12.44_52.10-22.8.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12:xen-kmp-default-4.4.2_10_k3.12.44_52.10-22.8.1.x86_64"
},
"product_reference": "xen-kmp-default-4.4.2_10_k3.12.44_52.10-22.8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.4.2_10-22.8.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12:xen-libs-4.4.2_10-22.8.1.x86_64"
},
"product_reference": "xen-libs-4.4.2_10-22.8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.4.2_10-22.8.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12:xen-libs-32bit-4.4.2_10-22.8.1.x86_64"
},
"product_reference": "xen-libs-32bit-4.4.2_10-22.8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.4.2_10-22.8.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12:xen-tools-4.4.2_10-22.8.1.x86_64"
},
"product_reference": "xen-tools-4.4.2_10-22.8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.4.2_10-22.8.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12:xen-tools-domU-4.4.2_10-22.8.1.x86_64"
},
"product_reference": "xen-tools-domU-4.4.2_10-22.8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-5165",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-5165"
}
],
"notes": [
{
"category": "general",
"text": "The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12:xen-4.4.2_10-22.8.1.x86_64",
"SUSE Linux Enterprise Desktop 12:xen-kmp-default-4.4.2_10_k3.12.44_52.10-22.8.1.x86_64",
"SUSE Linux Enterprise Desktop 12:xen-libs-32bit-4.4.2_10-22.8.1.x86_64",
"SUSE Linux Enterprise Desktop 12:xen-libs-4.4.2_10-22.8.1.x86_64",
"SUSE Linux Enterprise Server 12:xen-4.4.2_10-22.8.1.x86_64",
"SUSE Linux Enterprise Server 12:xen-doc-html-4.4.2_10-22.8.1.x86_64",
"SUSE Linux Enterprise Server 12:xen-kmp-default-4.4.2_10_k3.12.44_52.10-22.8.1.x86_64",
"SUSE Linux Enterprise Server 12:xen-libs-32bit-4.4.2_10-22.8.1.x86_64",
"SUSE Linux Enterprise Server 12:xen-libs-4.4.2_10-22.8.1.x86_64",
"SUSE Linux Enterprise Server 12:xen-tools-4.4.2_10-22.8.1.x86_64",
"SUSE Linux Enterprise Server 12:xen-tools-domU-4.4.2_10-22.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-4.4.2_10-22.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-doc-html-4.4.2_10-22.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-kmp-default-4.4.2_10_k3.12.44_52.10-22.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-libs-32bit-4.4.2_10-22.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-libs-4.4.2_10-22.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-tools-4.4.2_10-22.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-tools-domU-4.4.2_10-22.8.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12:xen-devel-4.4.2_10-22.8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-5165",
"url": "https://www.suse.com/security/cve/CVE-2015-5165"
},
{
"category": "external",
"summary": "SUSE Bug 939712 for CVE-2015-5165",
"url": "https://bugzilla.suse.com/939712"
},
{
"category": "external",
"summary": "SUSE Bug 950367 for CVE-2015-5165",
"url": "https://bugzilla.suse.com/950367"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12:xen-4.4.2_10-22.8.1.x86_64",
"SUSE Linux Enterprise Desktop 12:xen-kmp-default-4.4.2_10_k3.12.44_52.10-22.8.1.x86_64",
"SUSE Linux Enterprise Desktop 12:xen-libs-32bit-4.4.2_10-22.8.1.x86_64",
"SUSE Linux Enterprise Desktop 12:xen-libs-4.4.2_10-22.8.1.x86_64",
"SUSE Linux Enterprise Server 12:xen-4.4.2_10-22.8.1.x86_64",
"SUSE Linux Enterprise Server 12:xen-doc-html-4.4.2_10-22.8.1.x86_64",
"SUSE Linux Enterprise Server 12:xen-kmp-default-4.4.2_10_k3.12.44_52.10-22.8.1.x86_64",
"SUSE Linux Enterprise Server 12:xen-libs-32bit-4.4.2_10-22.8.1.x86_64",
"SUSE Linux Enterprise Server 12:xen-libs-4.4.2_10-22.8.1.x86_64",
"SUSE Linux Enterprise Server 12:xen-tools-4.4.2_10-22.8.1.x86_64",
"SUSE Linux Enterprise Server 12:xen-tools-domU-4.4.2_10-22.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-4.4.2_10-22.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-doc-html-4.4.2_10-22.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-kmp-default-4.4.2_10_k3.12.44_52.10-22.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-libs-32bit-4.4.2_10-22.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-libs-4.4.2_10-22.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-tools-4.4.2_10-22.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-tools-domU-4.4.2_10-22.8.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12:xen-devel-4.4.2_10-22.8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Desktop 12:xen-4.4.2_10-22.8.1.x86_64",
"SUSE Linux Enterprise Desktop 12:xen-kmp-default-4.4.2_10_k3.12.44_52.10-22.8.1.x86_64",
"SUSE Linux Enterprise Desktop 12:xen-libs-32bit-4.4.2_10-22.8.1.x86_64",
"SUSE Linux Enterprise Desktop 12:xen-libs-4.4.2_10-22.8.1.x86_64",
"SUSE Linux Enterprise Server 12:xen-4.4.2_10-22.8.1.x86_64",
"SUSE Linux Enterprise Server 12:xen-doc-html-4.4.2_10-22.8.1.x86_64",
"SUSE Linux Enterprise Server 12:xen-kmp-default-4.4.2_10_k3.12.44_52.10-22.8.1.x86_64",
"SUSE Linux Enterprise Server 12:xen-libs-32bit-4.4.2_10-22.8.1.x86_64",
"SUSE Linux Enterprise Server 12:xen-libs-4.4.2_10-22.8.1.x86_64",
"SUSE Linux Enterprise Server 12:xen-tools-4.4.2_10-22.8.1.x86_64",
"SUSE Linux Enterprise Server 12:xen-tools-domU-4.4.2_10-22.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-4.4.2_10-22.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-doc-html-4.4.2_10-22.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-kmp-default-4.4.2_10_k3.12.44_52.10-22.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-libs-32bit-4.4.2_10-22.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-libs-4.4.2_10-22.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-tools-4.4.2_10-22.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-tools-domU-4.4.2_10-22.8.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12:xen-devel-4.4.2_10-22.8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2015-08-11T08:27:01Z",
"details": "moderate"
}
],
"title": "CVE-2015-5165"
},
{
"cve": "CVE-2015-5166",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-5166"
}
],
"notes": [
{
"category": "general",
"text": "Use-after-free vulnerability in QEMU in Xen 4.5.x and earlier does not completely unplug emulated block devices, which allows local HVM guest users to gain privileges by unplugging a block device twice.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12:xen-4.4.2_10-22.8.1.x86_64",
"SUSE Linux Enterprise Desktop 12:xen-kmp-default-4.4.2_10_k3.12.44_52.10-22.8.1.x86_64",
"SUSE Linux Enterprise Desktop 12:xen-libs-32bit-4.4.2_10-22.8.1.x86_64",
"SUSE Linux Enterprise Desktop 12:xen-libs-4.4.2_10-22.8.1.x86_64",
"SUSE Linux Enterprise Server 12:xen-4.4.2_10-22.8.1.x86_64",
"SUSE Linux Enterprise Server 12:xen-doc-html-4.4.2_10-22.8.1.x86_64",
"SUSE Linux Enterprise Server 12:xen-kmp-default-4.4.2_10_k3.12.44_52.10-22.8.1.x86_64",
"SUSE Linux Enterprise Server 12:xen-libs-32bit-4.4.2_10-22.8.1.x86_64",
"SUSE Linux Enterprise Server 12:xen-libs-4.4.2_10-22.8.1.x86_64",
"SUSE Linux Enterprise Server 12:xen-tools-4.4.2_10-22.8.1.x86_64",
"SUSE Linux Enterprise Server 12:xen-tools-domU-4.4.2_10-22.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-4.4.2_10-22.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-doc-html-4.4.2_10-22.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-kmp-default-4.4.2_10_k3.12.44_52.10-22.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-libs-32bit-4.4.2_10-22.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-libs-4.4.2_10-22.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-tools-4.4.2_10-22.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-tools-domU-4.4.2_10-22.8.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12:xen-devel-4.4.2_10-22.8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-5166",
"url": "https://www.suse.com/security/cve/CVE-2015-5166"
},
{
"category": "external",
"summary": "SUSE Bug 939709 for CVE-2015-5166",
"url": "https://bugzilla.suse.com/939709"
},
{
"category": "external",
"summary": "SUSE Bug 950367 for CVE-2015-5166",
"url": "https://bugzilla.suse.com/950367"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12:xen-4.4.2_10-22.8.1.x86_64",
"SUSE Linux Enterprise Desktop 12:xen-kmp-default-4.4.2_10_k3.12.44_52.10-22.8.1.x86_64",
"SUSE Linux Enterprise Desktop 12:xen-libs-32bit-4.4.2_10-22.8.1.x86_64",
"SUSE Linux Enterprise Desktop 12:xen-libs-4.4.2_10-22.8.1.x86_64",
"SUSE Linux Enterprise Server 12:xen-4.4.2_10-22.8.1.x86_64",
"SUSE Linux Enterprise Server 12:xen-doc-html-4.4.2_10-22.8.1.x86_64",
"SUSE Linux Enterprise Server 12:xen-kmp-default-4.4.2_10_k3.12.44_52.10-22.8.1.x86_64",
"SUSE Linux Enterprise Server 12:xen-libs-32bit-4.4.2_10-22.8.1.x86_64",
"SUSE Linux Enterprise Server 12:xen-libs-4.4.2_10-22.8.1.x86_64",
"SUSE Linux Enterprise Server 12:xen-tools-4.4.2_10-22.8.1.x86_64",
"SUSE Linux Enterprise Server 12:xen-tools-domU-4.4.2_10-22.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-4.4.2_10-22.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-doc-html-4.4.2_10-22.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-kmp-default-4.4.2_10_k3.12.44_52.10-22.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-libs-32bit-4.4.2_10-22.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-libs-4.4.2_10-22.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-tools-4.4.2_10-22.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-tools-domU-4.4.2_10-22.8.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12:xen-devel-4.4.2_10-22.8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2015-08-11T08:27:01Z",
"details": "important"
}
],
"title": "CVE-2015-5166"
}
]
}
SUSE-SU-2015:1404-1
Vulnerability from csaf_suse - Published: 2015-08-11 08:37 - Updated: 2015-08-11 08:37Summary
security update for xen
Notes
Title of the patch
security update for xen
Description of the patch
This security update of Xen fixes the following issues:
* bsc#939712 (XSA-140): QEMU leak of uninitialized heap
memory in rtl8139 device model (CVE-2015-5165)
* bsc#939709 (XSA-139): Use after free in QEMU/Xen
block unplug protocol (CVE-2015-5166)
Patchnames
sdksp4-Xen-12033,sledsp4-Xen-12033,slessp4-Xen-12033
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "security update for xen",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\n\nThis security update of Xen fixes the following issues:\n\n* bsc#939712 (XSA-140): QEMU leak of uninitialized heap\n memory in rtl8139 device model (CVE-2015-5165)\n* bsc#939709 (XSA-139): Use after free in QEMU/Xen\n block unplug protocol (CVE-2015-5166)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "sdksp4-Xen-12033,sledsp4-Xen-12033,slessp4-Xen-12033",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2015_1404-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2015:1404-1",
