Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2015-5154 (GCVE-0-2015-5154)
Vulnerability from cvelistv5 – Published: 2015-08-12 14:00 – Updated: 2024-08-06 06:32
VLAI
EPSS
Summary
Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
21 references
Date Public
2015-07-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:32:32.900Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "76048",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/76048"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://xenbits.xen.org/xsa/advisory-138.html"
},
{
"name": "SUSE-SU-2015:1643",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00027.html"
},
{
"name": "GLSA-201510-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201510-02"
},
{
"name": "1033074",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033074"
},
{
"name": "DSA-3348",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3348"
},
{
"name": "SUSE-SU-2015:1782",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00019.html"
},
{
"name": "RHSA-2015:1508",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1508.html"
},
{
"name": "RHSA-2015:1507",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1507.html"
},
{
"name": "FEDORA-2015-12714",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163681.html"
},
{
"name": "RHSA-2015:1512",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1512.html"
},
{
"name": "SUSE-SU-2015:1455",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00022.html"
},
{
"name": "SUSE-SU-2015:1299",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00041.html"
},
{
"name": "SUSE-SU-2015:1426",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00020.html"
},
{
"name": "FEDORA-2015-12657",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163658.html"
},
{
"name": "SUSE-SU-2015:1421",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00018.html"
},
{
"name": "GLSA-201604-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201604-03"
},
{
"name": "SUSE-SU-2015:1302",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00042.html"
},
{
"name": "SUSE-SU-2015:1409",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00017.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.citrix.com/article/CTX201593"
},
{
"name": "FEDORA-2015-12679",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163472.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-07-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-27T17:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "76048",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/76048"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://xenbits.xen.org/xsa/advisory-138.html"
},
{
"name": "SUSE-SU-2015:1643",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00027.html"
},
{
"name": "GLSA-201510-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201510-02"
},
{
"name": "1033074",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033074"
},
{
"name": "DSA-3348",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3348"
},
{
"name": "SUSE-SU-2015:1782",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00019.html"
},
{
"name": "RHSA-2015:1508",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1508.html"
},
{
"name": "RHSA-2015:1507",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1507.html"
},
{
"name": "FEDORA-2015-12714",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163681.html"
},
{
"name": "RHSA-2015:1512",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1512.html"
},
{
"name": "SUSE-SU-2015:1455",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00022.html"
},
{
"name": "SUSE-SU-2015:1299",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00041.html"
},
{
"name": "SUSE-SU-2015:1426",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00020.html"
},
{
"name": "FEDORA-2015-12657",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163658.html"
},
{
"name": "SUSE-SU-2015:1421",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00018.html"
},
{
"name": "GLSA-201604-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201604-03"
},
{
"name": "SUSE-SU-2015:1302",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00042.html"
},
{
"name": "SUSE-SU-2015:1409",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00017.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.citrix.com/article/CTX201593"
},
{
"name": "FEDORA-2015-12679",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163472.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-5154",
"datePublished": "2015-08-12T14:00:00.000Z",
"dateReserved": "2015-07-01T00:00:00.000Z",
"dateUpdated": "2024-08-06T06:32:32.900Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2015-5154",
"date": "2026-05-27",
"epss": "0.00388",
"percentile": "0.60025"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2015-5154\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2015-08-12T14:59:23.183\",\"lastModified\":\"2026-05-06T22:30:45.220\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands.\"},{\"lang\":\"es\",\"value\":\"Desbordamiento del buffer basado en memoria din\u00e1mica en el subsistema IDE en QEMU, usado en Xen 4.5.x y versiones anteriores, cuando el contenedor tiene una unidad CDROM habilitada, permite a usuarios invitados locales ejecutar c\u00f3digo arbitrario en el host a trav\u00e9s de comandos ATAPI no especificados.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":7.2,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":3.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"4.5.0\",\"matchCriteriaId\":\"FE6592AF-775F-4B8A-8E33-57A1239852E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:xen:xen:4.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F0ED340C-6746-471E-9F2D-19D62D224B7A\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp4:*:*:*:*:*:*\",\"matchCriteriaId\":\"F892F1B0-514C-42F7-90AE-12ACDFDC1033\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:suse:linux_enterprise_desktop:11:sp4:*:*:*:*:*:*\",\"matchCriteriaId\":\"17D4B6F2-514D-4BC2-B2C5-4E2FCCAC594C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:suse:linux_enterprise_desktop:12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1EB0F28-F23A-4969-8A3E-66DA2EFA40C3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*\",\"matchCriteriaId\":\"55C5561F-BE86-4EEA-99D4-8697F8BD9DFE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp4:*:*:*:*:*:*\",\"matchCriteriaId\":\"D41A798E-0D69-43C7-9A63-1E5921138EAC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB2A1559-651C-46B0-B436-8E03DC8A60D2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:suse:suse_linux_enterprise_server:12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9C649194-B8C2-49F7-A819-C635EE584ABF\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"56BDB5A0-0839-4A20-A003-B8CD56F48171\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"253C303A-E577-4488-93E6-68A8DD942C38\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E79AB8DD-C907-4038-A931-1A5A4CFB6A5B\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.3.0\",\"matchCriteriaId\":\"ABF17A18-4BE8-41B7-B50C-F4A137B3B2F1\"}]}]}],\"references\":[{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163472.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163658.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163681.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00041.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00042.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00017.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00018.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00020.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00022.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00027.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00019.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-1507.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-1508.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-1512.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://support.citrix.com/article/CTX201593\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.debian.org/security/2015/dsa-3348\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/bid/76048\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securitytracker.com/id/1033074\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://xenbits.xen.org/xsa/advisory-138.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201510-02\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201604-03\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163472.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163658.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163681.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00041.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00042.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00017.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00018.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00022.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00027.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00019.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-1507.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-1508.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-1512.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://support.citrix.com/article/CTX201593\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.debian.org/security/2015/dsa-3348\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/76048\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1033074\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://xenbits.xen.org/xsa/advisory-138.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201510-02\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201604-03\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
RHSA-2015:1512
Vulnerability from csaf_redhat - Published: 2015-07-28 17:50 - Updated: 2026-02-26 21:33Summary
Red Hat Security Advisory: qemu-kvm-rhev security update
Severity
Important
Notes
Topic: Updated qemu-kvm-rhev packages that fix two security issues are now
available for Red Hat Enterprise Linux OpenStack Platform 6 and Red Hat
Enterprise Linux OpenStack Platform 5 for RHEL 7.
Red Hat Product Security has rated this update as having Important security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
Details: KVM (Kernel-based Virtual Machine) is a full virtualization solution for
Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the
user-space component for running virtual machines using KVM.
A heap buffer overflow flaw was found in the way QEMU's IDE subsystem
handled I/O buffer access while processing certain ATAPI commands.
A privileged guest user in a guest with the CDROM drive enabled could
potentially use this flaw to execute arbitrary code on the host with the
privileges of the host's QEMU process corresponding to the guest.
(CVE-2015-5154)
An out-of-bounds memory access flaw, leading to memory corruption or
possibly an information leak, was found in QEMU's pit_ioport_read()
function. A privileged guest user in a QEMU guest, which had QEMU PIT
emulation enabled, could potentially, in rare cases, use this flaw to
execute arbitrary code on the host with the privileges of the hosting QEMU
process. (CVE-2015-3214)
Red Hat would like to thank Matt Tait of Google's Project Zero security
team for reporting the CVE-2015-3214 issue. The CVE-2015-5154 issue was
discovered by Kevin Wolf of Red Hat.
All qemu-kvm-rhev users are advised to upgrade to these updated packages,
which contain a backported patch to correct this issue. After installing
this update, shut down all running virtual machines. Once all virtual
machines have shut down, start them again for this update to take effect.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
An out-of-bounds memory access flaw, leading to memory corruption or possibly an information leak, was found in QEMU's pit_ioport_read() function. A privileged guest user in a QEMU guest, which had QEMU PIT emulation enabled, could potentially, in rare cases, use this flaw to execute arbitrary code on the host with the privileges of the hosting QEMU process.
6.5 ()
Affected products
Fixed
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH7-RHOS-5.0:libcacard-devel-rhev-10:2.1.2-23.el7_1.6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-5.0:libcacard-rhev-10:2.1.2-23.el7_1.6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-5.0:libcacard-tools-rhev-10:2.1.2-23.el7_1.6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-5.0:qemu-img-rhev-10:2.1.2-23.el7_1.6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-5.0:qemu-kvm-common-rhev-10:2.1.2-23.el7_1.6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-5.0:qemu-kvm-rhev-10:2.1.2-23.el7_1.6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-5.0:qemu-kvm-rhev-10:2.1.2-23.el7_1.6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-5.0:qemu-kvm-rhev-debuginfo-10:2.1.2-23.el7_1.6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-5.0:qemu-kvm-tools-rhev-10:2.1.2-23.el7_1.6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-6.0:libcacard-devel-rhev-10:2.1.2-23.el7_1.6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-6.0:libcacard-rhev-10:2.1.2-23.el7_1.6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-6.0:libcacard-tools-rhev-10:2.1.2-23.el7_1.6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-6.0:qemu-img-rhev-10:2.1.2-23.el7_1.6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-6.0:qemu-kvm-common-rhev-10:2.1.2-23.el7_1.6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-6.0:qemu-kvm-rhev-10:2.1.2-23.el7_1.6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-6.0:qemu-kvm-rhev-10:2.1.2-23.el7_1.6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-6.0:qemu-kvm-rhev-debuginfo-10:2.1.2-23.el7_1.6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-6.0:qemu-kvm-tools-rhev-10:2.1.2-23.el7_1.6.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A heap buffer overflow flaw was found in the way QEMU's IDE subsystem handled I/O buffer access while processing certain ATAPI commands. A privileged guest user in a guest with the CDROM drive enabled could potentially use this flaw to execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest.