"url": "https://www.suse.com/support/update/announcement/2015/suse-su-20151404-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2015:1404-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2015-August/001542.html"
},
{
"category": "self",
"summary": "SUSE Bug 939709",
"url": "https://bugzilla.suse.com/939709"
},
{
"category": "self",
"summary": "SUSE Bug 939712",
"url": "https://bugzilla.suse.com/939712"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-5165 page",
"url": "https://www.suse.com/security/cve/CVE-2015-5165/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-5166 page",
"url": "https://www.suse.com/security/cve/CVE-2015-5166/"
}
],
"title": "security update for xen",
"tracking": {
"current_release_date": "2015-08-11T08:37:11Z",
"generator": {
"date": "2015-08-11T08:37:11Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2015:1404-1",
"initial_release_date": "2015-08-11T08:37:11Z",
"revision_history": [
{
"date": "2015-08-11T08:37:11Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "xen-devel-4.4.2_12-23.1.i586",
"product": {
"name": "xen-devel-4.4.2_12-23.1.i586",
"product_id": "xen-devel-4.4.2_12-23.1.i586"
}
},
{
"category": "product_version",
"name": "xen-kmp-default-4.4.2_12_3.0.101_63-23.1.i586",
"product": {
"name": "xen-kmp-default-4.4.2_12_3.0.101_63-23.1.i586",
"product_id": "xen-kmp-default-4.4.2_12_3.0.101_63-23.1.i586"
}
},
{
"category": "product_version",
"name": "xen-kmp-pae-4.4.2_12_3.0.101_63-23.1.i586",
"product": {
"name": "xen-kmp-pae-4.4.2_12_3.0.101_63-23.1.i586",
"product_id": "xen-kmp-pae-4.4.2_12_3.0.101_63-23.1.i586"
}
},
{
"category": "product_version",
"name": "xen-libs-4.4.2_12-23.1.i586",
"product": {
"name": "xen-libs-4.4.2_12-23.1.i586",
"product_id": "xen-libs-4.4.2_12-23.1.i586"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.4.2_12-23.1.i586",
"product": {
"name": "xen-tools-domU-4.4.2_12-23.1.i586",
"product_id": "xen-tools-domU-4.4.2_12-23.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-devel-4.4.2_12-23.1.x86_64",
"product": {
"name": "xen-devel-4.4.2_12-23.1.x86_64",
"product_id": "xen-devel-4.4.2_12-23.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-4.4.2_12-23.1.x86_64",
"product": {
"name": "xen-4.4.2_12-23.1.x86_64",
"product_id": "xen-4.4.2_12-23.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.4.2_12-23.1.x86_64",
"product": {
"name": "xen-doc-html-4.4.2_12-23.1.x86_64",
"product_id": "xen-doc-html-4.4.2_12-23.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-kmp-default-4.4.2_12_3.0.101_63-23.1.x86_64",
"product": {
"name": "xen-kmp-default-4.4.2_12_3.0.101_63-23.1.x86_64",
"product_id": "xen-kmp-default-4.4.2_12_3.0.101_63-23.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.4.2_12-23.1.x86_64",
"product": {
"name": "xen-libs-4.4.2_12-23.1.x86_64",
"product_id": "xen-libs-4.4.2_12-23.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-32bit-4.4.2_12-23.1.x86_64",
"product": {
"name": "xen-libs-32bit-4.4.2_12-23.1.x86_64",
"product_id": "xen-libs-32bit-4.4.2_12-23.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.4.2_12-23.1.x86_64",
"product": {
"name": "xen-tools-4.4.2_12-23.1.x86_64",
"product_id": "xen-tools-4.4.2_12-23.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.4.2_12-23.1.x86_64",
"product": {
"name": "xen-tools-domU-4.4.2_12-23.1.x86_64",
"product_id": "xen-tools-domU-4.4.2_12-23.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 11 SP4",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_identification_helper": {
"cpe": "cpe:/a:suse:sle-sdk:11:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Desktop 11 SP4",
"product": {
"name": "SUSE Linux Enterprise Desktop 11 SP4",
"product_id": "SUSE Linux Enterprise Desktop 11 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_sled:11:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 11 SP4",
"product": {
"name": "SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_sles:11:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:11:sp4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.4.2_12-23.1.i586 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.2_12-23.1.i586"
},
"product_reference": "xen-devel-4.4.2_12-23.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.4.2_12-23.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.2_12-23.1.x86_64"
},
"product_reference": "xen-devel-4.4.2_12-23.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.4.2_12-23.1.x86_64 as component of SUSE Linux Enterprise Desktop 11 SP4",
"product_id": "SUSE Linux Enterprise Desktop 11 SP4:xen-4.4.2_12-23.1.x86_64"
},
"product_reference": "xen-4.4.2_12-23.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.4.2_12-23.1.x86_64 as component of SUSE Linux Enterprise Desktop 11 SP4",
"product_id": "SUSE Linux Enterprise Desktop 11 SP4:xen-doc-html-4.4.2_12-23.1.x86_64"
},
"product_reference": "xen-doc-html-4.4.2_12-23.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-default-4.4.2_12_3.0.101_63-23.1.i586 as component of SUSE Linux Enterprise Desktop 11 SP4",
"product_id": "SUSE Linux Enterprise Desktop 11 SP4:xen-kmp-default-4.4.2_12_3.0.101_63-23.1.i586"
},
"product_reference": "xen-kmp-default-4.4.2_12_3.0.101_63-23.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-default-4.4.2_12_3.0.101_63-23.1.x86_64 as component of SUSE Linux Enterprise Desktop 11 SP4",
"product_id": "SUSE Linux Enterprise Desktop 11 SP4:xen-kmp-default-4.4.2_12_3.0.101_63-23.1.x86_64"
},
"product_reference": "xen-kmp-default-4.4.2_12_3.0.101_63-23.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-pae-4.4.2_12_3.0.101_63-23.1.i586 as component of SUSE Linux Enterprise Desktop 11 SP4",
"product_id": "SUSE Linux Enterprise Desktop 11 SP4:xen-kmp-pae-4.4.2_12_3.0.101_63-23.1.i586"
},
"product_reference": "xen-kmp-pae-4.4.2_12_3.0.101_63-23.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.4.2_12-23.1.i586 as component of SUSE Linux Enterprise Desktop 11 SP4",
"product_id": "SUSE Linux Enterprise Desktop 11 SP4:xen-libs-4.4.2_12-23.1.i586"
},
"product_reference": "xen-libs-4.4.2_12-23.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.4.2_12-23.1.x86_64 as component of SUSE Linux Enterprise Desktop 11 SP4",
"product_id": "SUSE Linux Enterprise Desktop 11 SP4:xen-libs-4.4.2_12-23.1.x86_64"
},
"product_reference": "xen-libs-4.4.2_12-23.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.4.2_12-23.1.x86_64 as component of SUSE Linux Enterprise Desktop 11 SP4",
"product_id": "SUSE Linux Enterprise Desktop 11 SP4:xen-libs-32bit-4.4.2_12-23.1.x86_64"
},
"product_reference": "xen-libs-32bit-4.4.2_12-23.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.4.2_12-23.1.x86_64 as component of SUSE Linux Enterprise Desktop 11 SP4",
"product_id": "SUSE Linux Enterprise Desktop 11 SP4:xen-tools-4.4.2_12-23.1.x86_64"
},
"product_reference": "xen-tools-4.4.2_12-23.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.4.2_12-23.1.i586 as component of SUSE Linux Enterprise Desktop 11 SP4",
"product_id": "SUSE Linux Enterprise Desktop 11 SP4:xen-tools-domU-4.4.2_12-23.1.i586"
},
"product_reference": "xen-tools-domU-4.4.2_12-23.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.4.2_12-23.1.x86_64 as component of SUSE Linux Enterprise Desktop 11 SP4",
"product_id": "SUSE Linux Enterprise Desktop 11 SP4:xen-tools-domU-4.4.2_12-23.1.x86_64"
},
"product_reference": "xen-tools-domU-4.4.2_12-23.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.4.2_12-23.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:xen-4.4.2_12-23.1.x86_64"
},
"product_reference": "xen-4.4.2_12-23.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.4.2_12-23.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.2_12-23.1.x86_64"
},
"product_reference": "xen-doc-html-4.4.2_12-23.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-default-4.4.2_12_3.0.101_63-23.1.i586 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.2_12_3.0.101_63-23.1.i586"
},
"product_reference": "xen-kmp-default-4.4.2_12_3.0.101_63-23.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-default-4.4.2_12_3.0.101_63-23.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.2_12_3.0.101_63-23.1.x86_64"
},
"product_reference": "xen-kmp-default-4.4.2_12_3.0.101_63-23.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-pae-4.4.2_12_3.0.101_63-23.1.i586 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.2_12_3.0.101_63-23.1.i586"
},
"product_reference": "xen-kmp-pae-4.4.2_12_3.0.101_63-23.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.4.2_12-23.1.i586 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.2_12-23.1.i586"
},
"product_reference": "xen-libs-4.4.2_12-23.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.4.2_12-23.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.2_12-23.1.x86_64"
},
"product_reference": "xen-libs-4.4.2_12-23.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.4.2_12-23.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:xen-libs-32bit-4.4.2_12-23.1.x86_64"
},
"product_reference": "xen-libs-32bit-4.4.2_12-23.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.4.2_12-23.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:xen-tools-4.4.2_12-23.1.x86_64"
},
"product_reference": "xen-tools-4.4.2_12-23.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.4.2_12-23.1.i586 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.2_12-23.1.i586"
},
"product_reference": "xen-tools-domU-4.4.2_12-23.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.4.2_12-23.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.2_12-23.1.x86_64"
},
"product_reference": "xen-tools-domU-4.4.2_12-23.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.4.2_12-23.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-4.4.2_12-23.1.x86_64"
},
"product_reference": "xen-4.4.2_12-23.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.4.2_12-23.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-doc-html-4.4.2_12-23.1.x86_64"
},
"product_reference": "xen-doc-html-4.4.2_12-23.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-default-4.4.2_12_3.0.101_63-23.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.2_12_3.0.101_63-23.1.i586"
},
"product_reference": "xen-kmp-default-4.4.2_12_3.0.101_63-23.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-default-4.4.2_12_3.0.101_63-23.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.2_12_3.0.101_63-23.1.x86_64"
},
"product_reference": "xen-kmp-default-4.4.2_12_3.0.101_63-23.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-pae-4.4.2_12_3.0.101_63-23.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-pae-4.4.2_12_3.0.101_63-23.1.i586"
},
"product_reference": "xen-kmp-pae-4.4.2_12_3.0.101_63-23.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.4.2_12-23.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.2_12-23.1.i586"
},
"product_reference": "xen-libs-4.4.2_12-23.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.4.2_12-23.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.2_12-23.1.x86_64"