6.5 ()
Affected products
Fixed
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH7-RHOS-5.0:libcacard-devel-rhev-10:2.1.2-23.el7_1.6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-5.0:libcacard-rhev-10:2.1.2-23.el7_1.6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-5.0:libcacard-tools-rhev-10:2.1.2-23.el7_1.6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-5.0:qemu-img-rhev-10:2.1.2-23.el7_1.6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-5.0:qemu-kvm-common-rhev-10:2.1.2-23.el7_1.6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-5.0:qemu-kvm-rhev-10:2.1.2-23.el7_1.6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-5.0:qemu-kvm-rhev-10:2.1.2-23.el7_1.6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-5.0:qemu-kvm-rhev-debuginfo-10:2.1.2-23.el7_1.6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-5.0:qemu-kvm-tools-rhev-10:2.1.2-23.el7_1.6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-6.0:libcacard-devel-rhev-10:2.1.2-23.el7_1.6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-6.0:libcacard-rhev-10:2.1.2-23.el7_1.6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-6.0:libcacard-tools-rhev-10:2.1.2-23.el7_1.6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-6.0:qemu-img-rhev-10:2.1.2-23.el7_1.6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-6.0:qemu-kvm-common-rhev-10:2.1.2-23.el7_1.6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-6.0:qemu-kvm-rhev-10:2.1.2-23.el7_1.6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-6.0:qemu-kvm-rhev-10:2.1.2-23.el7_1.6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-6.0:qemu-kvm-rhev-debuginfo-10:2.1.2-23.el7_1.6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-6.0:qemu-kvm-tools-rhev-10:2.1.2-23.el7_1.6.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
References
13 references
Acknowledgments
Google's Project Zero security team
Matt Tait
Red Hat
Kevin Wolf
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated qemu-kvm-rhev packages that fix two security issues are now\navailable for Red Hat Enterprise Linux OpenStack Platform 6 and Red Hat\nEnterprise Linux OpenStack Platform 5 for RHEL 7.\n\nRed Hat Product Security has rated this update as having Important security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "KVM (Kernel-based Virtual Machine) is a full virtualization solution for\nLinux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the\nuser-space component for running virtual machines using KVM.\n\nA heap buffer overflow flaw was found in the way QEMU\u0027s IDE subsystem\nhandled I/O buffer access while processing certain ATAPI commands.\nA privileged guest user in a guest with the CDROM drive enabled could\npotentially use this flaw to execute arbitrary code on the host with the\nprivileges of the host\u0027s QEMU process corresponding to the guest.\n(CVE-2015-5154)\n\nAn out-of-bounds memory access flaw, leading to memory corruption or\npossibly an information leak, was found in QEMU\u0027s pit_ioport_read()\nfunction. A privileged guest user in a QEMU guest, which had QEMU PIT\nemulation enabled, could potentially, in rare cases, use this flaw to\nexecute arbitrary code on the host with the privileges of the hosting QEMU\nprocess. (CVE-2015-3214)\n\nRed Hat would like to thank Matt Tait of Google\u0027s Project Zero security\nteam for reporting the CVE-2015-3214 issue. The CVE-2015-5154 issue was\ndiscovered by Kevin Wolf of Red Hat.\n\nAll qemu-kvm-rhev users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. After installing\nthis update, shut down all running virtual machines. Once all virtual\nmachines have shut down, start them again for this update to take effect.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2015:1512",
"url": "https://access.redhat.com/errata/RHSA-2015:1512"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1229640",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1229640"
},
{
"category": "external",
"summary": "1243563",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1243563"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2015/rhsa-2015_1512.json"
}
],
"title": "Red Hat Security Advisory: qemu-kvm-rhev security update",
"tracking": {
"current_release_date": "2026-02-26T21:33:26+00:00",
"generator": {
"date": "2026-02-26T21:33:26+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.1"
}
},
"id": "RHSA-2015:1512",
"initial_release_date": "2015-07-28T17:50:13+00:00",
"revision_history": [
{
"date": "2015-07-28T17:50:13+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2015-07-28T17:50:13+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-26T21:33:26+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7",
"product": {
"name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7",
"product_id": "7Server-RH7-RHOS-5.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openstack:5::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7",
"product": {
"name": "Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7",
"product_id": "7Server-RH7-RHOS-6.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openstack:6::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenStack Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "qemu-kvm-common-rhev-10:2.1.2-23.el7_1.6.x86_64",
"product": {
"name": "qemu-kvm-common-rhev-10:2.1.2-23.el7_1.6.x86_64",
"product_id": "qemu-kvm-common-rhev-10:2.1.2-23.el7_1.6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qemu-kvm-common-rhev@2.1.2-23.el7_1.6?arch=x86_64\u0026epoch=10"
}
}
},
{
"category": "product_version",
"name": "qemu-kvm-rhev-10:2.1.2-23.el7_1.6.x86_64",
"product": {
"name": "qemu-kvm-rhev-10:2.1.2-23.el7_1.6.x86_64",
"product_id": "qemu-kvm-rhev-10:2.1.2-23.el7_1.6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qemu-kvm-rhev@2.1.2-23.el7_1.6?arch=x86_64\u0026epoch=10"
}
}
},
{
"category": "product_version",
"name": "qemu-kvm-rhev-debuginfo-10:2.1.2-23.el7_1.6.x86_64",
"product": {
"name": "qemu-kvm-rhev-debuginfo-10:2.1.2-23.el7_1.6.x86_64",
"product_id": "qemu-kvm-rhev-debuginfo-10:2.1.2-23.el7_1.6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qemu-kvm-rhev-debuginfo@2.1.2-23.el7_1.6?arch=x86_64\u0026epoch=10"
}
}
},
{
"category": "product_version",
"name": "libcacard-devel-rhev-10:2.1.2-23.el7_1.6.x86_64",
"product": {
"name": "libcacard-devel-rhev-10:2.1.2-23.el7_1.6.x86_64",
"product_id": "libcacard-devel-rhev-10:2.1.2-23.el7_1.6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libcacard-devel-rhev@2.1.2-23.el7_1.6?arch=x86_64\u0026epoch=10"
}
}
},
{
"category": "product_version",
"name": "qemu-kvm-tools-rhev-10:2.1.2-23.el7_1.6.x86_64",
"product": {
"name": "qemu-kvm-tools-rhev-10:2.1.2-23.el7_1.6.x86_64",
"product_id": "qemu-kvm-tools-rhev-10:2.1.2-23.el7_1.6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qemu-kvm-tools-rhev@2.1.2-23.el7_1.6?arch=x86_64\u0026epoch=10"
}
}
},
{
"category": "product_version",
"name": "libcacard-tools-rhev-10:2.1.2-23.el7_1.6.x86_64",
"product": {
"name": "libcacard-tools-rhev-10:2.1.2-23.el7_1.6.x86_64",
"product_id": "libcacard-tools-rhev-10:2.1.2-23.el7_1.6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libcacard-tools-rhev@2.1.2-23.el7_1.6?arch=x86_64\u0026epoch=10"
}
}
},
{
"category": "product_version",
"name": "libcacard-rhev-10:2.1.2-23.el7_1.6.x86_64",
"product": {
"name": "libcacard-rhev-10:2.1.2-23.el7_1.6.x86_64",
"product_id": "libcacard-rhev-10:2.1.2-23.el7_1.6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libcacard-rhev@2.1.2-23.el7_1.6?arch=x86_64\u0026epoch=10"
}
}
},
{
"category": "product_version",
"name": "qemu-img-rhev-10:2.1.2-23.el7_1.6.x86_64",
"product": {
"name": "qemu-img-rhev-10:2.1.2-23.el7_1.6.x86_64",
"product_id": "qemu-img-rhev-10:2.1.2-23.el7_1.6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qemu-img-rhev@2.1.2-23.el7_1.6?arch=x86_64\u0026epoch=10"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "qemu-kvm-rhev-10:2.1.2-23.el7_1.6.src",
"product": {
"name": "qemu-kvm-rhev-10:2.1.2-23.el7_1.6.src",
"product_id": "qemu-kvm-rhev-10:2.1.2-23.el7_1.6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qemu-kvm-rhev@2.1.2-23.el7_1.6?arch=src\u0026epoch=10"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libcacard-devel-rhev-10:2.1.2-23.el7_1.6.x86_64 as a component of Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7",
"product_id": "7Server-RH7-RHOS-5.0:libcacard-devel-rhev-10:2.1.2-23.el7_1.6.x86_64"
},
"product_reference": "libcacard-devel-rhev-10:2.1.2-23.el7_1.6.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOS-5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcacard-rhev-10:2.1.2-23.el7_1.6.x86_64 as a component of Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7",
"product_id": "7Server-RH7-RHOS-5.0:libcacard-rhev-10:2.1.2-23.el7_1.6.x86_64"
},
"product_reference": "libcacard-rhev-10:2.1.2-23.el7_1.6.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOS-5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcacard-tools-rhev-10:2.1.2-23.el7_1.6.x86_64 as a component of Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7",
"product_id": "7Server-RH7-RHOS-5.0:libcacard-tools-rhev-10:2.1.2-23.el7_1.6.x86_64"
},
"product_reference": "libcacard-tools-rhev-10:2.1.2-23.el7_1.6.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOS-5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-img-rhev-10:2.1.2-23.el7_1.6.x86_64 as a component of Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7",
"product_id": "7Server-RH7-RHOS-5.0:qemu-img-rhev-10:2.1.2-23.el7_1.6.x86_64"
},
"product_reference": "qemu-img-rhev-10:2.1.2-23.el7_1.6.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOS-5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-common-rhev-10:2.1.2-23.el7_1.6.x86_64 as a component of Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7",
"product_id": "7Server-RH7-RHOS-5.0:qemu-kvm-common-rhev-10:2.1.2-23.el7_1.6.x86_64"
},
"product_reference": "qemu-kvm-common-rhev-10:2.1.2-23.el7_1.6.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOS-5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-rhev-10:2.1.2-23.el7_1.6.src as a component of Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7",
"product_id": "7Server-RH7-RHOS-5.0:qemu-kvm-rhev-10:2.1.2-23.el7_1.6.src"
},
"product_reference": "qemu-kvm-rhev-10:2.1.2-23.el7_1.6.src",
"relates_to_product_reference": "7Server-RH7-RHOS-5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-rhev-10:2.1.2-23.el7_1.6.x86_64 as a component of Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7",
"product_id": "7Server-RH7-RHOS-5.0:qemu-kvm-rhev-10:2.1.2-23.el7_1.6.x86_64"
},
"product_reference": "qemu-kvm-rhev-10:2.1.2-23.el7_1.6.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOS-5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-rhev-debuginfo-10:2.1.2-23.el7_1.6.x86_64 as a component of Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7",
"product_id": "7Server-RH7-RHOS-5.0:qemu-kvm-rhev-debuginfo-10:2.1.2-23.el7_1.6.x86_64"
},
"product_reference": "qemu-kvm-rhev-debuginfo-10:2.1.2-23.el7_1.6.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOS-5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-tools-rhev-10:2.1.2-23.el7_1.6.x86_64 as a component of Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7",
"product_id": "7Server-RH7-RHOS-5.0:qemu-kvm-tools-rhev-10:2.1.2-23.el7_1.6.x86_64"
},
"product_reference": "qemu-kvm-tools-rhev-10:2.1.2-23.el7_1.6.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOS-5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcacard-devel-rhev-10:2.1.2-23.el7_1.6.x86_64 as a component of Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7",
"product_id": "7Server-RH7-RHOS-6.0:libcacard-devel-rhev-10:2.1.2-23.el7_1.6.x86_64"
},
"product_reference": "libcacard-devel-rhev-10:2.1.2-23.el7_1.6.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOS-6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcacard-rhev-10:2.1.2-23.el7_1.6.x86_64 as a component of Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7",
"product_id": "7Server-RH7-RHOS-6.0:libcacard-rhev-10:2.1.2-23.el7_1.6.x86_64"
},
"product_reference": "libcacard-rhev-10:2.1.2-23.el7_1.6.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOS-6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcacard-tools-rhev-10:2.1.2-23.el7_1.6.x86_64 as a component of Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7",
"product_id": "7Server-RH7-RHOS-6.0:libcacard-tools-rhev-10:2.1.2-23.el7_1.6.x86_64"
},
"product_reference": "libcacard-tools-rhev-10:2.1.2-23.el7_1.6.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOS-6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-img-rhev-10:2.1.2-23.el7_1.6.x86_64 as a component of Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7",
"product_id": "7Server-RH7-RHOS-6.0:qemu-img-rhev-10:2.1.2-23.el7_1.6.x86_64"
},
"product_reference": "qemu-img-rhev-10:2.1.2-23.el7_1.6.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOS-6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-common-rhev-10:2.1.2-23.el7_1.6.x86_64 as a component of Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7",
"product_id": "7Server-RH7-RHOS-6.0:qemu-kvm-common-rhev-10:2.1.2-23.el7_1.6.x86_64"
},
"product_reference": "qemu-kvm-common-rhev-10:2.1.2-23.el7_1.6.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOS-6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-rhev-10:2.1.2-23.el7_1.6.src as a component of Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7",
"product_id": "7Server-RH7-RHOS-6.0:qemu-kvm-rhev-10:2.1.2-23.el7_1.6.src"
},
"product_reference": "qemu-kvm-rhev-10:2.1.2-23.el7_1.6.src",
"relates_to_product_reference": "7Server-RH7-RHOS-6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-rhev-10:2.1.2-23.el7_1.6.x86_64 as a component of Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7",