},
"product_reference": "xen-libs-4.4.2_12-23.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.4.2_12-23.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-32bit-4.4.2_12-23.1.x86_64"
},
"product_reference": "xen-libs-32bit-4.4.2_12-23.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.4.2_12-23.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-4.4.2_12-23.1.x86_64"
},
"product_reference": "xen-tools-4.4.2_12-23.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.4.2_12-23.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.2_12-23.1.i586"
},
"product_reference": "xen-tools-domU-4.4.2_12-23.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.4.2_12-23.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.2_12-23.1.x86_64"
},
"product_reference": "xen-tools-domU-4.4.2_12-23.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-5165",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-5165"
}
],
"notes": [
{
"category": "general",
"text": "The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 11 SP4:xen-4.4.2_12-23.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP4:xen-doc-html-4.4.2_12-23.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP4:xen-kmp-default-4.4.2_12_3.0.101_63-23.1.i586",
"SUSE Linux Enterprise Desktop 11 SP4:xen-kmp-default-4.4.2_12_3.0.101_63-23.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP4:xen-kmp-pae-4.4.2_12_3.0.101_63-23.1.i586",
"SUSE Linux Enterprise Desktop 11 SP4:xen-libs-32bit-4.4.2_12-23.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP4:xen-libs-4.4.2_12-23.1.i586",
"SUSE Linux Enterprise Desktop 11 SP4:xen-libs-4.4.2_12-23.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP4:xen-tools-4.4.2_12-23.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP4:xen-tools-domU-4.4.2_12-23.1.i586",
"SUSE Linux Enterprise Desktop 11 SP4:xen-tools-domU-4.4.2_12-23.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-4.4.2_12-23.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.2_12-23.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.2_12_3.0.101_63-23.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.2_12_3.0.101_63-23.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.2_12_3.0.101_63-23.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-32bit-4.4.2_12-23.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.2_12-23.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.2_12-23.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-4.4.2_12-23.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.2_12-23.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.2_12-23.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-4.4.2_12-23.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-doc-html-4.4.2_12-23.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.2_12_3.0.101_63-23.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.2_12_3.0.101_63-23.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-pae-4.4.2_12_3.0.101_63-23.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-32bit-4.4.2_12-23.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.2_12-23.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.2_12-23.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-4.4.2_12-23.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.2_12-23.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.2_12-23.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.2_12-23.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.2_12-23.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-5165",
"url": "https://www.suse.com/security/cve/CVE-2015-5165"
},
{
"category": "external",
"summary": "SUSE Bug 939712 for CVE-2015-5165",
"url": "https://bugzilla.suse.com/939712"
},
{
"category": "external",
"summary": "SUSE Bug 950367 for CVE-2015-5165",
"url": "https://bugzilla.suse.com/950367"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 11 SP4:xen-4.4.2_12-23.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP4:xen-doc-html-4.4.2_12-23.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP4:xen-kmp-default-4.4.2_12_3.0.101_63-23.1.i586",
"SUSE Linux Enterprise Desktop 11 SP4:xen-kmp-default-4.4.2_12_3.0.101_63-23.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP4:xen-kmp-pae-4.4.2_12_3.0.101_63-23.1.i586",
"SUSE Linux Enterprise Desktop 11 SP4:xen-libs-32bit-4.4.2_12-23.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP4:xen-libs-4.4.2_12-23.1.i586",
"SUSE Linux Enterprise Desktop 11 SP4:xen-libs-4.4.2_12-23.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP4:xen-tools-4.4.2_12-23.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP4:xen-tools-domU-4.4.2_12-23.1.i586",
"SUSE Linux Enterprise Desktop 11 SP4:xen-tools-domU-4.4.2_12-23.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-4.4.2_12-23.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.2_12-23.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.2_12_3.0.101_63-23.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.2_12_3.0.101_63-23.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.2_12_3.0.101_63-23.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-32bit-4.4.2_12-23.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.2_12-23.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.2_12-23.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-4.4.2_12-23.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.2_12-23.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.2_12-23.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-4.4.2_12-23.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-doc-html-4.4.2_12-23.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.2_12_3.0.101_63-23.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.2_12_3.0.101_63-23.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-pae-4.4.2_12_3.0.101_63-23.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-32bit-4.4.2_12-23.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.2_12-23.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.2_12-23.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-4.4.2_12-23.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.2_12-23.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.2_12-23.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.2_12-23.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.2_12-23.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Desktop 11 SP4:xen-4.4.2_12-23.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP4:xen-doc-html-4.4.2_12-23.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP4:xen-kmp-default-4.4.2_12_3.0.101_63-23.1.i586",
"SUSE Linux Enterprise Desktop 11 SP4:xen-kmp-default-4.4.2_12_3.0.101_63-23.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP4:xen-kmp-pae-4.4.2_12_3.0.101_63-23.1.i586",
"SUSE Linux Enterprise Desktop 11 SP4:xen-libs-32bit-4.4.2_12-23.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP4:xen-libs-4.4.2_12-23.1.i586",
"SUSE Linux Enterprise Desktop 11 SP4:xen-libs-4.4.2_12-23.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP4:xen-tools-4.4.2_12-23.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP4:xen-tools-domU-4.4.2_12-23.1.i586",
"SUSE Linux Enterprise Desktop 11 SP4:xen-tools-domU-4.4.2_12-23.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-4.4.2_12-23.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.2_12-23.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.2_12_3.0.101_63-23.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.2_12_3.0.101_63-23.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.2_12_3.0.101_63-23.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-32bit-4.4.2_12-23.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.2_12-23.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.2_12-23.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-4.4.2_12-23.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.2_12-23.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.2_12-23.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-4.4.2_12-23.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-doc-html-4.4.2_12-23.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.2_12_3.0.101_63-23.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.2_12_3.0.101_63-23.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-pae-4.4.2_12_3.0.101_63-23.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-32bit-4.4.2_12-23.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.2_12-23.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.2_12-23.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-4.4.2_12-23.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.2_12-23.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.2_12-23.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.2_12-23.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.2_12-23.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2015-08-11T08:37:11Z",
"details": "moderate"
}
],
"title": "CVE-2015-5165"
},
{
"cve": "CVE-2015-5166",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-5166"
}
],
"notes": [
{
"category": "general",
"text": "Use-after-free vulnerability in QEMU in Xen 4.5.x and earlier does not completely unplug emulated block devices, which allows local HVM guest users to gain privileges by unplugging a block device twice.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 11 SP4:xen-4.4.2_12-23.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP4:xen-doc-html-4.4.2_12-23.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP4:xen-kmp-default-4.4.2_12_3.0.101_63-23.1.i586",
"SUSE Linux Enterprise Desktop 11 SP4:xen-kmp-default-4.4.2_12_3.0.101_63-23.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP4:xen-kmp-pae-4.4.2_12_3.0.101_63-23.1.i586",
"SUSE Linux Enterprise Desktop 11 SP4:xen-libs-32bit-4.4.2_12-23.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP4:xen-libs-4.4.2_12-23.1.i586",
"SUSE Linux Enterprise Desktop 11 SP4:xen-libs-4.4.2_12-23.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP4:xen-tools-4.4.2_12-23.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP4:xen-tools-domU-4.4.2_12-23.1.i586",