"product_id": "7Server-RH7-RHOS-6.0:qemu-kvm-rhev-10:2.1.2-23.el7_1.6.x86_64"
},
"product_reference": "qemu-kvm-rhev-10:2.1.2-23.el7_1.6.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOS-6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-rhev-debuginfo-10:2.1.2-23.el7_1.6.x86_64 as a component of Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7",
"product_id": "7Server-RH7-RHOS-6.0:qemu-kvm-rhev-debuginfo-10:2.1.2-23.el7_1.6.x86_64"
},
"product_reference": "qemu-kvm-rhev-debuginfo-10:2.1.2-23.el7_1.6.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOS-6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-tools-rhev-10:2.1.2-23.el7_1.6.x86_64 as a component of Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7",
"product_id": "7Server-RH7-RHOS-6.0:qemu-kvm-tools-rhev-10:2.1.2-23.el7_1.6.x86_64"
},
"product_reference": "qemu-kvm-tools-rhev-10:2.1.2-23.el7_1.6.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOS-6.0"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Matt Tait"
],
"organization": "Google\u0027s Project Zero security team"
}
],
"cve": "CVE-2015-3214",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2015-06-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1229640"
}
],
"notes": [
{
"category": "description",
"text": "An out-of-bounds memory access flaw, leading to memory corruption or possibly an information leak, was found in QEMU\u0027s pit_ioport_read() function. A privileged guest user in a QEMU guest, which had QEMU PIT emulation enabled, could potentially, in rare cases, use this flaw to execute arbitrary code on the host with the privileges of the hosting QEMU process.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "qemu/kvm: i8254: out-of-bounds memory access in pit_ioport_read function",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue does not affect the versions of the qemu and qemu-kvm packages as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise Linux 6 based versions of qemu-kvm-rhev packages as shipped with Red Hat Enterprise Virtualization 3. \n\nThis issue does affect the Red Hat Enterprise Linux 7 qemu-kvm and Red Hat Enterprise Linux 7 based versions of the qemu-kvm-rhev packages as shipped with Red Hat Enterprise Virtualization 3. Future updates for the respective releases may address this flaw.\n\nPlease note that by default QEMU/KVM guests use in-kernel (KVM) PIT emulation\nin which case the following applies:\n\nThis issue does not affect the Linux kernel versions as shipped with Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise Linux MRG 2.\n\nThis issue does affect the kvm package as shipped with Red Hat Enterprise Linux 5. \n\nRed Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOS-5.0:libcacard-devel-rhev-10:2.1.2-23.el7_1.6.x86_64",
"7Server-RH7-RHOS-5.0:libcacard-rhev-10:2.1.2-23.el7_1.6.x86_64",
"7Server-RH7-RHOS-5.0:libcacard-tools-rhev-10:2.1.2-23.el7_1.6.x86_64",
"7Server-RH7-RHOS-5.0:qemu-img-rhev-10:2.1.2-23.el7_1.6.x86_64",
"7Server-RH7-RHOS-5.0:qemu-kvm-common-rhev-10:2.1.2-23.el7_1.6.x86_64",
"7Server-RH7-RHOS-5.0:qemu-kvm-rhev-10:2.1.2-23.el7_1.6.src",
"7Server-RH7-RHOS-5.0:qemu-kvm-rhev-10:2.1.2-23.el7_1.6.x86_64",
"7Server-RH7-RHOS-5.0:qemu-kvm-rhev-debuginfo-10:2.1.2-23.el7_1.6.x86_64",
"7Server-RH7-RHOS-5.0:qemu-kvm-tools-rhev-10:2.1.2-23.el7_1.6.x86_64",
"7Server-RH7-RHOS-6.0:libcacard-devel-rhev-10:2.1.2-23.el7_1.6.x86_64",
"7Server-RH7-RHOS-6.0:libcacard-rhev-10:2.1.2-23.el7_1.6.x86_64",
"7Server-RH7-RHOS-6.0:libcacard-tools-rhev-10:2.1.2-23.el7_1.6.x86_64",
"7Server-RH7-RHOS-6.0:qemu-img-rhev-10:2.1.2-23.el7_1.6.x86_64",
"7Server-RH7-RHOS-6.0:qemu-kvm-common-rhev-10:2.1.2-23.el7_1.6.x86_64",
"7Server-RH7-RHOS-6.0:qemu-kvm-rhev-10:2.1.2-23.el7_1.6.src",
"7Server-RH7-RHOS-6.0:qemu-kvm-rhev-10:2.1.2-23.el7_1.6.x86_64",
"7Server-RH7-RHOS-6.0:qemu-kvm-rhev-debuginfo-10:2.1.2-23.el7_1.6.x86_64",
"7Server-RH7-RHOS-6.0:qemu-kvm-tools-rhev-10:2.1.2-23.el7_1.6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-3214"
},
{
"category": "external",
"summary": "RHBZ#1229640",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1229640"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-3214",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3214"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-3214",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3214"
}
],
"release_date": "2015-06-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-07-28T17:50:13+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RH7-RHOS-5.0:libcacard-devel-rhev-10:2.1.2-23.el7_1.6.x86_64",
"7Server-RH7-RHOS-5.0:libcacard-rhev-10:2.1.2-23.el7_1.6.x86_64",
"7Server-RH7-RHOS-5.0:libcacard-tools-rhev-10:2.1.2-23.el7_1.6.x86_64",
"7Server-RH7-RHOS-5.0:qemu-img-rhev-10:2.1.2-23.el7_1.6.x86_64",
"7Server-RH7-RHOS-5.0:qemu-kvm-common-rhev-10:2.1.2-23.el7_1.6.x86_64",
"7Server-RH7-RHOS-5.0:qemu-kvm-rhev-10:2.1.2-23.el7_1.6.src",
"7Server-RH7-RHOS-5.0:qemu-kvm-rhev-10:2.1.2-23.el7_1.6.x86_64",
"7Server-RH7-RHOS-5.0:qemu-kvm-rhev-debuginfo-10:2.1.2-23.el7_1.6.x86_64",
"7Server-RH7-RHOS-5.0:qemu-kvm-tools-rhev-10:2.1.2-23.el7_1.6.x86_64",
"7Server-RH7-RHOS-6.0:libcacard-devel-rhev-10:2.1.2-23.el7_1.6.x86_64",
"7Server-RH7-RHOS-6.0:libcacard-rhev-10:2.1.2-23.el7_1.6.x86_64",
"7Server-RH7-RHOS-6.0:libcacard-tools-rhev-10:2.1.2-23.el7_1.6.x86_64",
"7Server-RH7-RHOS-6.0:qemu-img-rhev-10:2.1.2-23.el7_1.6.x86_64",
"7Server-RH7-RHOS-6.0:qemu-kvm-common-rhev-10:2.1.2-23.el7_1.6.x86_64",
"7Server-RH7-RHOS-6.0:qemu-kvm-rhev-10:2.1.2-23.el7_1.6.src",
"7Server-RH7-RHOS-6.0:qemu-kvm-rhev-10:2.1.2-23.el7_1.6.x86_64",
"7Server-RH7-RHOS-6.0:qemu-kvm-rhev-debuginfo-10:2.1.2-23.el7_1.6.x86_64",
"7Server-RH7-RHOS-6.0:qemu-kvm-tools-rhev-10:2.1.2-23.el7_1.6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:1512"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.5,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:A/AC:H/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"products": [
"7Server-RH7-RHOS-5.0:libcacard-devel-rhev-10:2.1.2-23.el7_1.6.x86_64",
"7Server-RH7-RHOS-5.0:libcacard-rhev-10:2.1.2-23.el7_1.6.x86_64",
"7Server-RH7-RHOS-5.0:libcacard-tools-rhev-10:2.1.2-23.el7_1.6.x86_64",
"7Server-RH7-RHOS-5.0:qemu-img-rhev-10:2.1.2-23.el7_1.6.x86_64",
"7Server-RH7-RHOS-5.0:qemu-kvm-common-rhev-10:2.1.2-23.el7_1.6.x86_64",
"7Server-RH7-RHOS-5.0:qemu-kvm-rhev-10:2.1.2-23.el7_1.6.src",
"7Server-RH7-RHOS-5.0:qemu-kvm-rhev-10:2.1.2-23.el7_1.6.x86_64",
"7Server-RH7-RHOS-5.0:qemu-kvm-rhev-debuginfo-10:2.1.2-23.el7_1.6.x86_64",
"7Server-RH7-RHOS-5.0:qemu-kvm-tools-rhev-10:2.1.2-23.el7_1.6.x86_64",
"7Server-RH7-RHOS-6.0:libcacard-devel-rhev-10:2.1.2-23.el7_1.6.x86_64",
"7Server-RH7-RHOS-6.0:libcacard-rhev-10:2.1.2-23.el7_1.6.x86_64",
"7Server-RH7-RHOS-6.0:libcacard-tools-rhev-10:2.1.2-23.el7_1.6.x86_64",
"7Server-RH7-RHOS-6.0:qemu-img-rhev-10:2.1.2-23.el7_1.6.x86_64",
"7Server-RH7-RHOS-6.0:qemu-kvm-common-rhev-10:2.1.2-23.el7_1.6.x86_64",
"7Server-RH7-RHOS-6.0:qemu-kvm-rhev-10:2.1.2-23.el7_1.6.src",
"7Server-RH7-RHOS-6.0:qemu-kvm-rhev-10:2.1.2-23.el7_1.6.x86_64",
"7Server-RH7-RHOS-6.0:qemu-kvm-rhev-debuginfo-10:2.1.2-23.el7_1.6.x86_64",
"7Server-RH7-RHOS-6.0:qemu-kvm-tools-rhev-10:2.1.2-23.el7_1.6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "qemu/kvm: i8254: out-of-bounds memory access in pit_ioport_read function"
},
{
"acknowledgments": [
{
"names": [
"Kevin Wolf"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2015-5154",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2015-06-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1243563"
}
],
"notes": [
{
"category": "description",
"text": "A heap buffer overflow flaw was found in the way QEMU\u0027s IDE subsystem handled I/O buffer access while processing certain ATAPI commands. A privileged guest user in a guest with the CDROM drive enabled could potentially use this flaw to execute arbitrary code on the host with the privileges of the host\u0027s QEMU process corresponding to the guest.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "qemu: ide: atapi: heap overflow during I/O buffer memory access",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue does not affect the versions of the kvm and xen packages as shipped with Red Hat Enterprise Linux 5, the versions of the qemu-kvm packages as shipped with Red Hat Enterprise Linux 6 and the Red Hat Enterprise Linux 6 based qemu-kvm-rhev packages as shipped with Red Hat Enterprise Virtualization 3, because they did not backport the upstream commit that introduced this issue.\n\nThis issue does affect the versions of qemu-kvm packages as shipped with Red Hat Enterprise Linux 7 and versions of Red Hat Enterprise Linux 7 based qemu-kvm-rhev packages as shipped with Red Hat Enterprise Virtualization 3. Future updates for the respective releases will address this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOS-5.0:libcacard-devel-rhev-10:2.1.2-23.el7_1.6.x86_64",
"7Server-RH7-RHOS-5.0:libcacard-rhev-10:2.1.2-23.el7_1.6.x86_64",
"7Server-RH7-RHOS-5.0:libcacard-tools-rhev-10:2.1.2-23.el7_1.6.x86_64",
"7Server-RH7-RHOS-5.0:qemu-img-rhev-10:2.1.2-23.el7_1.6.x86_64",
"7Server-RH7-RHOS-5.0:qemu-kvm-common-rhev-10:2.1.2-23.el7_1.6.x86_64",
"7Server-RH7-RHOS-5.0:qemu-kvm-rhev-10:2.1.2-23.el7_1.6.src",
"7Server-RH7-RHOS-5.0:qemu-kvm-rhev-10:2.1.2-23.el7_1.6.x86_64",
"7Server-RH7-RHOS-5.0:qemu-kvm-rhev-debuginfo-10:2.1.2-23.el7_1.6.x86_64",
"7Server-RH7-RHOS-5.0:qemu-kvm-tools-rhev-10:2.1.2-23.el7_1.6.x86_64",
"7Server-RH7-RHOS-6.0:libcacard-devel-rhev-10:2.1.2-23.el7_1.6.x86_64",
"7Server-RH7-RHOS-6.0:libcacard-rhev-10:2.1.2-23.el7_1.6.x86_64",
"7Server-RH7-RHOS-6.0:libcacard-tools-rhev-10:2.1.2-23.el7_1.6.x86_64",
"7Server-RH7-RHOS-6.0:qemu-img-rhev-10:2.1.2-23.el7_1.6.x86_64",
"7Server-RH7-RHOS-6.0:qemu-kvm-common-rhev-10:2.1.2-23.el7_1.6.x86_64",
"7Server-RH7-RHOS-6.0:qemu-kvm-rhev-10:2.1.2-23.el7_1.6.src",
"7Server-RH7-RHOS-6.0:qemu-kvm-rhev-10:2.1.2-23.el7_1.6.x86_64",
"7Server-RH7-RHOS-6.0:qemu-kvm-rhev-debuginfo-10:2.1.2-23.el7_1.6.x86_64",
"7Server-RH7-RHOS-6.0:qemu-kvm-tools-rhev-10:2.1.2-23.el7_1.6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-5154"
},
{
"category": "external",
"summary": "RHBZ#1243563",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1243563"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-5154",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5154"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-5154",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5154"
}
],
"release_date": "2015-07-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-07-28T17:50:13+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RH7-RHOS-5.0:libcacard-devel-rhev-10:2.1.2-23.el7_1.6.x86_64",
"7Server-RH7-RHOS-5.0:libcacard-rhev-10:2.1.2-23.el7_1.6.x86_64",
"7Server-RH7-RHOS-5.0:libcacard-tools-rhev-10:2.1.2-23.el7_1.6.x86_64",
"7Server-RH7-RHOS-5.0:qemu-img-rhev-10:2.1.2-23.el7_1.6.x86_64",
"7Server-RH7-RHOS-5.0:qemu-kvm-common-rhev-10:2.1.2-23.el7_1.6.x86_64",
"7Server-RH7-RHOS-5.0:qemu-kvm-rhev-10:2.1.2-23.el7_1.6.src",
"7Server-RH7-RHOS-5.0:qemu-kvm-rhev-10:2.1.2-23.el7_1.6.x86_64",
"7Server-RH7-RHOS-5.0:qemu-kvm-rhev-debuginfo-10:2.1.2-23.el7_1.6.x86_64",
"7Server-RH7-RHOS-5.0:qemu-kvm-tools-rhev-10:2.1.2-23.el7_1.6.x86_64",
"7Server-RH7-RHOS-6.0:libcacard-devel-rhev-10:2.1.2-23.el7_1.6.x86_64",
"7Server-RH7-RHOS-6.0:libcacard-rhev-10:2.1.2-23.el7_1.6.x86_64",
"7Server-RH7-RHOS-6.0:libcacard-tools-rhev-10:2.1.2-23.el7_1.6.x86_64",
"7Server-RH7-RHOS-6.0:qemu-img-rhev-10:2.1.2-23.el7_1.6.x86_64",
"7Server-RH7-RHOS-6.0:qemu-kvm-common-rhev-10:2.1.2-23.el7_1.6.x86_64",
"7Server-RH7-RHOS-6.0:qemu-kvm-rhev-10:2.1.2-23.el7_1.6.src",
"7Server-RH7-RHOS-6.0:qemu-kvm-rhev-10:2.1.2-23.el7_1.6.x86_64",
"7Server-RH7-RHOS-6.0:qemu-kvm-rhev-debuginfo-10:2.1.2-23.el7_1.6.x86_64",
"7Server-RH7-RHOS-6.0:qemu-kvm-tools-rhev-10:2.1.2-23.el7_1.6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:1512"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.5,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:A/AC:H/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"products": [
"7Server-RH7-RHOS-5.0:libcacard-devel-rhev-10:2.1.2-23.el7_1.6.x86_64",
"7Server-RH7-RHOS-5.0:libcacard-rhev-10:2.1.2-23.el7_1.6.x86_64",
"7Server-RH7-RHOS-5.0:libcacard-tools-rhev-10:2.1.2-23.el7_1.6.x86_64",
"7Server-RH7-RHOS-5.0:qemu-img-rhev-10:2.1.2-23.el7_1.6.x86_64",
"7Server-RH7-RHOS-5.0:qemu-kvm-common-rhev-10:2.1.2-23.el7_1.6.x86_64",
"7Server-RH7-RHOS-5.0:qemu-kvm-rhev-10:2.1.2-23.el7_1.6.src",
"7Server-RH7-RHOS-5.0:qemu-kvm-rhev-10:2.1.2-23.el7_1.6.x86_64",
"7Server-RH7-RHOS-5.0:qemu-kvm-rhev-debuginfo-10:2.1.2-23.el7_1.6.x86_64",
"7Server-RH7-RHOS-5.0:qemu-kvm-tools-rhev-10:2.1.2-23.el7_1.6.x86_64",
"7Server-RH7-RHOS-6.0:libcacard-devel-rhev-10:2.1.2-23.el7_1.6.x86_64",
"7Server-RH7-RHOS-6.0:libcacard-rhev-10:2.1.2-23.el7_1.6.x86_64",
"7Server-RH7-RHOS-6.0:libcacard-tools-rhev-10:2.1.2-23.el7_1.6.x86_64",
"7Server-RH7-RHOS-6.0:qemu-img-rhev-10:2.1.2-23.el7_1.6.x86_64",
"7Server-RH7-RHOS-6.0:qemu-kvm-common-rhev-10:2.1.2-23.el7_1.6.x86_64",
"7Server-RH7-RHOS-6.0:qemu-kvm-rhev-10:2.1.2-23.el7_1.6.src",
"7Server-RH7-RHOS-6.0:qemu-kvm-rhev-10:2.1.2-23.el7_1.6.x86_64",
"7Server-RH7-RHOS-6.0:qemu-kvm-rhev-debuginfo-10:2.1.2-23.el7_1.6.x86_64",
"7Server-RH7-RHOS-6.0:qemu-kvm-tools-rhev-10:2.1.2-23.el7_1.6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "qemu: ide: atapi: heap overflow during I/O buffer memory access"
}
]
}
SUSE-SU-2015:1299-1
Vulnerability from csaf_suse - Published: 2015-07-17 09:12 - Updated: 2015-07-17 09:12Summary
Security update for xen
Severity
Important
Notes
Title of the patch: Security update for xen
Description of the patch: xen was updated to fix two security issues.