"SUSE Linux Enterprise Desktop 11 SP4:xen-tools-domU-4.4.2_12-23.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-4.4.2_12-23.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.2_12-23.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.2_12_3.0.101_63-23.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.2_12_3.0.101_63-23.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.2_12_3.0.101_63-23.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-32bit-4.4.2_12-23.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.2_12-23.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.2_12-23.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-4.4.2_12-23.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.2_12-23.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.2_12-23.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-4.4.2_12-23.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-doc-html-4.4.2_12-23.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.2_12_3.0.101_63-23.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.2_12_3.0.101_63-23.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-pae-4.4.2_12_3.0.101_63-23.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-32bit-4.4.2_12-23.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.2_12-23.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.2_12-23.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-4.4.2_12-23.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.2_12-23.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.2_12-23.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.2_12-23.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.2_12-23.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-5166",
"url": "https://www.suse.com/security/cve/CVE-2015-5166"
},
{
"category": "external",
"summary": "SUSE Bug 939709 for CVE-2015-5166",
"url": "https://bugzilla.suse.com/939709"
},
{
"category": "external",
"summary": "SUSE Bug 950367 for CVE-2015-5166",
"url": "https://bugzilla.suse.com/950367"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 11 SP4:xen-4.4.2_12-23.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP4:xen-doc-html-4.4.2_12-23.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP4:xen-kmp-default-4.4.2_12_3.0.101_63-23.1.i586",
"SUSE Linux Enterprise Desktop 11 SP4:xen-kmp-default-4.4.2_12_3.0.101_63-23.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP4:xen-kmp-pae-4.4.2_12_3.0.101_63-23.1.i586",
"SUSE Linux Enterprise Desktop 11 SP4:xen-libs-32bit-4.4.2_12-23.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP4:xen-libs-4.4.2_12-23.1.i586",
"SUSE Linux Enterprise Desktop 11 SP4:xen-libs-4.4.2_12-23.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP4:xen-tools-4.4.2_12-23.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP4:xen-tools-domU-4.4.2_12-23.1.i586",
"SUSE Linux Enterprise Desktop 11 SP4:xen-tools-domU-4.4.2_12-23.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-4.4.2_12-23.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.2_12-23.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.2_12_3.0.101_63-23.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.2_12_3.0.101_63-23.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.2_12_3.0.101_63-23.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-32bit-4.4.2_12-23.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.2_12-23.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.2_12-23.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-4.4.2_12-23.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.2_12-23.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.2_12-23.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-4.4.2_12-23.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-doc-html-4.4.2_12-23.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.2_12_3.0.101_63-23.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.2_12_3.0.101_63-23.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-pae-4.4.2_12_3.0.101_63-23.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-32bit-4.4.2_12-23.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.2_12-23.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.2_12-23.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-4.4.2_12-23.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.2_12-23.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.2_12-23.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.2_12-23.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.2_12-23.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2015-08-11T08:37:11Z",
"details": "important"
}
],
"title": "CVE-2015-5166"
}
]
}
SUSE-SU-2015:1479-1
Vulnerability from csaf_suse - Published: 2015-08-11 14:48 - Updated: 2015-08-11 14:48Summary
Security update for xen
Notes
Title of the patch
Security update for xen
Description of the patch
xen was updated to fix the following security issues:
* CVE-2015-5165: QEMU leak of uninitialized heap memory in rtl8139 device model (bsc#939712, XSA-140)
* CVE-2015-5166: Use after free in QEMU/Xen block unplug protocol (bsc#939709, XSA-139)
* CVE-2015-2751: Certain domctl operations could have be used to lock up the host (bsc#922709, XSA-127)
* CVE-2015-3259: xl command line config handling stack overflow (bsc#935634, XSA-137)
* CVE-2015-4164: DoS through iret hypercall handler (bsc#932996, XSA-136)
* CVE-2015-5154: Host code execution via IDE subsystem CD-ROM (bsc#938344)
Patchnames
sdksp3-xen-12066,sledsp3-xen-12066,slessp3-xen-12066
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for xen",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nxen was updated to fix the following security issues:\n\n* CVE-2015-5165: QEMU leak of uninitialized heap memory in rtl8139 device model (bsc#939712, XSA-140)\n* CVE-2015-5166: Use after free in QEMU/Xen block unplug protocol (bsc#939709, XSA-139)\n* CVE-2015-2751: Certain domctl operations could have be used to lock up the host (bsc#922709, XSA-127)\n* CVE-2015-3259: xl command line config handling stack overflow (bsc#935634, XSA-137)\n* CVE-2015-4164: DoS through iret hypercall handler (bsc#932996, XSA-136)\n* CVE-2015-5154: Host code execution via IDE subsystem CD-ROM (bsc#938344)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "sdksp3-xen-12066,sledsp3-xen-12066,slessp3-xen-12066",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2015_1479-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2015:1479-1",
"url": "https://www.suse.com/support/update/announcement/2015/suse-su-20151479-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2015:1479-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2015-September/001564.html"
},
{
"category": "self",
"summary": "SUSE Bug 922709",
"url": "https://bugzilla.suse.com/922709"
},
{
"category": "self",
"summary": "SUSE Bug 932996",
"url": "https://bugzilla.suse.com/932996"
},
{
"category": "self",
"summary": "SUSE Bug 935634",
"url": "https://bugzilla.suse.com/935634"
},
{
"category": "self",
"summary": "SUSE Bug 938344",
"url": "https://bugzilla.suse.com/938344"
},
{
"category": "self",
"summary": "SUSE Bug 939709",
"url": "https://bugzilla.suse.com/939709"
},
{
"category": "self",
"summary": "SUSE Bug 939712",
"url": "https://bugzilla.suse.com/939712"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-2751 page",
"url": "https://www.suse.com/security/cve/CVE-2015-2751/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-3259 page",
"url": "https://www.suse.com/security/cve/CVE-2015-3259/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-4164 page",
"url": "https://www.suse.com/security/cve/CVE-2015-4164/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-5154 page",
"url": "https://www.suse.com/security/cve/CVE-2015-5154/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-5165 page",
"url": "https://www.suse.com/security/cve/CVE-2015-5165/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-5166 page",
"url": "https://www.suse.com/security/cve/CVE-2015-5166/"
}
],
"title": "Security update for xen",
"tracking": {
"current_release_date": "2015-08-11T14:48:22Z",
"generator": {
"date": "2015-08-11T14:48:22Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2015:1479-1",
"initial_release_date": "2015-08-11T14:48:22Z",
"revision_history": [
{
"date": "2015-08-11T14:48:22Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "xen-devel-4.2.5_12-15.1.i586",
"product": {
"name": "xen-devel-4.2.5_12-15.1.i586",
"product_id": "xen-devel-4.2.5_12-15.1.i586"
}
},
{
"category": "product_version",
"name": "xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"product": {
"name": "xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"product_id": "xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586"
}
},
{
"category": "product_version",
"name": "xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"product": {
"name": "xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"product_id": "xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586"
}
},
{
"category": "product_version",
"name": "xen-libs-4.2.5_12-15.1.i586",
"product": {
"name": "xen-libs-4.2.5_12-15.1.i586",
"product_id": "xen-libs-4.2.5_12-15.1.i586"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.2.5_12-15.1.i586",
"product": {
"name": "xen-tools-domU-4.2.5_12-15.1.i586",
"product_id": "xen-tools-domU-4.2.5_12-15.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-devel-4.2.5_12-15.1.x86_64",
"product": {
"name": "xen-devel-4.2.5_12-15.1.x86_64",
"product_id": "xen-devel-4.2.5_12-15.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-4.2.5_12-15.1.x86_64",
"product": {
"name": "xen-4.2.5_12-15.1.x86_64",
"product_id": "xen-4.2.5_12-15.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.2.5_12-15.1.x86_64",
"product": {
"name": "xen-doc-html-4.2.5_12-15.1.x86_64",
"product_id": "xen-doc-html-4.2.5_12-15.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-doc-pdf-4.2.5_12-15.1.x86_64",
"product": {
"name": "xen-doc-pdf-4.2.5_12-15.1.x86_64",
"product_id": "xen-doc-pdf-4.2.5_12-15.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"product": {
"name": "xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"product_id": "xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.2.5_12-15.1.x86_64",
"product": {
"name": "xen-libs-4.2.5_12-15.1.x86_64",
"product_id": "xen-libs-4.2.5_12-15.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-32bit-4.2.5_12-15.1.x86_64",
"product": {
"name": "xen-libs-32bit-4.2.5_12-15.1.x86_64",
"product_id": "xen-libs-32bit-4.2.5_12-15.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.2.5_12-15.1.x86_64",
"product": {
"name": "xen-tools-4.2.5_12-15.1.x86_64",
"product_id": "xen-tools-4.2.5_12-15.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.2.5_12-15.1.x86_64",
"product": {
"name": "xen-tools-domU-4.2.5_12-15.1.x86_64",
"product_id": "xen-tools-domU-4.2.5_12-15.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 11 SP3",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 11 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP3",
"product_identification_helper": {
"cpe": "cpe:/a:suse:sle-sdk:11:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Desktop 11 SP3",
"product": {
"name": "SUSE Linux Enterprise Desktop 11 SP3",
"product_id": "SUSE Linux Enterprise Desktop 11 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_sled:11:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 11 SP3",
"product": {
"name": "SUSE Linux Enterprise Server 11 SP3",
"product_id": "SUSE Linux Enterprise Server 11 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_sles:11:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product": {