These security issues were fixed:
- CVE-2015-3259: xl command line config handling stack overflow (bsc#935634, XSA-137).
- CVE-2015-5154: Host code execution via IDE subsystem CD-ROM (bsc#938344).
This non-security issue was fixed:
- Kdump did not work in a XEN environment (bsc#925466).
Patchnames: sdksp4-xen-12007,sledsp4-xen-12007,slessp4-xen-12007
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
35 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Desktop 11 SP4:xen-4.4.2_10-5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 11 SP4:xen-doc-html-4.4.2_10-5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 11 SP4:xen-kmp-default-4.4.2_10_3.0.101_63-5.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 11 SP4:xen-kmp-default-4.4.2_10_3.0.101_63-5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 11 SP4:xen-kmp-pae-4.4.2_10_3.0.101_63-5.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 11 SP4:xen-libs-32bit-4.4.2_10-5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 11 SP4:xen-libs-4.4.2_10-5.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 11 SP4:xen-libs-4.4.2_10-5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 11 SP4:xen-tools-4.4.2_10-5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 11 SP4:xen-tools-domU-4.4.2_10-5.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 11 SP4:xen-tools-domU-4.4.2_10-5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:xen-4.4.2_10-5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.2_10-5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.2_10_3.0.101_63-5.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.2_10_3.0.101_63-5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.2_10_3.0.101_63-5.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:xen-libs-32bit-4.4.2_10-5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.2_10-5.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.2_10-5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:xen-tools-4.4.2_10-5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.2_10-5.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.2_10-5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-4.4.2_10-5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-doc-html-4.4.2_10-5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.2_10_3.0.101_63-5.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.2_10_3.0.101_63-5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-pae-4.4.2_10_3.0.101_63-5.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-32bit-4.4.2_10-5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.2_10-5.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.2_10-5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-4.4.2_10-5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.2_10-5.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.2_10-5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.2_10-5.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.2_10-5.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
35 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Desktop 11 SP4:xen-4.4.2_10-5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 11 SP4:xen-doc-html-4.4.2_10-5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 11 SP4:xen-kmp-default-4.4.2_10_3.0.101_63-5.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 11 SP4:xen-kmp-default-4.4.2_10_3.0.101_63-5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 11 SP4:xen-kmp-pae-4.4.2_10_3.0.101_63-5.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 11 SP4:xen-libs-32bit-4.4.2_10-5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 11 SP4:xen-libs-4.4.2_10-5.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 11 SP4:xen-libs-4.4.2_10-5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 11 SP4:xen-tools-4.4.2_10-5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 11 SP4:xen-tools-domU-4.4.2_10-5.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 11 SP4:xen-tools-domU-4.4.2_10-5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:xen-4.4.2_10-5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.2_10-5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.2_10_3.0.101_63-5.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.2_10_3.0.101_63-5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.2_10_3.0.101_63-5.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:xen-libs-32bit-4.4.2_10-5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.2_10-5.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.2_10-5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:xen-tools-4.4.2_10-5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.2_10-5.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.2_10-5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-4.4.2_10-5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-doc-html-4.4.2_10-5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.2_10_3.0.101_63-5.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.2_10_3.0.101_63-5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-pae-4.4.2_10_3.0.101_63-5.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-32bit-4.4.2_10-5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.2_10-5.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.2_10-5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-4.4.2_10-5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.2_10-5.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.2_10-5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.2_10-5.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.2_10-5.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
17 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for xen",
"title": "Title of the patch"
},
{
"category": "description",
"text": "xen was updated to fix two security issues.\n\nThese security issues were fixed:\n- CVE-2015-3259: xl command line config handling stack overflow (bsc#935634, XSA-137).\n- CVE-2015-5154: Host code execution via IDE subsystem CD-ROM (bsc#938344).\n\nThis non-security issue was fixed:\n- Kdump did not work in a XEN environment (bsc#925466).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "sdksp4-xen-12007,sledsp4-xen-12007,slessp4-xen-12007",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2015_1299-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2015:1299-1",
"url": "https://www.suse.com/support/update/announcement/2015/suse-su-20151299-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2015:1299-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2015-July/001509.html"
},
{
"category": "self",
"summary": "SUSE Bug 925466",
"url": "https://bugzilla.suse.com/925466"
},
{
"category": "self",
"summary": "SUSE Bug 935634",
"url": "https://bugzilla.suse.com/935634"
},
{
"category": "self",
"summary": "SUSE Bug 938344",
"url": "https://bugzilla.suse.com/938344"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-3259 page",
"url": "https://www.suse.com/security/cve/CVE-2015-3259/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-5154 page",
"url": "https://www.suse.com/security/cve/CVE-2015-5154/"
}
],
"title": "Security update for xen",
"tracking": {
"current_release_date": "2015-07-17T09:12:52Z",
"generator": {
"date": "2015-07-17T09:12:52Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2015:1299-1",
"initial_release_date": "2015-07-17T09:12:52Z",
"revision_history": [
{
"date": "2015-07-17T09:12:52Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "xen-devel-4.4.2_10-5.1.i586",
"product": {
"name": "xen-devel-4.4.2_10-5.1.i586",
"product_id": "xen-devel-4.4.2_10-5.1.i586"
}
},
{
"category": "product_version",
"name": "xen-kmp-default-4.4.2_10_3.0.101_63-5.1.i586",
"product": {
"name": "xen-kmp-default-4.4.2_10_3.0.101_63-5.1.i586",
"product_id": "xen-kmp-default-4.4.2_10_3.0.101_63-5.1.i586"
}
},
{
"category": "product_version",
"name": "xen-kmp-pae-4.4.2_10_3.0.101_63-5.1.i586",
"product": {
"name": "xen-kmp-pae-4.4.2_10_3.0.101_63-5.1.i586",
"product_id": "xen-kmp-pae-4.4.2_10_3.0.101_63-5.1.i586"
}
},
{
"category": "product_version",
"name": "xen-libs-4.4.2_10-5.1.i586",
"product": {
"name": "xen-libs-4.4.2_10-5.1.i586",
"product_id": "xen-libs-4.4.2_10-5.1.i586"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.4.2_10-5.1.i586",
"product": {
"name": "xen-tools-domU-4.4.2_10-5.1.i586",
"product_id": "xen-tools-domU-4.4.2_10-5.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-devel-4.4.2_10-5.1.x86_64",
"product": {
"name": "xen-devel-4.4.2_10-5.1.x86_64",
"product_id": "xen-devel-4.4.2_10-5.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-4.4.2_10-5.1.x86_64",
"product": {
"name": "xen-4.4.2_10-5.1.x86_64",
"product_id": "xen-4.4.2_10-5.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.4.2_10-5.1.x86_64",
"product": {
"name": "xen-doc-html-4.4.2_10-5.1.x86_64",
"product_id": "xen-doc-html-4.4.2_10-5.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-kmp-default-4.4.2_10_3.0.101_63-5.1.x86_64",
"product": {
"name": "xen-kmp-default-4.4.2_10_3.0.101_63-5.1.x86_64",
"product_id": "xen-kmp-default-4.4.2_10_3.0.101_63-5.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.4.2_10-5.1.x86_64",
"product": {
"name": "xen-libs-4.4.2_10-5.1.x86_64",
"product_id": "xen-libs-4.4.2_10-5.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-32bit-4.4.2_10-5.1.x86_64",
"product": {
"name": "xen-libs-32bit-4.4.2_10-5.1.x86_64",
"product_id": "xen-libs-32bit-4.4.2_10-5.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.4.2_10-5.1.x86_64",
"product": {
"name": "xen-tools-4.4.2_10-5.1.x86_64",
"product_id": "xen-tools-4.4.2_10-5.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.4.2_10-5.1.x86_64",
"product": {
"name": "xen-tools-domU-4.4.2_10-5.1.x86_64",
"product_id": "xen-tools-domU-4.4.2_10-5.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 11 SP4",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_identification_helper": {
"cpe": "cpe:/a:suse:sle-sdk:11:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Desktop 11 SP4",
"product": {
"name": "SUSE Linux Enterprise Desktop 11 SP4",
"product_id": "SUSE Linux Enterprise Desktop 11 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_sled:11:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 11 SP4",
"product": {
"name": "SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_sles:11:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:11:sp4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.4.2_10-5.1.i586 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.2_10-5.1.i586"
},
"product_reference": "xen-devel-4.4.2_10-5.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.4.2_10-5.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.2_10-5.1.x86_64"
},
"product_reference": "xen-devel-4.4.2_10-5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.4.2_10-5.1.x86_64 as component of SUSE Linux Enterprise Desktop 11 SP4",
"product_id": "SUSE Linux Enterprise Desktop 11 SP4:xen-4.4.2_10-5.1.x86_64"
},
"product_reference": "xen-4.4.2_10-5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.4.2_10-5.1.x86_64 as component of SUSE Linux Enterprise Desktop 11 SP4",
"product_id": "SUSE Linux Enterprise Desktop 11 SP4:xen-doc-html-4.4.2_10-5.1.x86_64"
},
"product_reference": "xen-doc-html-4.4.2_10-5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-default-4.4.2_10_3.0.101_63-5.1.i586 as component of SUSE Linux Enterprise Desktop 11 SP4",
"product_id": "SUSE Linux Enterprise Desktop 11 SP4:xen-kmp-default-4.4.2_10_3.0.101_63-5.1.i586"
},
"product_reference": "xen-kmp-default-4.4.2_10_3.0.101_63-5.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-default-4.4.2_10_3.0.101_63-5.1.x86_64 as component of SUSE Linux Enterprise Desktop 11 SP4",
"product_id": "SUSE Linux Enterprise Desktop 11 SP4:xen-kmp-default-4.4.2_10_3.0.101_63-5.1.x86_64"
},
"product_reference": "xen-kmp-default-4.4.2_10_3.0.101_63-5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-pae-4.4.2_10_3.0.101_63-5.1.i586 as component of SUSE Linux Enterprise Desktop 11 SP4",
"product_id": "SUSE Linux Enterprise Desktop 11 SP4:xen-kmp-pae-4.4.2_10_3.0.101_63-5.1.i586"
},
"product_reference": "xen-kmp-pae-4.4.2_10_3.0.101_63-5.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.4.2_10-5.1.i586 as component of SUSE Linux Enterprise Desktop 11 SP4",
"product_id": "SUSE Linux Enterprise Desktop 11 SP4:xen-libs-4.4.2_10-5.1.i586"
},
"product_reference": "xen-libs-4.4.2_10-5.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.4.2_10-5.1.x86_64 as component of SUSE Linux Enterprise Desktop 11 SP4",
"product_id": "SUSE Linux Enterprise Desktop 11 SP4:xen-libs-4.4.2_10-5.1.x86_64"
},
"product_reference": "xen-libs-4.4.2_10-5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.4.2_10-5.1.x86_64 as component of SUSE Linux Enterprise Desktop 11 SP4",
"product_id": "SUSE Linux Enterprise Desktop 11 SP4:xen-libs-32bit-4.4.2_10-5.1.x86_64"
},
"product_reference": "xen-libs-32bit-4.4.2_10-5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.4.2_10-5.1.x86_64 as component of SUSE Linux Enterprise Desktop 11 SP4",
"product_id": "SUSE Linux Enterprise Desktop 11 SP4:xen-tools-4.4.2_10-5.1.x86_64"
},
"product_reference": "xen-tools-4.4.2_10-5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.4.2_10-5.1.i586 as component of SUSE Linux Enterprise Desktop 11 SP4",
"product_id": "SUSE Linux Enterprise Desktop 11 SP4:xen-tools-domU-4.4.2_10-5.1.i586"
},
"product_reference": "xen-tools-domU-4.4.2_10-5.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.4.2_10-5.1.x86_64 as component of SUSE Linux Enterprise Desktop 11 SP4",
"product_id": "SUSE Linux Enterprise Desktop 11 SP4:xen-tools-domU-4.4.2_10-5.1.x86_64"
},
"product_reference": "xen-tools-domU-4.4.2_10-5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.4.2_10-5.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:xen-4.4.2_10-5.1.x86_64"
},
"product_reference": "xen-4.4.2_10-5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.4.2_10-5.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.2_10-5.1.x86_64"
},
"product_reference": "xen-doc-html-4.4.2_10-5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-default-4.4.2_10_3.0.101_63-5.1.i586 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.2_10_3.0.101_63-5.1.i586"
},
"product_reference": "xen-kmp-default-4.4.2_10_3.0.101_63-5.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-default-4.4.2_10_3.0.101_63-5.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.2_10_3.0.101_63-5.1.x86_64"
},
"product_reference": "xen-kmp-default-4.4.2_10_3.0.101_63-5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-pae-4.4.2_10_3.0.101_63-5.1.i586 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.2_10_3.0.101_63-5.1.i586"
},
"product_reference": "xen-kmp-pae-4.4.2_10_3.0.101_63-5.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.4.2_10-5.1.i586 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.2_10-5.1.i586"
},
"product_reference": "xen-libs-4.4.2_10-5.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.4.2_10-5.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.2_10-5.1.x86_64"
},
"product_reference": "xen-libs-4.4.2_10-5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.4.2_10-5.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:xen-libs-32bit-4.4.2_10-5.1.x86_64"
},
"product_reference": "xen-libs-32bit-4.4.2_10-5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.4.2_10-5.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:xen-tools-4.4.2_10-5.1.x86_64"
},
"product_reference": "xen-tools-4.4.2_10-5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.4.2_10-5.1.i586 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.2_10-5.1.i586"
},
"product_reference": "xen-tools-domU-4.4.2_10-5.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.4.2_10-5.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.2_10-5.1.x86_64"
},
"product_reference": "xen-tools-domU-4.4.2_10-5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.4.2_10-5.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-4.4.2_10-5.1.x86_64"
},
"product_reference": "xen-4.4.2_10-5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.4.2_10-5.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-doc-html-4.4.2_10-5.1.x86_64"
},
"product_reference": "xen-doc-html-4.4.2_10-5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-default-4.4.2_10_3.0.101_63-5.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.2_10_3.0.101_63-5.1.i586"
},
"product_reference": "xen-kmp-default-4.4.2_10_3.0.101_63-5.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-default-4.4.2_10_3.0.101_63-5.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.2_10_3.0.101_63-5.1.x86_64"
},
"product_reference": "xen-kmp-default-4.4.2_10_3.0.101_63-5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-pae-4.4.2_10_3.0.101_63-5.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-pae-4.4.2_10_3.0.101_63-5.1.i586"
},
"product_reference": "xen-kmp-pae-4.4.2_10_3.0.101_63-5.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.4.2_10-5.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.2_10-5.1.i586"
},
"product_reference": "xen-libs-4.4.2_10-5.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.4.2_10-5.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.2_10-5.1.x86_64"
},
"product_reference": "xen-libs-4.4.2_10-5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.4.2_10-5.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-32bit-4.4.2_10-5.1.x86_64"
},
"product_reference": "xen-libs-32bit-4.4.2_10-5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.4.2_10-5.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-4.4.2_10-5.1.x86_64"
},
"product_reference": "xen-tools-4.4.2_10-5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.4.2_10-5.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.2_10-5.1.i586"
},
"product_reference": "xen-tools-domU-4.4.2_10-5.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.4.2_10-5.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.2_10-5.1.x86_64"
},
"product_reference": "xen-tools-domU-4.4.2_10-5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-3259",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-3259"
}
],
"notes": [
{
"category": "general",
"text": "Stack-based buffer overflow in the xl command line utility in Xen 4.1.x through 4.5.x allows local guest administrators to gain privileges via a long configuration argument.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 11 SP4:xen-4.4.2_10-5.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP4:xen-doc-html-4.4.2_10-5.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP4:xen-kmp-default-4.4.2_10_3.0.101_63-5.1.i586",
"SUSE Linux Enterprise Desktop 11 SP4:xen-kmp-default-4.4.2_10_3.0.101_63-5.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP4:xen-kmp-pae-4.4.2_10_3.0.101_63-5.1.i586",
"SUSE Linux Enterprise Desktop 11 SP4:xen-libs-32bit-4.4.2_10-5.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP4:xen-libs-4.4.2_10-5.1.i586",
"SUSE Linux Enterprise Desktop 11 SP4:xen-libs-4.4.2_10-5.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP4:xen-tools-4.4.2_10-5.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP4:xen-tools-domU-4.4.2_10-5.1.i586",
"SUSE Linux Enterprise Desktop 11 SP4:xen-tools-domU-4.4.2_10-5.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-4.4.2_10-5.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.2_10-5.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.2_10_3.0.101_63-5.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.2_10_3.0.101_63-5.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.2_10_3.0.101_63-5.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-32bit-4.4.2_10-5.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.2_10-5.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.2_10-5.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-4.4.2_10-5.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.2_10-5.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.2_10-5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-4.4.2_10-5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-doc-html-4.4.2_10-5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.2_10_3.0.101_63-5.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.2_10_3.0.101_63-5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-pae-4.4.2_10_3.0.101_63-5.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-32bit-4.4.2_10-5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.2_10-5.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.2_10-5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-4.4.2_10-5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.2_10-5.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.2_10-5.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.2_10-5.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.2_10-5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-3259",
"url": "https://www.suse.com/security/cve/CVE-2015-3259"
},
{
"category": "external",
"summary": "SUSE Bug 935634 for CVE-2015-3259",
"url": "https://bugzilla.suse.com/935634"
},
{
"category": "external",
"summary": "SUSE Bug 936281 for CVE-2015-3259",
"url": "https://bugzilla.suse.com/936281"
},
{
"category": "external",
"summary": "SUSE Bug 937018 for CVE-2015-3259",
"url": "https://bugzilla.suse.com/937018"
},
{
"category": "external",
"summary": "SUSE Bug 950367 for CVE-2015-3259",
"url": "https://bugzilla.suse.com/950367"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 11 SP4:xen-4.4.2_10-5.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP4:xen-doc-html-4.4.2_10-5.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP4:xen-kmp-default-4.4.2_10_3.0.101_63-5.1.i586",
"SUSE Linux Enterprise Desktop 11 SP4:xen-kmp-default-4.4.2_10_3.0.101_63-5.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP4:xen-kmp-pae-4.4.2_10_3.0.101_63-5.1.i586",
"SUSE Linux Enterprise Desktop 11 SP4:xen-libs-32bit-4.4.2_10-5.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP4:xen-libs-4.4.2_10-5.1.i586",
"SUSE Linux Enterprise Desktop 11 SP4:xen-libs-4.4.2_10-5.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP4:xen-tools-4.4.2_10-5.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP4:xen-tools-domU-4.4.2_10-5.1.i586",
"SUSE Linux Enterprise Desktop 11 SP4:xen-tools-domU-4.4.2_10-5.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-4.4.2_10-5.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.2_10-5.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.2_10_3.0.101_63-5.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.2_10_3.0.101_63-5.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.2_10_3.0.101_63-5.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-32bit-4.4.2_10-5.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.2_10-5.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.2_10-5.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-4.4.2_10-5.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.2_10-5.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.2_10-5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-4.4.2_10-5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-doc-html-4.4.2_10-5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.2_10_3.0.101_63-5.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.2_10_3.0.101_63-5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-pae-4.4.2_10_3.0.101_63-5.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-32bit-4.4.2_10-5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.2_10-5.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.2_10-5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-4.4.2_10-5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.2_10-5.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.2_10-5.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.2_10-5.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.2_10-5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2015-07-17T09:12:52Z",
"details": "moderate"
}
],
"title": "CVE-2015-3259"
},
{
"cve": "CVE-2015-5154",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-5154"
}
],
"notes": [
{
"category": "general",
"text": "Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 11 SP4:xen-4.4.2_10-5.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP4:xen-doc-html-4.4.2_10-5.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP4:xen-kmp-default-4.4.2_10_3.0.101_63-5.1.i586",
"SUSE Linux Enterprise Desktop 11 SP4:xen-kmp-default-4.4.2_10_3.0.101_63-5.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP4:xen-kmp-pae-4.4.2_10_3.0.101_63-5.1.i586",
"SUSE Linux Enterprise Desktop 11 SP4:xen-libs-32bit-4.4.2_10-5.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP4:xen-libs-4.4.2_10-5.1.i586",
"SUSE Linux Enterprise Desktop 11 SP4:xen-libs-4.4.2_10-5.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP4:xen-tools-4.4.2_10-5.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP4:xen-tools-domU-4.4.2_10-5.1.i586",
"SUSE Linux Enterprise Desktop 11 SP4:xen-tools-domU-4.4.2_10-5.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-4.4.2_10-5.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.2_10-5.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.2_10_3.0.101_63-5.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.2_10_3.0.101_63-5.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.2_10_3.0.101_63-5.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-32bit-4.4.2_10-5.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.2_10-5.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.2_10-5.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-4.4.2_10-5.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.2_10-5.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.2_10-5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-4.4.2_10-5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-doc-html-4.4.2_10-5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.2_10_3.0.101_63-5.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.2_10_3.0.101_63-5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-pae-4.4.2_10_3.0.101_63-5.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-32bit-4.4.2_10-5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.2_10-5.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.2_10-5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-4.4.2_10-5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.2_10-5.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.2_10-5.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.2_10-5.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.2_10-5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-5154",
"url": "https://www.suse.com/security/cve/CVE-2015-5154"
},
{
"category": "external",
"summary": "SUSE Bug 938344 for CVE-2015-5154",
"url": "https://bugzilla.suse.com/938344"
},
{
"category": "external",
"summary": "SUSE Bug 950367 for CVE-2015-5154",
"url": "https://bugzilla.suse.com/950367"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 11 SP4:xen-4.4.2_10-5.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP4:xen-doc-html-4.4.2_10-5.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP4:xen-kmp-default-4.4.2_10_3.0.101_63-5.1.i586",
"SUSE Linux Enterprise Desktop 11 SP4:xen-kmp-default-4.4.2_10_3.0.101_63-5.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP4:xen-kmp-pae-4.4.2_10_3.0.101_63-5.1.i586",
"SUSE Linux Enterprise Desktop 11 SP4:xen-libs-32bit-4.4.2_10-5.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP4:xen-libs-4.4.2_10-5.1.i586",
"SUSE Linux Enterprise Desktop 11 SP4:xen-libs-4.4.2_10-5.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP4:xen-tools-4.4.2_10-5.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP4:xen-tools-domU-4.4.2_10-5.1.i586",
"SUSE Linux Enterprise Desktop 11 SP4:xen-tools-domU-4.4.2_10-5.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-4.4.2_10-5.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.2_10-5.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.2_10_3.0.101_63-5.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.2_10_3.0.101_63-5.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.2_10_3.0.101_63-5.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-32bit-4.4.2_10-5.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.2_10-5.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.2_10-5.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-4.4.2_10-5.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.2_10-5.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.2_10-5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-4.4.2_10-5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-doc-html-4.4.2_10-5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.2_10_3.0.101_63-5.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.2_10_3.0.101_63-5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-pae-4.4.2_10_3.0.101_63-5.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-32bit-4.4.2_10-5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.2_10-5.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.2_10-5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-4.4.2_10-5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.2_10-5.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.2_10-5.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.2_10-5.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.2_10-5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2015-07-17T09:12:52Z",
"details": "important"
}
],
"title": "CVE-2015-5154"
}
]
}
SUSE-SU-2015:1302-1
Vulnerability from csaf_suse - Published: 2015-07-17 09:08 - Updated: 2015-07-17 09:08Summary
Security update for xen
Severity
Important
Notes
Title of the patch: Security update for xen
Description of the patch: xen was updated to fix two security issues.
These security issues were fixed:
- CVE-2015-3259: xl command line config handling stack overflow (bsc#935634, XSA-137).
- CVE-2015-5154: Host code execution via IDE subsystem CD-ROM (bsc#938344).
These non-security issues were fixed:
- Restart of xencommons service did lead to loss of xenstore data (bsc#935256).
- Kdump did not work in a XEN environment (bsc#925466).