"name": "SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:11:sp3:teradata"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 11 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 11 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:11:sp3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.2.5_12-15.1.i586 as component of SUSE Linux Enterprise Software Development Kit 11 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP3:xen-devel-4.2.5_12-15.1.i586"
},
"product_reference": "xen-devel-4.2.5_12-15.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.2.5_12-15.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 11 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP3:xen-devel-4.2.5_12-15.1.x86_64"
},
"product_reference": "xen-devel-4.2.5_12-15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.2.5_12-15.1.x86_64 as component of SUSE Linux Enterprise Desktop 11 SP3",
"product_id": "SUSE Linux Enterprise Desktop 11 SP3:xen-4.2.5_12-15.1.x86_64"
},
"product_reference": "xen-4.2.5_12-15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.2.5_12-15.1.x86_64 as component of SUSE Linux Enterprise Desktop 11 SP3",
"product_id": "SUSE Linux Enterprise Desktop 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64"
},
"product_reference": "xen-doc-html-4.2.5_12-15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-pdf-4.2.5_12-15.1.x86_64 as component of SUSE Linux Enterprise Desktop 11 SP3",
"product_id": "SUSE Linux Enterprise Desktop 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64"
},
"product_reference": "xen-doc-pdf-4.2.5_12-15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586 as component of SUSE Linux Enterprise Desktop 11 SP3",
"product_id": "SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586"
},
"product_reference": "xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64 as component of SUSE Linux Enterprise Desktop 11 SP3",
"product_id": "SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64"
},
"product_reference": "xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586 as component of SUSE Linux Enterprise Desktop 11 SP3",
"product_id": "SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586"
},
"product_reference": "xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.2.5_12-15.1.i586 as component of SUSE Linux Enterprise Desktop 11 SP3",
"product_id": "SUSE Linux Enterprise Desktop 11 SP3:xen-libs-4.2.5_12-15.1.i586"
},
"product_reference": "xen-libs-4.2.5_12-15.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.2.5_12-15.1.x86_64 as component of SUSE Linux Enterprise Desktop 11 SP3",
"product_id": "SUSE Linux Enterprise Desktop 11 SP3:xen-libs-4.2.5_12-15.1.x86_64"
},
"product_reference": "xen-libs-4.2.5_12-15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.2.5_12-15.1.x86_64 as component of SUSE Linux Enterprise Desktop 11 SP3",
"product_id": "SUSE Linux Enterprise Desktop 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64"
},
"product_reference": "xen-libs-32bit-4.2.5_12-15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.2.5_12-15.1.x86_64 as component of SUSE Linux Enterprise Desktop 11 SP3",
"product_id": "SUSE Linux Enterprise Desktop 11 SP3:xen-tools-4.2.5_12-15.1.x86_64"
},
"product_reference": "xen-tools-4.2.5_12-15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.2.5_12-15.1.i586 as component of SUSE Linux Enterprise Desktop 11 SP3",
"product_id": "SUSE Linux Enterprise Desktop 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586"
},
"product_reference": "xen-tools-domU-4.2.5_12-15.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.2.5_12-15.1.x86_64 as component of SUSE Linux Enterprise Desktop 11 SP3",
"product_id": "SUSE Linux Enterprise Desktop 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64"
},
"product_reference": "xen-tools-domU-4.2.5_12-15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.2.5_12-15.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3",
"product_id": "SUSE Linux Enterprise Server 11 SP3:xen-4.2.5_12-15.1.x86_64"
},
"product_reference": "xen-4.2.5_12-15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.2.5_12-15.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3",
"product_id": "SUSE Linux Enterprise Server 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64"
},
"product_reference": "xen-doc-html-4.2.5_12-15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-pdf-4.2.5_12-15.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3",
"product_id": "SUSE Linux Enterprise Server 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64"
},
"product_reference": "xen-doc-pdf-4.2.5_12-15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586 as component of SUSE Linux Enterprise Server 11 SP3",
"product_id": "SUSE Linux Enterprise Server 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586"
},
"product_reference": "xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3",
"product_id": "SUSE Linux Enterprise Server 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64"
},
"product_reference": "xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586 as component of SUSE Linux Enterprise Server 11 SP3",
"product_id": "SUSE Linux Enterprise Server 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586"
},
"product_reference": "xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.2.5_12-15.1.i586 as component of SUSE Linux Enterprise Server 11 SP3",
"product_id": "SUSE Linux Enterprise Server 11 SP3:xen-libs-4.2.5_12-15.1.i586"
},
"product_reference": "xen-libs-4.2.5_12-15.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.2.5_12-15.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3",
"product_id": "SUSE Linux Enterprise Server 11 SP3:xen-libs-4.2.5_12-15.1.x86_64"
},
"product_reference": "xen-libs-4.2.5_12-15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.2.5_12-15.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3",
"product_id": "SUSE Linux Enterprise Server 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64"
},
"product_reference": "xen-libs-32bit-4.2.5_12-15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.2.5_12-15.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3",
"product_id": "SUSE Linux Enterprise Server 11 SP3:xen-tools-4.2.5_12-15.1.x86_64"
},
"product_reference": "xen-tools-4.2.5_12-15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.2.5_12-15.1.i586 as component of SUSE Linux Enterprise Server 11 SP3",
"product_id": "SUSE Linux Enterprise Server 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586"
},
"product_reference": "xen-tools-domU-4.2.5_12-15.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.2.5_12-15.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3",
"product_id": "SUSE Linux Enterprise Server 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64"
},
"product_reference": "xen-tools-domU-4.2.5_12-15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.2.5_12-15.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-4.2.5_12-15.1.x86_64"
},
"product_reference": "xen-4.2.5_12-15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.2.5_12-15.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-doc-html-4.2.5_12-15.1.x86_64"
},
"product_reference": "xen-doc-html-4.2.5_12-15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-pdf-4.2.5_12-15.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-doc-pdf-4.2.5_12-15.1.x86_64"
},
"product_reference": "xen-doc-pdf-4.2.5_12-15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586"
},
"product_reference": "xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64"
},
"product_reference": "xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586"
},
"product_reference": "xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.2.5_12-15.1.i586 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-libs-4.2.5_12-15.1.i586"
},
"product_reference": "xen-libs-4.2.5_12-15.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.2.5_12-15.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-libs-4.2.5_12-15.1.x86_64"
},
"product_reference": "xen-libs-4.2.5_12-15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.2.5_12-15.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-libs-32bit-4.2.5_12-15.1.x86_64"
},
"product_reference": "xen-libs-32bit-4.2.5_12-15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.2.5_12-15.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-tools-4.2.5_12-15.1.x86_64"
},
"product_reference": "xen-tools-4.2.5_12-15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.2.5_12-15.1.i586 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-tools-domU-4.2.5_12-15.1.i586"
},
"product_reference": "xen-tools-domU-4.2.5_12-15.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.2.5_12-15.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-tools-domU-4.2.5_12-15.1.x86_64"
},
"product_reference": "xen-tools-domU-4.2.5_12-15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.2.5_12-15.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-4.2.5_12-15.1.x86_64"
},
"product_reference": "xen-4.2.5_12-15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.2.5_12-15.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64"
},
"product_reference": "xen-doc-html-4.2.5_12-15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-pdf-4.2.5_12-15.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64"
},
"product_reference": "xen-doc-pdf-4.2.5_12-15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586"
},
"product_reference": "xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64"
},
"product_reference": "xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586"
},
"product_reference": "xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.2.5_12-15.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-libs-4.2.5_12-15.1.i586"
},
"product_reference": "xen-libs-4.2.5_12-15.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.2.5_12-15.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-libs-4.2.5_12-15.1.x86_64"
},
"product_reference": "xen-libs-4.2.5_12-15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.2.5_12-15.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64"
},
"product_reference": "xen-libs-32bit-4.2.5_12-15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.2.5_12-15.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-tools-4.2.5_12-15.1.x86_64"
},
"product_reference": "xen-tools-4.2.5_12-15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.2.5_12-15.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586"
},
"product_reference": "xen-tools-domU-4.2.5_12-15.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.2.5_12-15.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64"
},
"product_reference": "xen-tools-domU-4.2.5_12-15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-2751",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-2751"