Patchnames: SUSE-SLE-DESKTOP-12-2015-344,SUSE-SLE-SDK-12-2015-344,SUSE-SLE-SERVER-12-2015-344
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Desktop 12:xen-4.4.2_08-22.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12:xen-kmp-default-4.4.2_08_k3.12.43_52.6-22.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12:xen-libs-32bit-4.4.2_08-22.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12:xen-libs-4.4.2_08-22.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12:xen-4.4.2_08-22.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12:xen-doc-html-4.4.2_08-22.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12:xen-kmp-default-4.4.2_08_k3.12.43_52.6-22.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12:xen-libs-32bit-4.4.2_08-22.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12:xen-libs-4.4.2_08-22.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12:xen-tools-4.4.2_08-22.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12:xen-tools-domU-4.4.2_08-22.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12:xen-4.4.2_08-22.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12:xen-doc-html-4.4.2_08-22.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12:xen-kmp-default-4.4.2_08_k3.12.43_52.6-22.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12:xen-libs-32bit-4.4.2_08-22.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12:xen-libs-4.4.2_08-22.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12:xen-tools-4.4.2_08-22.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12:xen-tools-domU-4.4.2_08-22.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12:xen-devel-4.4.2_08-22.5.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Desktop 12:xen-4.4.2_08-22.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12:xen-kmp-default-4.4.2_08_k3.12.43_52.6-22.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12:xen-libs-32bit-4.4.2_08-22.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12:xen-libs-4.4.2_08-22.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12:xen-4.4.2_08-22.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12:xen-doc-html-4.4.2_08-22.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12:xen-kmp-default-4.4.2_08_k3.12.43_52.6-22.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12:xen-libs-32bit-4.4.2_08-22.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12:xen-libs-4.4.2_08-22.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12:xen-tools-4.4.2_08-22.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12:xen-tools-domU-4.4.2_08-22.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12:xen-4.4.2_08-22.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12:xen-doc-html-4.4.2_08-22.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12:xen-kmp-default-4.4.2_08_k3.12.43_52.6-22.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12:xen-libs-32bit-4.4.2_08-22.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12:xen-libs-4.4.2_08-22.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12:xen-tools-4.4.2_08-22.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12:xen-tools-domU-4.4.2_08-22.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12:xen-devel-4.4.2_08-22.5.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
18 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for xen",
"title": "Title of the patch"
},
{
"category": "description",
"text": "xen was updated to fix two security issues.\n\nThese security issues were fixed:\n- CVE-2015-3259: xl command line config handling stack overflow (bsc#935634, XSA-137).\n- CVE-2015-5154: Host code execution via IDE subsystem CD-ROM (bsc#938344).\n \nThese non-security issues were fixed:\n- Restart of xencommons service did lead to loss of xenstore data (bsc#935256).\n- Kdump did not work in a XEN environment (bsc#925466).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-DESKTOP-12-2015-344,SUSE-SLE-SDK-12-2015-344,SUSE-SLE-SERVER-12-2015-344",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2015_1302-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2015:1302-1",
"url": "https://www.suse.com/support/update/announcement/2015/suse-su-20151302-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2015:1302-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2015-July/001511.html"
},
{
"category": "self",
"summary": "SUSE Bug 925466",
"url": "https://bugzilla.suse.com/925466"
},
{
"category": "self",
"summary": "SUSE Bug 935256",
"url": "https://bugzilla.suse.com/935256"
},
{
"category": "self",
"summary": "SUSE Bug 935634",
"url": "https://bugzilla.suse.com/935634"
},
{
"category": "self",
"summary": "SUSE Bug 938344",
"url": "https://bugzilla.suse.com/938344"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-3259 page",
"url": "https://www.suse.com/security/cve/CVE-2015-3259/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-5154 page",
"url": "https://www.suse.com/security/cve/CVE-2015-5154/"
}
],
"title": "Security update for xen",
"tracking": {
"current_release_date": "2015-07-17T09:08:29Z",
"generator": {
"date": "2015-07-17T09:08:29Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2015:1302-1",
"initial_release_date": "2015-07-17T09:08:29Z",
"revision_history": [
{
"date": "2015-07-17T09:08:29Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "xen-4.4.2_08-22.5.1.x86_64",
"product": {
"name": "xen-4.4.2_08-22.5.1.x86_64",
"product_id": "xen-4.4.2_08-22.5.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-kmp-default-4.4.2_08_k3.12.43_52.6-22.5.1.x86_64",
"product": {
"name": "xen-kmp-default-4.4.2_08_k3.12.43_52.6-22.5.1.x86_64",
"product_id": "xen-kmp-default-4.4.2_08_k3.12.43_52.6-22.5.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.4.2_08-22.5.1.x86_64",
"product": {
"name": "xen-libs-4.4.2_08-22.5.1.x86_64",
"product_id": "xen-libs-4.4.2_08-22.5.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-32bit-4.4.2_08-22.5.1.x86_64",
"product": {
"name": "xen-libs-32bit-4.4.2_08-22.5.1.x86_64",
"product_id": "xen-libs-32bit-4.4.2_08-22.5.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-devel-4.4.2_08-22.5.1.x86_64",
"product": {
"name": "xen-devel-4.4.2_08-22.5.1.x86_64",
"product_id": "xen-devel-4.4.2_08-22.5.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.4.2_08-22.5.1.x86_64",
"product": {
"name": "xen-doc-html-4.4.2_08-22.5.1.x86_64",
"product_id": "xen-doc-html-4.4.2_08-22.5.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.4.2_08-22.5.1.x86_64",
"product": {
"name": "xen-tools-4.4.2_08-22.5.1.x86_64",
"product_id": "xen-tools-4.4.2_08-22.5.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.4.2_08-22.5.1.x86_64",
"product": {
"name": "xen-tools-domU-4.4.2_08-22.5.1.x86_64",
"product_id": "xen-tools-domU-4.4.2_08-22.5.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Desktop 12",
"product": {
"name": "SUSE Linux Enterprise Desktop 12",
"product_id": "SUSE Linux Enterprise Desktop 12",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sled:12"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 12",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 12",
"product_id": "SUSE Linux Enterprise Software Development Kit 12",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-sdk:12"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12",
"product": {
"name": "SUSE Linux Enterprise Server 12",
"product_id": "SUSE Linux Enterprise Server 12",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.4.2_08-22.5.1.x86_64 as component of SUSE Linux Enterprise Desktop 12",
"product_id": "SUSE Linux Enterprise Desktop 12:xen-4.4.2_08-22.5.1.x86_64"
},
"product_reference": "xen-4.4.2_08-22.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-default-4.4.2_08_k3.12.43_52.6-22.5.1.x86_64 as component of SUSE Linux Enterprise Desktop 12",
"product_id": "SUSE Linux Enterprise Desktop 12:xen-kmp-default-4.4.2_08_k3.12.43_52.6-22.5.1.x86_64"
},
"product_reference": "xen-kmp-default-4.4.2_08_k3.12.43_52.6-22.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.4.2_08-22.5.1.x86_64 as component of SUSE Linux Enterprise Desktop 12",
"product_id": "SUSE Linux Enterprise Desktop 12:xen-libs-4.4.2_08-22.5.1.x86_64"
},
"product_reference": "xen-libs-4.4.2_08-22.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.4.2_08-22.5.1.x86_64 as component of SUSE Linux Enterprise Desktop 12",
"product_id": "SUSE Linux Enterprise Desktop 12:xen-libs-32bit-4.4.2_08-22.5.1.x86_64"
},
"product_reference": "xen-libs-32bit-4.4.2_08-22.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.4.2_08-22.5.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12",
"product_id": "SUSE Linux Enterprise Software Development Kit 12:xen-devel-4.4.2_08-22.5.1.x86_64"
},
"product_reference": "xen-devel-4.4.2_08-22.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.4.2_08-22.5.1.x86_64 as component of SUSE Linux Enterprise Server 12",
"product_id": "SUSE Linux Enterprise Server 12:xen-4.4.2_08-22.5.1.x86_64"
},
"product_reference": "xen-4.4.2_08-22.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.4.2_08-22.5.1.x86_64 as component of SUSE Linux Enterprise Server 12",
"product_id": "SUSE Linux Enterprise Server 12:xen-doc-html-4.4.2_08-22.5.1.x86_64"
},
"product_reference": "xen-doc-html-4.4.2_08-22.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-default-4.4.2_08_k3.12.43_52.6-22.5.1.x86_64 as component of SUSE Linux Enterprise Server 12",
"product_id": "SUSE Linux Enterprise Server 12:xen-kmp-default-4.4.2_08_k3.12.43_52.6-22.5.1.x86_64"
},
"product_reference": "xen-kmp-default-4.4.2_08_k3.12.43_52.6-22.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.4.2_08-22.5.1.x86_64 as component of SUSE Linux Enterprise Server 12",
"product_id": "SUSE Linux Enterprise Server 12:xen-libs-4.4.2_08-22.5.1.x86_64"
},
"product_reference": "xen-libs-4.4.2_08-22.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.4.2_08-22.5.1.x86_64 as component of SUSE Linux Enterprise Server 12",
"product_id": "SUSE Linux Enterprise Server 12:xen-libs-32bit-4.4.2_08-22.5.1.x86_64"
},
"product_reference": "xen-libs-32bit-4.4.2_08-22.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.4.2_08-22.5.1.x86_64 as component of SUSE Linux Enterprise Server 12",
"product_id": "SUSE Linux Enterprise Server 12:xen-tools-4.4.2_08-22.5.1.x86_64"
},
"product_reference": "xen-tools-4.4.2_08-22.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.4.2_08-22.5.1.x86_64 as component of SUSE Linux Enterprise Server 12",
"product_id": "SUSE Linux Enterprise Server 12:xen-tools-domU-4.4.2_08-22.5.1.x86_64"
},
"product_reference": "xen-tools-domU-4.4.2_08-22.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.4.2_08-22.5.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12:xen-4.4.2_08-22.5.1.x86_64"
},
"product_reference": "xen-4.4.2_08-22.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.4.2_08-22.5.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12:xen-doc-html-4.4.2_08-22.5.1.x86_64"
},
"product_reference": "xen-doc-html-4.4.2_08-22.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-default-4.4.2_08_k3.12.43_52.6-22.5.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12:xen-kmp-default-4.4.2_08_k3.12.43_52.6-22.5.1.x86_64"
},
"product_reference": "xen-kmp-default-4.4.2_08_k3.12.43_52.6-22.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.4.2_08-22.5.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12:xen-libs-4.4.2_08-22.5.1.x86_64"
},
"product_reference": "xen-libs-4.4.2_08-22.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.4.2_08-22.5.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12:xen-libs-32bit-4.4.2_08-22.5.1.x86_64"
},
"product_reference": "xen-libs-32bit-4.4.2_08-22.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.4.2_08-22.5.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12:xen-tools-4.4.2_08-22.5.1.x86_64"
},
"product_reference": "xen-tools-4.4.2_08-22.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.4.2_08-22.5.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12:xen-tools-domU-4.4.2_08-22.5.1.x86_64"
},
"product_reference": "xen-tools-domU-4.4.2_08-22.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-3259",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-3259"
}
],
"notes": [
{
"category": "general",
"text": "Stack-based buffer overflow in the xl command line utility in Xen 4.1.x through 4.5.x allows local guest administrators to gain privileges via a long configuration argument.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12:xen-4.4.2_08-22.5.1.x86_64",
"SUSE Linux Enterprise Desktop 12:xen-kmp-default-4.4.2_08_k3.12.43_52.6-22.5.1.x86_64",
"SUSE Linux Enterprise Desktop 12:xen-libs-32bit-4.4.2_08-22.5.1.x86_64",
"SUSE Linux Enterprise Desktop 12:xen-libs-4.4.2_08-22.5.1.x86_64",
"SUSE Linux Enterprise Server 12:xen-4.4.2_08-22.5.1.x86_64",
"SUSE Linux Enterprise Server 12:xen-doc-html-4.4.2_08-22.5.1.x86_64",
"SUSE Linux Enterprise Server 12:xen-kmp-default-4.4.2_08_k3.12.43_52.6-22.5.1.x86_64",
"SUSE Linux Enterprise Server 12:xen-libs-32bit-4.4.2_08-22.5.1.x86_64",
"SUSE Linux Enterprise Server 12:xen-libs-4.4.2_08-22.5.1.x86_64",
"SUSE Linux Enterprise Server 12:xen-tools-4.4.2_08-22.5.1.x86_64",
"SUSE Linux Enterprise Server 12:xen-tools-domU-4.4.2_08-22.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-4.4.2_08-22.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-doc-html-4.4.2_08-22.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-kmp-default-4.4.2_08_k3.12.43_52.6-22.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-libs-32bit-4.4.2_08-22.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-libs-4.4.2_08-22.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-tools-4.4.2_08-22.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-tools-domU-4.4.2_08-22.5.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12:xen-devel-4.4.2_08-22.5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-3259",
"url": "https://www.suse.com/security/cve/CVE-2015-3259"
},
{
"category": "external",
"summary": "SUSE Bug 935634 for CVE-2015-3259",
"url": "https://bugzilla.suse.com/935634"
},
{
"category": "external",
"summary": "SUSE Bug 936281 for CVE-2015-3259",
"url": "https://bugzilla.suse.com/936281"
},
{
"category": "external",
"summary": "SUSE Bug 937018 for CVE-2015-3259",
"url": "https://bugzilla.suse.com/937018"
},
{
"category": "external",
"summary": "SUSE Bug 950367 for CVE-2015-3259",
"url": "https://bugzilla.suse.com/950367"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12:xen-4.4.2_08-22.5.1.x86_64",
"SUSE Linux Enterprise Desktop 12:xen-kmp-default-4.4.2_08_k3.12.43_52.6-22.5.1.x86_64",
"SUSE Linux Enterprise Desktop 12:xen-libs-32bit-4.4.2_08-22.5.1.x86_64",
"SUSE Linux Enterprise Desktop 12:xen-libs-4.4.2_08-22.5.1.x86_64",
"SUSE Linux Enterprise Server 12:xen-4.4.2_08-22.5.1.x86_64",
"SUSE Linux Enterprise Server 12:xen-doc-html-4.4.2_08-22.5.1.x86_64",
"SUSE Linux Enterprise Server 12:xen-kmp-default-4.4.2_08_k3.12.43_52.6-22.5.1.x86_64",
"SUSE Linux Enterprise Server 12:xen-libs-32bit-4.4.2_08-22.5.1.x86_64",
"SUSE Linux Enterprise Server 12:xen-libs-4.4.2_08-22.5.1.x86_64",
"SUSE Linux Enterprise Server 12:xen-tools-4.4.2_08-22.5.1.x86_64",
"SUSE Linux Enterprise Server 12:xen-tools-domU-4.4.2_08-22.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-4.4.2_08-22.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-doc-html-4.4.2_08-22.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-kmp-default-4.4.2_08_k3.12.43_52.6-22.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-libs-32bit-4.4.2_08-22.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-libs-4.4.2_08-22.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-tools-4.4.2_08-22.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-tools-domU-4.4.2_08-22.5.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12:xen-devel-4.4.2_08-22.5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2015-07-17T09:08:29Z",
"details": "moderate"
}
],
"title": "CVE-2015-3259"
},
{
"cve": "CVE-2015-5154",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-5154"
}
],
"notes": [
{
"category": "general",
"text": "Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12:xen-4.4.2_08-22.5.1.x86_64",
"SUSE Linux Enterprise Desktop 12:xen-kmp-default-4.4.2_08_k3.12.43_52.6-22.5.1.x86_64",
"SUSE Linux Enterprise Desktop 12:xen-libs-32bit-4.4.2_08-22.5.1.x86_64",
"SUSE Linux Enterprise Desktop 12:xen-libs-4.4.2_08-22.5.1.x86_64",
"SUSE Linux Enterprise Server 12:xen-4.4.2_08-22.5.1.x86_64",