}
],
"notes": [
{
"category": "general",
"text": "Xen 4.3.x, 4.4.x, and 4.5.x, when using toolstack disaggregation, allows remote domains with partial management control to cause a denial of service (host lock) via unspecified domctl operations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 11 SP3:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-tools-domU-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP3:xen-devel-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP3:xen-devel-4.2.5_12-15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-2751",
"url": "https://www.suse.com/security/cve/CVE-2015-2751"
},
{
"category": "external",
"summary": "SUSE Bug 922709 for CVE-2015-2751",
"url": "https://bugzilla.suse.com/922709"
},
{
"category": "external",
"summary": "SUSE Bug 950367 for CVE-2015-2751",
"url": "https://bugzilla.suse.com/950367"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 11 SP3:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-tools-domU-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP3:xen-devel-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP3:xen-devel-4.2.5_12-15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2015-08-11T14:48:22Z",
"details": "important"
}
],
"title": "CVE-2015-2751"
},
{
"cve": "CVE-2015-3259",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-3259"
}
],
"notes": [
{
"category": "general",
"text": "Stack-based buffer overflow in the xl command line utility in Xen 4.1.x through 4.5.x allows local guest administrators to gain privileges via a long configuration argument.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 11 SP3:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-tools-domU-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP3:xen-devel-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP3:xen-devel-4.2.5_12-15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-3259",
"url": "https://www.suse.com/security/cve/CVE-2015-3259"
},
{
"category": "external",
"summary": "SUSE Bug 935634 for CVE-2015-3259",
"url": "https://bugzilla.suse.com/935634"
},
{
"category": "external",
"summary": "SUSE Bug 936281 for CVE-2015-3259",
"url": "https://bugzilla.suse.com/936281"
},
{
"category": "external",
"summary": "SUSE Bug 937018 for CVE-2015-3259",
"url": "https://bugzilla.suse.com/937018"
},
{
"category": "external",
"summary": "SUSE Bug 950367 for CVE-2015-3259",
"url": "https://bugzilla.suse.com/950367"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 11 SP3:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-tools-domU-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP3:xen-devel-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP3:xen-devel-4.2.5_12-15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2015-08-11T14:48:22Z",
"details": "moderate"
}
],
"title": "CVE-2015-3259"
},
{
"cve": "CVE-2015-4164",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-4164"
}
],
"notes": [
{
"category": "general",
"text": "The compat_iret function in Xen 3.1 through 4.5 iterates the wrong way through a loop, which allows local 32-bit PV guest administrators to cause a denial of service (large loop and system hang) via a hypercall_iret call with EFLAGS.VM set.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 11 SP3:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-tools-domU-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP3:xen-devel-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP3:xen-devel-4.2.5_12-15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-4164",
"url": "https://www.suse.com/security/cve/CVE-2015-4164"
},
{
"category": "external",
"summary": "SUSE Bug 932996 for CVE-2015-4164",
"url": "https://bugzilla.suse.com/932996"
},
{
"category": "external",
"summary": "SUSE Bug 950367 for CVE-2015-4164",
"url": "https://bugzilla.suse.com/950367"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 11 SP3:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-tools-domU-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP3:xen-devel-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP3:xen-devel-4.2.5_12-15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2015-08-11T14:48:22Z",
"details": "moderate"
}
],
"title": "CVE-2015-4164"
},
{
"cve": "CVE-2015-5154",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-5154"
}
],
"notes": [
{
"category": "general",
"text": "Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 11 SP3:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-tools-domU-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP3:xen-devel-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP3:xen-devel-4.2.5_12-15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-5154",
"url": "https://www.suse.com/security/cve/CVE-2015-5154"
},
{
"category": "external",
"summary": "SUSE Bug 938344 for CVE-2015-5154",
"url": "https://bugzilla.suse.com/938344"
},
{
"category": "external",
"summary": "SUSE Bug 950367 for CVE-2015-5154",
"url": "https://bugzilla.suse.com/950367"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 11 SP3:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-tools-domU-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP3:xen-devel-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP3:xen-devel-4.2.5_12-15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2015-08-11T14:48:22Z",
"details": "important"
}
],
"title": "CVE-2015-5154"
},
{
"cve": "CVE-2015-5165",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-5165"
}
],
"notes": [
{
"category": "general",
"text": "The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 11 SP3:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-tools-domU-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP3:xen-devel-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP3:xen-devel-4.2.5_12-15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-5165",
"url": "https://www.suse.com/security/cve/CVE-2015-5165"
},
{
"category": "external",
"summary": "SUSE Bug 939712 for CVE-2015-5165",
"url": "https://bugzilla.suse.com/939712"
},
{
"category": "external",
"summary": "SUSE Bug 950367 for CVE-2015-5165",
"url": "https://bugzilla.suse.com/950367"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 11 SP3:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-tools-domU-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP3:xen-devel-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP3:xen-devel-4.2.5_12-15.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Desktop 11 SP3:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-tools-domU-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP3:xen-devel-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP3:xen-devel-4.2.5_12-15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2015-08-11T14:48:22Z",
"details": "moderate"
}
],
"title": "CVE-2015-5165"
},
{
"cve": "CVE-2015-5166",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-5166"
}
],
"notes": [
{
"category": "general",
"text": "Use-after-free vulnerability in QEMU in Xen 4.5.x and earlier does not completely unplug emulated block devices, which allows local HVM guest users to gain privileges by unplugging a block device twice.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 11 SP3:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-tools-domU-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP3:xen-devel-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP3:xen-devel-4.2.5_12-15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-5166",
"url": "https://www.suse.com/security/cve/CVE-2015-5166"
},
{
"category": "external",
"summary": "SUSE Bug 939709 for CVE-2015-5166",
"url": "https://bugzilla.suse.com/939709"
},
{
"category": "external",
"summary": "SUSE Bug 950367 for CVE-2015-5166",
"url": "https://bugzilla.suse.com/950367"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 11 SP3:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-tools-domU-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP3:xen-devel-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP3:xen-devel-4.2.5_12-15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2015-08-11T14:48:22Z",
"details": "important"
}
],
"title": "CVE-2015-5166"
}
]
}
SUSE-SU-2015:1479-2
Vulnerability from csaf_suse - Published: 2015-08-11 14:48 - Updated: 2015-08-11 14:48Summary
Security update for xen
Notes
Title of the patch
Security update for xen
Description of the patch
xen was updated to fix the following security issues:
* CVE-2015-5165: QEMU leak of uninitialized heap memory in rtl8139 device model (bsc#939712, XSA-140)
* CVE-2015-5166: Use after free in QEMU/Xen block unplug protocol (bsc#939709, XSA-139)
* CVE-2015-2751: Certain domctl operations could have be used to lock up the host (bsc#922709, XSA-127)
* CVE-2015-3259: xl command line config handling stack overflow (bsc#935634, XSA-137)
* CVE-2015-4164: DoS through iret hypercall handler (bsc#932996, XSA-136)
* CVE-2015-5154: Host code execution via IDE subsystem CD-ROM (bsc#938344)
Patchnames
sledsp3-xen-12066
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for xen",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nxen was updated to fix the following security issues:\n\n* CVE-2015-5165: QEMU leak of uninitialized heap memory in rtl8139 device model (bsc#939712, XSA-140)\n* CVE-2015-5166: Use after free in QEMU/Xen block unplug protocol (bsc#939709, XSA-139)\n* CVE-2015-2751: Certain domctl operations could have be used to lock up the host (bsc#922709, XSA-127)\n* CVE-2015-3259: xl command line config handling stack overflow (bsc#935634, XSA-137)\n* CVE-2015-4164: DoS through iret hypercall handler (bsc#932996, XSA-136)\n* CVE-2015-5154: Host code execution via IDE subsystem CD-ROM (bsc#938344)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "sledsp3-xen-12066",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2015_1479-2.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2015:1479-2",
"url": "https://www.suse.com/support/update/announcement/2015/suse-su-20151479-2/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2015:1479-2",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2015-September/001565.html"
},
{
"category": "self",
"summary": "SUSE Bug 922709",
"url": "https://bugzilla.suse.com/922709"
},
{
"category": "self",
"summary": "SUSE Bug 932996",
"url": "https://bugzilla.suse.com/932996"
},
{
"category": "self",
"summary": "SUSE Bug 935634",
"url": "https://bugzilla.suse.com/935634"
},
{
"category": "self",
"summary": "SUSE Bug 938344",
"url": "https://bugzilla.suse.com/938344"
},
{
"category": "self",
"summary": "SUSE Bug 939709",
"url": "https://bugzilla.suse.com/939709"
},
{
"category": "self",
"summary": "SUSE Bug 939712",
"url": "https://bugzilla.suse.com/939712"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-2751 page",
"url": "https://www.suse.com/security/cve/CVE-2015-2751/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-3259 page",
"url": "https://www.suse.com/security/cve/CVE-2015-3259/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-4164 page",
"url": "https://www.suse.com/security/cve/CVE-2015-4164/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-5154 page",
"url": "https://www.suse.com/security/cve/CVE-2015-5154/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-5165 page",
"url": "https://www.suse.com/security/cve/CVE-2015-5165/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-5166 page",
"url": "https://www.suse.com/security/cve/CVE-2015-5166/"
}
],
"title": "Security update for xen",
"tracking": {
"current_release_date": "2015-08-11T14:48:25Z",
"generator": {
"date": "2015-08-11T14:48:25Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2015:1479-2",
"initial_release_date": "2015-08-11T14:48:25Z",
"revision_history": [
{
"date": "2015-08-11T14:48:25Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"product": {
"name": "xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"product_id": "xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586"
}
},
{
"category": "product_version",
"name": "xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"product": {
"name": "xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"product_id": "xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586"
}
},
{
"category": "product_version",
"name": "xen-libs-4.2.5_12-15.1.i586",
"product": {
"name": "xen-libs-4.2.5_12-15.1.i586",
"product_id": "xen-libs-4.2.5_12-15.1.i586"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.2.5_12-15.1.i586",
"product": {
"name": "xen-tools-domU-4.2.5_12-15.1.i586",
"product_id": "xen-tools-domU-4.2.5_12-15.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-4.2.5_12-15.1.x86_64",
"product": {
"name": "xen-4.2.5_12-15.1.x86_64",
"product_id": "xen-4.2.5_12-15.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.2.5_12-15.1.x86_64",
"product": {
"name": "xen-doc-html-4.2.5_12-15.1.x86_64",
"product_id": "xen-doc-html-4.2.5_12-15.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-doc-pdf-4.2.5_12-15.1.x86_64",
"product": {
"name": "xen-doc-pdf-4.2.5_12-15.1.x86_64",
"product_id": "xen-doc-pdf-4.2.5_12-15.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"product": {
"name": "xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"product_id": "xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.2.5_12-15.1.x86_64",
"product": {
"name": "xen-libs-4.2.5_12-15.1.x86_64",
"product_id": "xen-libs-4.2.5_12-15.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-32bit-4.2.5_12-15.1.x86_64",
"product": {
"name": "xen-libs-32bit-4.2.5_12-15.1.x86_64",
"product_id": "xen-libs-32bit-4.2.5_12-15.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.2.5_12-15.1.x86_64",
"product": {
"name": "xen-tools-4.2.5_12-15.1.x86_64",
"product_id": "xen-tools-4.2.5_12-15.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.2.5_12-15.1.x86_64",
"product": {
"name": "xen-tools-domU-4.2.5_12-15.1.x86_64",
"product_id": "xen-tools-domU-4.2.5_12-15.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Desktop 11 SP3",
"product": {
"name": "SUSE Linux Enterprise Desktop 11 SP3",
"product_id": "SUSE Linux Enterprise Desktop 11 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_sled:11:sp3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.2.5_12-15.1.x86_64 as component of SUSE Linux Enterprise Desktop 11 SP3",
"product_id": "SUSE Linux Enterprise Desktop 11 SP3:xen-4.2.5_12-15.1.x86_64"
},
"product_reference": "xen-4.2.5_12-15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.2.5_12-15.1.x86_64 as component of SUSE Linux Enterprise Desktop 11 SP3",
"product_id": "SUSE Linux Enterprise Desktop 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64"
},
"product_reference": "xen-doc-html-4.2.5_12-15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-pdf-4.2.5_12-15.1.x86_64 as component of SUSE Linux Enterprise Desktop 11 SP3",
"product_id": "SUSE Linux Enterprise Desktop 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64"
},
"product_reference": "xen-doc-pdf-4.2.5_12-15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586 as component of SUSE Linux Enterprise Desktop 11 SP3",
"product_id": "SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586"
},
"product_reference": "xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64 as component of SUSE Linux Enterprise Desktop 11 SP3",
"product_id": "SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64"
},
"product_reference": "xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586 as component of SUSE Linux Enterprise Desktop 11 SP3",
"product_id": "SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586"
},
"product_reference": "xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.2.5_12-15.1.i586 as component of SUSE Linux Enterprise Desktop 11 SP3",
"product_id": "SUSE Linux Enterprise Desktop 11 SP3:xen-libs-4.2.5_12-15.1.i586"
},
"product_reference": "xen-libs-4.2.5_12-15.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.2.5_12-15.1.x86_64 as component of SUSE Linux Enterprise Desktop 11 SP3",
"product_id": "SUSE Linux Enterprise Desktop 11 SP3:xen-libs-4.2.5_12-15.1.x86_64"
},
"product_reference": "xen-libs-4.2.5_12-15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.2.5_12-15.1.x86_64 as component of SUSE Linux Enterprise Desktop 11 SP3",
"product_id": "SUSE Linux Enterprise Desktop 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64"
},
"product_reference": "xen-libs-32bit-4.2.5_12-15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.2.5_12-15.1.x86_64 as component of SUSE Linux Enterprise Desktop 11 SP3",
"product_id": "SUSE Linux Enterprise Desktop 11 SP3:xen-tools-4.2.5_12-15.1.x86_64"
},
"product_reference": "xen-tools-4.2.5_12-15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.2.5_12-15.1.i586 as component of SUSE Linux Enterprise Desktop 11 SP3",
"product_id": "SUSE Linux Enterprise Desktop 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586"
},
"product_reference": "xen-tools-domU-4.2.5_12-15.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.2.5_12-15.1.x86_64 as component of SUSE Linux Enterprise Desktop 11 SP3",
"product_id": "SUSE Linux Enterprise Desktop 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64"
},
"product_reference": "xen-tools-domU-4.2.5_12-15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 11 SP3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-2751",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-2751"
}
],
"notes": [
{
"category": "general",
"text": "Xen 4.3.x, 4.4.x, and 4.5.x, when using toolstack disaggregation, allows remote domains with partial management control to cause a denial of service (host lock) via unspecified domctl operations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 11 SP3:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-2751",
"url": "https://www.suse.com/security/cve/CVE-2015-2751"
},
{
"category": "external",
"summary": "SUSE Bug 922709 for CVE-2015-2751",
"url": "https://bugzilla.suse.com/922709"
},
{
"category": "external",
"summary": "SUSE Bug 950367 for CVE-2015-2751",
"url": "https://bugzilla.suse.com/950367"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 11 SP3:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2015-08-11T14:48:25Z",
"details": "important"
}
],
"title": "CVE-2015-2751"
},
{
"cve": "CVE-2015-3259",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-3259"
}
],
"notes": [
{
"category": "general",
"text": "Stack-based buffer overflow in the xl command line utility in Xen 4.1.x through 4.5.x allows local guest administrators to gain privileges via a long configuration argument.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 11 SP3:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-3259",
"url": "https://www.suse.com/security/cve/CVE-2015-3259"
},
{
"category": "external",
"summary": "SUSE Bug 935634 for CVE-2015-3259",
"url": "https://bugzilla.suse.com/935634"
},
{
"category": "external",
"summary": "SUSE Bug 936281 for CVE-2015-3259",
"url": "https://bugzilla.suse.com/936281"
},
{
"category": "external",
"summary": "SUSE Bug 937018 for CVE-2015-3259",
"url": "https://bugzilla.suse.com/937018"
},
{
"category": "external",
"summary": "SUSE Bug 950367 for CVE-2015-3259",
"url": "https://bugzilla.suse.com/950367"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 11 SP3:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2015-08-11T14:48:25Z",
"details": "moderate"
}
],
"title": "CVE-2015-3259"
},
{
"cve": "CVE-2015-4164",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-4164"
}
],
"notes": [
{
"category": "general",
"text": "The compat_iret function in Xen 3.1 through 4.5 iterates the wrong way through a loop, which allows local 32-bit PV guest administrators to cause a denial of service (large loop and system hang) via a hypercall_iret call with EFLAGS.VM set.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 11 SP3:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-4164",
"url": "https://www.suse.com/security/cve/CVE-2015-4164"
},
{
"category": "external",
"summary": "SUSE Bug 932996 for CVE-2015-4164",
"url": "https://bugzilla.suse.com/932996"
},
{
"category": "external",
"summary": "SUSE Bug 950367 for CVE-2015-4164",
"url": "https://bugzilla.suse.com/950367"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 11 SP3:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2015-08-11T14:48:25Z",
"details": "moderate"
}
],
"title": "CVE-2015-4164"
},
{
"cve": "CVE-2015-5154",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-5154"
}
],
"notes": [
{
"category": "general",
"text": "Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 11 SP3:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-5154",
"url": "https://www.suse.com/security/cve/CVE-2015-5154"
},
{
"category": "external",
"summary": "SUSE Bug 938344 for CVE-2015-5154",
"url": "https://bugzilla.suse.com/938344"
},
{
"category": "external",
"summary": "SUSE Bug 950367 for CVE-2015-5154",
"url": "https://bugzilla.suse.com/950367"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 11 SP3:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2015-08-11T14:48:25Z",
"details": "important"
}
],
"title": "CVE-2015-5154"
},
{
"cve": "CVE-2015-5165",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-5165"
}
],
"notes": [
{
"category": "general",
"text": "The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 11 SP3:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-5165",
"url": "https://www.suse.com/security/cve/CVE-2015-5165"
},
{
"category": "external",
"summary": "SUSE Bug 939712 for CVE-2015-5165",
"url": "https://bugzilla.suse.com/939712"
},
{
"category": "external",
"summary": "SUSE Bug 950367 for CVE-2015-5165",