"SUSE Linux Enterprise Server 12:xen-doc-html-4.4.2_08-22.5.1.x86_64",
"SUSE Linux Enterprise Server 12:xen-kmp-default-4.4.2_08_k3.12.43_52.6-22.5.1.x86_64",
"SUSE Linux Enterprise Server 12:xen-libs-32bit-4.4.2_08-22.5.1.x86_64",
"SUSE Linux Enterprise Server 12:xen-libs-4.4.2_08-22.5.1.x86_64",
"SUSE Linux Enterprise Server 12:xen-tools-4.4.2_08-22.5.1.x86_64",
"SUSE Linux Enterprise Server 12:xen-tools-domU-4.4.2_08-22.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-4.4.2_08-22.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-doc-html-4.4.2_08-22.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-kmp-default-4.4.2_08_k3.12.43_52.6-22.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-libs-32bit-4.4.2_08-22.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-libs-4.4.2_08-22.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-tools-4.4.2_08-22.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-tools-domU-4.4.2_08-22.5.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12:xen-devel-4.4.2_08-22.5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-5154",
"url": "https://www.suse.com/security/cve/CVE-2015-5154"
},
{
"category": "external",
"summary": "SUSE Bug 938344 for CVE-2015-5154",
"url": "https://bugzilla.suse.com/938344"
},
{
"category": "external",
"summary": "SUSE Bug 950367 for CVE-2015-5154",
"url": "https://bugzilla.suse.com/950367"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12:xen-4.4.2_08-22.5.1.x86_64",
"SUSE Linux Enterprise Desktop 12:xen-kmp-default-4.4.2_08_k3.12.43_52.6-22.5.1.x86_64",
"SUSE Linux Enterprise Desktop 12:xen-libs-32bit-4.4.2_08-22.5.1.x86_64",
"SUSE Linux Enterprise Desktop 12:xen-libs-4.4.2_08-22.5.1.x86_64",
"SUSE Linux Enterprise Server 12:xen-4.4.2_08-22.5.1.x86_64",
"SUSE Linux Enterprise Server 12:xen-doc-html-4.4.2_08-22.5.1.x86_64",
"SUSE Linux Enterprise Server 12:xen-kmp-default-4.4.2_08_k3.12.43_52.6-22.5.1.x86_64",
"SUSE Linux Enterprise Server 12:xen-libs-32bit-4.4.2_08-22.5.1.x86_64",
"SUSE Linux Enterprise Server 12:xen-libs-4.4.2_08-22.5.1.x86_64",
"SUSE Linux Enterprise Server 12:xen-tools-4.4.2_08-22.5.1.x86_64",
"SUSE Linux Enterprise Server 12:xen-tools-domU-4.4.2_08-22.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-4.4.2_08-22.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-doc-html-4.4.2_08-22.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-kmp-default-4.4.2_08_k3.12.43_52.6-22.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-libs-32bit-4.4.2_08-22.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-libs-4.4.2_08-22.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-tools-4.4.2_08-22.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-tools-domU-4.4.2_08-22.5.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12:xen-devel-4.4.2_08-22.5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2015-07-17T09:08:29Z",
"details": "important"
}
],
"title": "CVE-2015-5154"
}
]
}
SUSE-SU-2015:1408-1
Vulnerability from csaf_suse - Published: 2015-08-11 08:29 - Updated: 2015-08-11 08:29Summary
Security update for xen
Severity
Moderate
Notes
Title of the patch: Security update for xen
Description of the patch:
This security update of Xen fixes the following issues:
* bsc#939712 (XSA-140): QEMU leak of uninitialized heap
memory in rtl8139 device model (CVE-2015-5165)
* bsc#938344: qemu,kvm,xen: host code
execution via IDE subsystem CD-ROM (CVE-2015-5154)
Patchnames: slessp2-Xen-12035
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP2-LTSS:xen-4.1.6_08-17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP2-LTSS:xen-devel-4.1.6_08-17.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP2-LTSS:xen-devel-4.1.6_08-17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP2-LTSS:xen-doc-html-4.1.6_08-17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP2-LTSS:xen-doc-pdf-4.1.6_08-17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-default-4.1.6_08_3.0.101_0.7.29-17.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-default-4.1.6_08_3.0.101_0.7.29-17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-pae-4.1.6_08_3.0.101_0.7.29-17.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-trace-4.1.6_08_3.0.101_0.7.29-17.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-trace-4.1.6_08_3.0.101_0.7.29-17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP2-LTSS:xen-libs-32bit-4.1.6_08-17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP2-LTSS:xen-libs-4.1.6_08-17.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP2-LTSS:xen-libs-4.1.6_08-17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP2-LTSS:xen-tools-4.1.6_08-17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP2-LTSS:xen-tools-domU-4.1.6_08-17.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP2-LTSS:xen-tools-domU-4.1.6_08-17.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.5 (Medium)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP2-LTSS:xen-4.1.6_08-17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP2-LTSS:xen-devel-4.1.6_08-17.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP2-LTSS:xen-devel-4.1.6_08-17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP2-LTSS:xen-doc-html-4.1.6_08-17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP2-LTSS:xen-doc-pdf-4.1.6_08-17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-default-4.1.6_08_3.0.101_0.7.29-17.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-default-4.1.6_08_3.0.101_0.7.29-17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-pae-4.1.6_08_3.0.101_0.7.29-17.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-trace-4.1.6_08_3.0.101_0.7.29-17.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-trace-4.1.6_08_3.0.101_0.7.29-17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP2-LTSS:xen-libs-32bit-4.1.6_08-17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP2-LTSS:xen-libs-4.1.6_08-17.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP2-LTSS:xen-libs-4.1.6_08-17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP2-LTSS:xen-tools-4.1.6_08-17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP2-LTSS:xen-tools-domU-4.1.6_08-17.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP2-LTSS:xen-tools-domU-4.1.6_08-17.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
14 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for xen",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThis security update of Xen fixes the following issues:\n\n* bsc#939712 (XSA-140): QEMU leak of uninitialized heap\n memory in rtl8139 device model (CVE-2015-5165)\n* bsc#938344: qemu,kvm,xen: host code\n execution via IDE subsystem CD-ROM (CVE-2015-5154) \n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "slessp2-Xen-12035",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2015_1408-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2015:1408-1",
"url": "https://www.suse.com/support/update/announcement/2015/suse-su-20151408-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2015:1408-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2015-August/001543.html"
},
{
"category": "self",
"summary": "SUSE Bug 938344",
"url": "https://bugzilla.suse.com/938344"
},
{
"category": "self",
"summary": "SUSE Bug 939712",
"url": "https://bugzilla.suse.com/939712"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-5154 page",
"url": "https://www.suse.com/security/cve/CVE-2015-5154/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-5165 page",
"url": "https://www.suse.com/security/cve/CVE-2015-5165/"
}
],
"title": "Security update for xen",
"tracking": {
"current_release_date": "2015-08-11T08:29:18Z",
"generator": {
"date": "2015-08-11T08:29:18Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2015:1408-1",
"initial_release_date": "2015-08-11T08:29:18Z",
"revision_history": [
{
"date": "2015-08-11T08:29:18Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "xen-devel-4.1.6_08-17.1.i586",
"product": {
"name": "xen-devel-4.1.6_08-17.1.i586",
"product_id": "xen-devel-4.1.6_08-17.1.i586"
}
},
{
"category": "product_version",
"name": "xen-kmp-default-4.1.6_08_3.0.101_0.7.29-17.1.i586",
"product": {
"name": "xen-kmp-default-4.1.6_08_3.0.101_0.7.29-17.1.i586",
"product_id": "xen-kmp-default-4.1.6_08_3.0.101_0.7.29-17.1.i586"
}
},
{
"category": "product_version",
"name": "xen-kmp-pae-4.1.6_08_3.0.101_0.7.29-17.1.i586",
"product": {
"name": "xen-kmp-pae-4.1.6_08_3.0.101_0.7.29-17.1.i586",
"product_id": "xen-kmp-pae-4.1.6_08_3.0.101_0.7.29-17.1.i586"
}
},
{
"category": "product_version",
"name": "xen-kmp-trace-4.1.6_08_3.0.101_0.7.29-17.1.i586",
"product": {
"name": "xen-kmp-trace-4.1.6_08_3.0.101_0.7.29-17.1.i586",
"product_id": "xen-kmp-trace-4.1.6_08_3.0.101_0.7.29-17.1.i586"
}
},
{
"category": "product_version",
"name": "xen-libs-4.1.6_08-17.1.i586",
"product": {
"name": "xen-libs-4.1.6_08-17.1.i586",
"product_id": "xen-libs-4.1.6_08-17.1.i586"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.1.6_08-17.1.i586",
"product": {
"name": "xen-tools-domU-4.1.6_08-17.1.i586",
"product_id": "xen-tools-domU-4.1.6_08-17.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-4.1.6_08-17.1.x86_64",
"product": {
"name": "xen-4.1.6_08-17.1.x86_64",
"product_id": "xen-4.1.6_08-17.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-devel-4.1.6_08-17.1.x86_64",
"product": {
"name": "xen-devel-4.1.6_08-17.1.x86_64",
"product_id": "xen-devel-4.1.6_08-17.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.1.6_08-17.1.x86_64",
"product": {
"name": "xen-doc-html-4.1.6_08-17.1.x86_64",
"product_id": "xen-doc-html-4.1.6_08-17.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-doc-pdf-4.1.6_08-17.1.x86_64",
"product": {
"name": "xen-doc-pdf-4.1.6_08-17.1.x86_64",
"product_id": "xen-doc-pdf-4.1.6_08-17.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-kmp-default-4.1.6_08_3.0.101_0.7.29-17.1.x86_64",
"product": {
"name": "xen-kmp-default-4.1.6_08_3.0.101_0.7.29-17.1.x86_64",
"product_id": "xen-kmp-default-4.1.6_08_3.0.101_0.7.29-17.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-kmp-trace-4.1.6_08_3.0.101_0.7.29-17.1.x86_64",
"product": {
"name": "xen-kmp-trace-4.1.6_08_3.0.101_0.7.29-17.1.x86_64",
"product_id": "xen-kmp-trace-4.1.6_08_3.0.101_0.7.29-17.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.1.6_08-17.1.x86_64",
"product": {
"name": "xen-libs-4.1.6_08-17.1.x86_64",
"product_id": "xen-libs-4.1.6_08-17.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-32bit-4.1.6_08-17.1.x86_64",
"product": {
"name": "xen-libs-32bit-4.1.6_08-17.1.x86_64",
"product_id": "xen-libs-32bit-4.1.6_08-17.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.1.6_08-17.1.x86_64",
"product": {
"name": "xen-tools-4.1.6_08-17.1.x86_64",
"product_id": "xen-tools-4.1.6_08-17.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.1.6_08-17.1.x86_64",
"product": {
"name": "xen-tools-domU-4.1.6_08-17.1.x86_64",
"product_id": "xen-tools-domU-4.1.6_08-17.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 11 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 11 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_sles_ltss:11:sp2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.1.6_08-17.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP2-LTSS:xen-4.1.6_08-17.1.x86_64"
},
"product_reference": "xen-4.1.6_08-17.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.1.6_08-17.1.i586 as component of SUSE Linux Enterprise Server 11 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP2-LTSS:xen-devel-4.1.6_08-17.1.i586"
},
"product_reference": "xen-devel-4.1.6_08-17.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.1.6_08-17.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP2-LTSS:xen-devel-4.1.6_08-17.1.x86_64"
},
"product_reference": "xen-devel-4.1.6_08-17.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.1.6_08-17.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP2-LTSS:xen-doc-html-4.1.6_08-17.1.x86_64"
},
"product_reference": "xen-doc-html-4.1.6_08-17.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-pdf-4.1.6_08-17.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP2-LTSS:xen-doc-pdf-4.1.6_08-17.1.x86_64"
},
"product_reference": "xen-doc-pdf-4.1.6_08-17.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-default-4.1.6_08_3.0.101_0.7.29-17.1.i586 as component of SUSE Linux Enterprise Server 11 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-default-4.1.6_08_3.0.101_0.7.29-17.1.i586"
},
"product_reference": "xen-kmp-default-4.1.6_08_3.0.101_0.7.29-17.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-default-4.1.6_08_3.0.101_0.7.29-17.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-default-4.1.6_08_3.0.101_0.7.29-17.1.x86_64"
},
"product_reference": "xen-kmp-default-4.1.6_08_3.0.101_0.7.29-17.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-pae-4.1.6_08_3.0.101_0.7.29-17.1.i586 as component of SUSE Linux Enterprise Server 11 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-pae-4.1.6_08_3.0.101_0.7.29-17.1.i586"
},
"product_reference": "xen-kmp-pae-4.1.6_08_3.0.101_0.7.29-17.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-trace-4.1.6_08_3.0.101_0.7.29-17.1.i586 as component of SUSE Linux Enterprise Server 11 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-trace-4.1.6_08_3.0.101_0.7.29-17.1.i586"
},
"product_reference": "xen-kmp-trace-4.1.6_08_3.0.101_0.7.29-17.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-trace-4.1.6_08_3.0.101_0.7.29-17.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-trace-4.1.6_08_3.0.101_0.7.29-17.1.x86_64"
},
"product_reference": "xen-kmp-trace-4.1.6_08_3.0.101_0.7.29-17.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.1.6_08-17.1.i586 as component of SUSE Linux Enterprise Server 11 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP2-LTSS:xen-libs-4.1.6_08-17.1.i586"
},
"product_reference": "xen-libs-4.1.6_08-17.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.1.6_08-17.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP2-LTSS:xen-libs-4.1.6_08-17.1.x86_64"
},
"product_reference": "xen-libs-4.1.6_08-17.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.1.6_08-17.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP2-LTSS:xen-libs-32bit-4.1.6_08-17.1.x86_64"
},
"product_reference": "xen-libs-32bit-4.1.6_08-17.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.1.6_08-17.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP2-LTSS:xen-tools-4.1.6_08-17.1.x86_64"
},
"product_reference": "xen-tools-4.1.6_08-17.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.1.6_08-17.1.i586 as component of SUSE Linux Enterprise Server 11 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP2-LTSS:xen-tools-domU-4.1.6_08-17.1.i586"
},
"product_reference": "xen-tools-domU-4.1.6_08-17.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.1.6_08-17.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP2-LTSS:xen-tools-domU-4.1.6_08-17.1.x86_64"
},
"product_reference": "xen-tools-domU-4.1.6_08-17.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP2-LTSS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-5154",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-5154"
}
],
"notes": [
{
"category": "general",
"text": "Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP2-LTSS:xen-4.1.6_08-17.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:xen-devel-4.1.6_08-17.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:xen-devel-4.1.6_08-17.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:xen-doc-html-4.1.6_08-17.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:xen-doc-pdf-4.1.6_08-17.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-default-4.1.6_08_3.0.101_0.7.29-17.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-default-4.1.6_08_3.0.101_0.7.29-17.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-pae-4.1.6_08_3.0.101_0.7.29-17.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-trace-4.1.6_08_3.0.101_0.7.29-17.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-trace-4.1.6_08_3.0.101_0.7.29-17.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:xen-libs-32bit-4.1.6_08-17.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:xen-libs-4.1.6_08-17.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:xen-libs-4.1.6_08-17.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:xen-tools-4.1.6_08-17.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:xen-tools-domU-4.1.6_08-17.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:xen-tools-domU-4.1.6_08-17.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-5154",