"url": "https://bugzilla.suse.com/950367"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 11 SP3:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Desktop 11 SP3:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2015-08-11T14:48:25Z",
"details": "moderate"
}
],
"title": "CVE-2015-5165"
},
{
"cve": "CVE-2015-5166",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-5166"
}
],
"notes": [
{
"category": "general",
"text": "Use-after-free vulnerability in QEMU in Xen 4.5.x and earlier does not completely unplug emulated block devices, which allows local HVM guest users to gain privileges by unplugging a block device twice.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 11 SP3:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-5166",
"url": "https://www.suse.com/security/cve/CVE-2015-5166"
},
{
"category": "external",
"summary": "SUSE Bug 939709 for CVE-2015-5166",
"url": "https://bugzilla.suse.com/939709"
},
{
"category": "external",
"summary": "SUSE Bug 950367 for CVE-2015-5166",
"url": "https://bugzilla.suse.com/950367"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 11 SP3:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2015-08-11T14:48:25Z",
"details": "important"
}
],
"title": "CVE-2015-5166"
}
]
}
GSD-2015-5166
Vulnerability from gsd - Updated: 2023-12-13 01:20Details
Use-after-free vulnerability in QEMU in Xen 4.5.x and earlier does not completely unplug emulated block devices, which allows local HVM guest users to gain privileges by unplugging a block device twice.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2015-5166",
"description": "Use-after-free vulnerability in QEMU in Xen 4.5.x and earlier does not completely unplug emulated block devices, which allows local HVM guest users to gain privileges by unplugging a block device twice.",
"id": "GSD-2015-5166",
"references": [
"https://www.suse.com/security/cve/CVE-2015-5166.html",
"https://ubuntu.com/security/CVE-2015-5166",
"https://advisories.mageia.org/CVE-2015-5166.html",
"https://linux.oracle.com/cve/CVE-2015-5166.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2015-5166"
],
"details": "Use-after-free vulnerability in QEMU in Xen 4.5.x and earlier does not completely unplug emulated block devices, which allows local HVM guest users to gain privileges by unplugging a block device twice.",
"id": "GSD-2015-5166",
"modified": "2023-12-13T01:20:06.456150Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5166",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in QEMU in Xen 4.5.x and earlier does not completely unplug emulated block devices, which allows local HVM guest users to gain privileges by unplugging a block device twice."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165373.html",
"refsource": "MISC",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165373.html"
},
{
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167792.html",
"refsource": "MISC",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167792.html"
},
{
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167820.html",
"refsource": "MISC",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167820.html"
},
{
"name": "http://www.securityfocus.com/bid/76152",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/76152"
},
{
"name": "http://www.securitytracker.com/id/1033175",
"refsource": "MISC",
"url": "http://www.securitytracker.com/id/1033175"
},
{
"name": "http://xenbits.xen.org/xsa/advisory-139.html",
"refsource": "MISC",
"url": "http://xenbits.xen.org/xsa/advisory-139.html"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.5.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:xen:xen:4.5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5166"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Use-after-free vulnerability in QEMU in Xen 4.5.x and earlier does not completely unplug emulated block devices, which allows local HVM guest users to gain privileges by unplugging a block device twice."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://xenbits.xen.org/xsa/advisory-139.html",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://xenbits.xen.org/xsa/advisory-139.html"
},
{
"name": "1033175",
"refsource": "SECTRACK",
"tags": [],
"url": "http://www.securitytracker.com/id/1033175"
},
{
"name": "FEDORA-2015-15944",
"refsource": "FEDORA",
"tags": [],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167820.html"
},
{
"name": "FEDORA-2015-15946",
"refsource": "FEDORA",
"tags": [],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167792.html"
},
{
"name": "76152",
"refsource": "BID",
"tags": [],
"url": "http://www.securityfocus.com/bid/76152"
},
{
"name": "FEDORA-2015-14361",
"refsource": "FEDORA",
"tags": [],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165373.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2018-10-30T16:26Z",
"publishedDate": "2015-08-12T14:59Z"
}
}
}
CNVD-2015-05146
Vulnerability from cnvd - Published: 2015-08-06
VLAI Severity ?
Title
Qemu内存错误引用漏洞
Description
QEMU是一款开源模拟器软件。
支持IDE Emulation PCI PIIX3/4的Qemu向客户端I/O端口写入数据时,存在内存错误引用漏洞,客户端用户利用此漏洞可造成Qemu实例崩溃,导致拒绝服务。
Severity
中
Patch Name
Qemu内存错误引用漏洞的补丁
Patch Description
QEMU是一款开源模拟器软件。支持IDE Emulation PCI PIIX3/4的Qemu向客户端I/O端口写入数据时,存在内存错误引用漏洞,客户端用户利用此漏洞可造成Qemu实例崩溃,导致拒绝服务。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://fabrice.bellard.free.fr/qemu/ http://xenbits.xen.org/xsa/advisory-139.html http://xenbits.xen.org/xsa/advisory-140.html
Reference
https://bugzilla.redhat.com/show_bug.cgi?id=1248760
Impacted products
| Name | QEMU QEMU |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2015-5166"
}
},
"description": "QEMU\u662f\u4e00\u6b3e\u5f00\u6e90\u6a21\u62df\u5668\u8f6f\u4ef6\u3002\r\n\r\n\u652f\u6301IDE Emulation PCI PIIX3/4\u7684Qemu\u5411\u5ba2\u6237\u7aefI/O\u7aef\u53e3\u5199\u5165\u6570\u636e\u65f6\uff0c\u5b58\u5728\u5185\u5b58\u9519\u8bef\u5f15\u7528\u6f0f\u6d1e\uff0c\u5ba2\u6237\u7aef\u7528\u6237\u5229\u7528\u6b64\u6f0f\u6d1e\u53ef\u9020\u6210Qemu\u5b9e\u4f8b\u5d29\u6e83\uff0c\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002",
"discovererName": "Donghai Zhu",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\nhttp://fabrice.bellard.free.fr/qemu/\r\nhttp://xenbits.xen.org/xsa/advisory-139.html\r\nhttp://xenbits.xen.org/xsa/advisory-140.html",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2015-05146",
"openTime": "2015-08-06",
"patchDescription": "QEMU\u662f\u4e00\u6b3e\u5f00\u6e90\u6a21\u62df\u5668\u8f6f\u4ef6\u3002\u652f\u6301IDE Emulation PCI PIIX3/4\u7684Qemu\u5411\u5ba2\u6237\u7aefI/O\u7aef\u53e3\u5199\u5165\u6570\u636e\u65f6\uff0c\u5b58\u5728\u5185\u5b58\u9519\u8bef\u5f15\u7528\u6f0f\u6d1e\uff0c\u5ba2\u6237\u7aef\u7528\u6237\u5229\u7528\u6b64\u6f0f\u6d1e\u53ef\u9020\u6210Qemu\u5b9e\u4f8b\u5d29\u6e83\uff0c\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Qemu\u5185\u5b58\u9519\u8bef\u5f15\u7528\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "QEMU QEMU"
},
"referenceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=1248760",
"serverity": "\u4e2d",
"submitTime": "2015-08-05",
"title": "Qemu\u5185\u5b58\u9519\u8bef\u5f15\u7528\u6f0f\u6d1e"
}
FKIE_CVE-2015-5166
Vulnerability from fkie_nvd - Published: 2015-08-12 14:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Use-after-free vulnerability in QEMU in Xen 4.5.x and earlier does not completely unplug emulated block devices, which allows local HVM guest users to gain privileges by unplugging a block device twice.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fedoraproject | fedora | 21 | |
| fedoraproject | fedora | 22 | |
| xen | xen | * | |
| xen | xen | 4.5.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*",
"matchCriteriaId": "56BDB5A0-0839-4A20-A003-B8CD56F48171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*",
"matchCriteriaId": "253C303A-E577-4488-93E6-68A8DD942C38",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FE6592AF-775F-4B8A-8E33-57A1239852E3",
"versionEndIncluding": "4.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:xen:xen:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F0ED340C-6746-471E-9F2D-19D62D224B7A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in QEMU in Xen 4.5.x and earlier does not completely unplug emulated block devices, which allows local HVM guest users to gain privileges by unplugging a block device twice."
},
{
"lang": "es",
"value": "Vulnerabilidad de uso despu\u00e9s de liberaci\u00f3n en la memoria en QEMU en Xen 4.5.x y versiones anteriores, no desconecta completamente los dispositivos de bloque emulados, lo que permite a usuarios invitados HVM locales obtener privilegios desconectando un dispositivo de bloque dos veces."
}
],
"id": "CVE-2015-5166",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-08-12T14:59:25.247",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165373.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167792.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167820.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/76152"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id/1033175"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://xenbits.xen.org/xsa/advisory-139.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165373.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167792.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167820.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/76152"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1033175"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://xenbits.xen.org/xsa/advisory-139.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-GPG2-4PPG-G82W
Vulnerability from github – Published: 2022-05-14 02:14 – Updated: 2022-05-14 02:14
VLAI?
Details
Use-after-free vulnerability in QEMU in Xen 4.5.x and earlier does not completely unplug emulated block devices, which allows local HVM guest users to gain privileges by unplugging a block device twice.
{
"affected": [],
"aliases": [
"CVE-2015-5166"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2015-08-12T14:59:00Z",
"severity": "HIGH"
},
"details": "Use-after-free vulnerability in QEMU in Xen 4.5.x and earlier does not completely unplug emulated block devices, which allows local HVM guest users to gain privileges by unplugging a block device twice.",
"id": "GHSA-gpg2-4ppg-g82w",
"modified": "2022-05-14T02:14:03Z",
"published": "2022-05-14T02:14:03Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5166"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165373.html"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167792.html"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167820.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/76152"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1033175"
},
{
"type": "WEB",
"url": "http://xenbits.xen.org/xsa/advisory-139.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…