"url": "https://www.suse.com/security/cve/CVE-2015-5154"
},
{
"category": "external",
"summary": "SUSE Bug 938344 for CVE-2015-5154",
"url": "https://bugzilla.suse.com/938344"
},
{
"category": "external",
"summary": "SUSE Bug 950367 for CVE-2015-5154",
"url": "https://bugzilla.suse.com/950367"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP2-LTSS:xen-4.1.6_08-17.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:xen-devel-4.1.6_08-17.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:xen-devel-4.1.6_08-17.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:xen-doc-html-4.1.6_08-17.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:xen-doc-pdf-4.1.6_08-17.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-default-4.1.6_08_3.0.101_0.7.29-17.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-default-4.1.6_08_3.0.101_0.7.29-17.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-pae-4.1.6_08_3.0.101_0.7.29-17.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-trace-4.1.6_08_3.0.101_0.7.29-17.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-trace-4.1.6_08_3.0.101_0.7.29-17.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:xen-libs-32bit-4.1.6_08-17.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:xen-libs-4.1.6_08-17.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:xen-libs-4.1.6_08-17.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:xen-tools-4.1.6_08-17.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:xen-tools-domU-4.1.6_08-17.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:xen-tools-domU-4.1.6_08-17.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2015-08-11T08:29:18Z",
"details": "important"
}
],
"title": "CVE-2015-5154"
},
{
"cve": "CVE-2015-5165",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-5165"
}
],
"notes": [
{
"category": "general",
"text": "The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP2-LTSS:xen-4.1.6_08-17.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:xen-devel-4.1.6_08-17.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:xen-devel-4.1.6_08-17.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:xen-doc-html-4.1.6_08-17.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:xen-doc-pdf-4.1.6_08-17.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-default-4.1.6_08_3.0.101_0.7.29-17.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-default-4.1.6_08_3.0.101_0.7.29-17.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-pae-4.1.6_08_3.0.101_0.7.29-17.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-trace-4.1.6_08_3.0.101_0.7.29-17.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-trace-4.1.6_08_3.0.101_0.7.29-17.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:xen-libs-32bit-4.1.6_08-17.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:xen-libs-4.1.6_08-17.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:xen-libs-4.1.6_08-17.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:xen-tools-4.1.6_08-17.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:xen-tools-domU-4.1.6_08-17.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:xen-tools-domU-4.1.6_08-17.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-5165",
"url": "https://www.suse.com/security/cve/CVE-2015-5165"
},
{
"category": "external",
"summary": "SUSE Bug 939712 for CVE-2015-5165",
"url": "https://bugzilla.suse.com/939712"
},
{
"category": "external",
"summary": "SUSE Bug 950367 for CVE-2015-5165",
"url": "https://bugzilla.suse.com/950367"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP2-LTSS:xen-4.1.6_08-17.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:xen-devel-4.1.6_08-17.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:xen-devel-4.1.6_08-17.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:xen-doc-html-4.1.6_08-17.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:xen-doc-pdf-4.1.6_08-17.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-default-4.1.6_08_3.0.101_0.7.29-17.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-default-4.1.6_08_3.0.101_0.7.29-17.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-pae-4.1.6_08_3.0.101_0.7.29-17.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-trace-4.1.6_08_3.0.101_0.7.29-17.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-trace-4.1.6_08_3.0.101_0.7.29-17.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:xen-libs-32bit-4.1.6_08-17.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:xen-libs-4.1.6_08-17.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:xen-libs-4.1.6_08-17.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:xen-tools-4.1.6_08-17.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:xen-tools-domU-4.1.6_08-17.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:xen-tools-domU-4.1.6_08-17.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 11 SP2-LTSS:xen-4.1.6_08-17.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:xen-devel-4.1.6_08-17.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:xen-devel-4.1.6_08-17.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:xen-doc-html-4.1.6_08-17.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:xen-doc-pdf-4.1.6_08-17.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-default-4.1.6_08_3.0.101_0.7.29-17.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-default-4.1.6_08_3.0.101_0.7.29-17.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-pae-4.1.6_08_3.0.101_0.7.29-17.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-trace-4.1.6_08_3.0.101_0.7.29-17.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-trace-4.1.6_08_3.0.101_0.7.29-17.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:xen-libs-32bit-4.1.6_08-17.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:xen-libs-4.1.6_08-17.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:xen-libs-4.1.6_08-17.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:xen-tools-4.1.6_08-17.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:xen-tools-domU-4.1.6_08-17.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:xen-tools-domU-4.1.6_08-17.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2015-08-11T08:29:18Z",
"details": "moderate"
}
],
"title": "CVE-2015-5165"
}
]
}
SUSE-SU-2015:1409-1
Vulnerability from csaf_suse - Published: 2015-08-07 18:51 - Updated: 2015-08-07 18:51Summary
Security update for kvm
Severity
Important
Notes
Title of the patch: Security update for kvm
Description of the patch: kvm was updated to fix one security issue.
This security issue was fixed:
- CVE-2015-5154: Host code execution via IDE subsystem CD-ROM (bsc#938344).
Patchnames: slessp1-kvm-12036
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP1-LTSS:kvm-0.12.5-1.30.2.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP1-LTSS:kvm-0.12.5-1.30.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP1-TERADATA:kvm-0.12.5-1.30.2.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP1-TERADATA:kvm-0.12.5-1.30.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
9 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for kvm",
"title": "Title of the patch"
},
{
"category": "description",
"text": "kvm was updated to fix one security issue.\n\nThis security issue was fixed:\n- CVE-2015-5154: Host code execution via IDE subsystem CD-ROM (bsc#938344).",
"title": "Description of the patch"
},
{
"category": "details",
"text": "slessp1-kvm-12036",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2015_1409-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2015:1409-1",
"url": "https://www.suse.com/support/update/announcement/2015/suse-su-20151409-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2015:1409-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2015-August/001544.html"
},
{
"category": "self",
"summary": "SUSE Bug 938344",
"url": "https://bugzilla.suse.com/938344"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-5154 page",
"url": "https://www.suse.com/security/cve/CVE-2015-5154/"
}
],
"title": "Security update for kvm",
"tracking": {
"current_release_date": "2015-08-07T18:51:59Z",
"generator": {
"date": "2015-08-07T18:51:59Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2015:1409-1",
"initial_release_date": "2015-08-07T18:51:59Z",
"revision_history": [
{
"date": "2015-08-07T18:51:59Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kvm-0.12.5-1.30.2.i586",
"product": {
"name": "kvm-0.12.5-1.30.2.i586",
"product_id": "kvm-0.12.5-1.30.2.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "kvm-0.12.5-1.30.2.x86_64",
"product": {
"name": "kvm-0.12.5-1.30.2.x86_64",
"product_id": "kvm-0.12.5-1.30.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 11 SP1-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 11 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP1-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_sles_ltss:11:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 11 SP1-TERADATA",
"product": {
"name": "SUSE Linux Enterprise Server 11 SP1-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP1-TERADATA",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:11:sp1:teradata"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kvm-0.12.5-1.30.2.i586 as component of SUSE Linux Enterprise Server 11 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP1-LTSS:kvm-0.12.5-1.30.2.i586"
},
"product_reference": "kvm-0.12.5-1.30.2.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kvm-0.12.5-1.30.2.x86_64 as component of SUSE Linux Enterprise Server 11 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP1-LTSS:kvm-0.12.5-1.30.2.x86_64"
},
"product_reference": "kvm-0.12.5-1.30.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kvm-0.12.5-1.30.2.i586 as component of SUSE Linux Enterprise Server 11 SP1-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP1-TERADATA:kvm-0.12.5-1.30.2.i586"
},
"product_reference": "kvm-0.12.5-1.30.2.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP1-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kvm-0.12.5-1.30.2.x86_64 as component of SUSE Linux Enterprise Server 11 SP1-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP1-TERADATA:kvm-0.12.5-1.30.2.x86_64"
},
"product_reference": "kvm-0.12.5-1.30.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP1-TERADATA"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-5154",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-5154"
}
],
"notes": [
{
"category": "general",
"text": "Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP1-LTSS:kvm-0.12.5-1.30.2.i586",
"SUSE Linux Enterprise Server 11 SP1-LTSS:kvm-0.12.5-1.30.2.x86_64",
"SUSE Linux Enterprise Server 11 SP1-TERADATA:kvm-0.12.5-1.30.2.i586",
"SUSE Linux Enterprise Server 11 SP1-TERADATA:kvm-0.12.5-1.30.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-5154",
"url": "https://www.suse.com/security/cve/CVE-2015-5154"
},
{
"category": "external",
"summary": "SUSE Bug 938344 for CVE-2015-5154",
"url": "https://bugzilla.suse.com/938344"
},
{
"category": "external",
"summary": "SUSE Bug 950367 for CVE-2015-5154",
"url": "https://bugzilla.suse.com/950367"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP1-LTSS:kvm-0.12.5-1.30.2.i586",
"SUSE Linux Enterprise Server 11 SP1-LTSS:kvm-0.12.5-1.30.2.x86_64",
"SUSE Linux Enterprise Server 11 SP1-TERADATA:kvm-0.12.5-1.30.2.i586",
"SUSE Linux Enterprise Server 11 SP1-TERADATA:kvm-0.12.5-1.30.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2015-08-07T18:51:59Z",
"details": "important"
}
],
"title": "CVE-2015-5154"
}
]
}
SUSE-SU-2015:1421-1
Vulnerability from csaf_suse - Published: 2015-08-11 08:50 - Updated: 2015-08-11 08:50Summary
Security update for xen
Severity
Important
Notes
Title of the patch: Security update for xen
Description of the patch:
Xen was updated to fix the following security issues:
* CVE-2015-5154: Host code execution via IDE subsystem CD-ROM (bsc#938344)
* CVE-2015-5165: QEMU leak of uninitialized heap memory in rtl8139 device model (XSA-140, bsc#939712)
Patchnames: slessp1-xen-12039
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP1-LTSS:xen-4.0.3_21548_18-29.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP1-LTSS:xen-4.0.3_21548_18-29.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-html-4.0.3_21548_18-29.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-html-4.0.3_21548_18-29.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-pdf-4.0.3_21548_18-29.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-pdf-4.0.3_21548_18-29.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-default-4.0.3_21548_18_2.6.32.59_0.19-29.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-default-4.0.3_21548_18_2.6.32.59_0.19-29.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-pae-4.0.3_21548_18_2.6.32.59_0.19-29.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-trace-4.0.3_21548_18_2.6.32.59_0.19-29.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-trace-4.0.3_21548_18_2.6.32.59_0.19-29.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP1-LTSS:xen-libs-4.0.3_21548_18-29.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP1-LTSS:xen-libs-4.0.3_21548_18-29.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-4.0.3_21548_18-29.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-4.0.3_21548_18-29.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-domU-4.0.3_21548_18-29.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-domU-4.0.3_21548_18-29.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.5 (Medium)
Affected products
Recommended
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP1-LTSS:xen-4.0.3_21548_18-29.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP1-LTSS:xen-4.0.3_21548_18-29.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-html-4.0.3_21548_18-29.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-html-4.0.3_21548_18-29.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-pdf-4.0.3_21548_18-29.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-pdf-4.0.3_21548_18-29.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-default-4.0.3_21548_18_2.6.32.59_0.19-29.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-default-4.0.3_21548_18_2.6.32.59_0.19-29.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-pae-4.0.3_21548_18_2.6.32.59_0.19-29.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-trace-4.0.3_21548_18_2.6.32.59_0.19-29.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-trace-4.0.3_21548_18_2.6.32.59_0.19-29.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP1-LTSS:xen-libs-4.0.3_21548_18-29.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP1-LTSS:xen-libs-4.0.3_21548_18-29.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-4.0.3_21548_18-29.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-4.0.3_21548_18-29.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-domU-4.0.3_21548_18-29.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-domU-4.0.3_21548_18-29.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
14 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for xen",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nXen was updated to fix the following security issues:\n\n* CVE-2015-5154: Host code execution via IDE subsystem CD-ROM (bsc#938344)\n* CVE-2015-5165: QEMU leak of uninitialized heap memory in rtl8139 device model (XSA-140, bsc#939712)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "slessp1-xen-12039",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2015_1421-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2015:1421-1",
"url": "https://www.suse.com/support/update/announcement/2015/suse-su-20151421-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2015:1421-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2015-August/001547.html"
},
{
"category": "self",
"summary": "SUSE Bug 938344",
"url": "https://bugzilla.suse.com/938344"
},
{
"category": "self",
"summary": "SUSE Bug 939712",
"url": "https://bugzilla.suse.com/939712"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-5154 page",
"url": "https://www.suse.com/security/cve/CVE-2015-5154/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-5165 page",
"url": "https://www.suse.com/security/cve/CVE-2015-5165/"
}
],
"title": "Security update for xen",
"tracking": {
"current_release_date": "2015-08-11T08:50:04Z",
"generator": {
"date": "2015-08-11T08:50:04Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2015:1421-1",
"initial_release_date": "2015-08-11T08:50:04Z",
"revision_history": [
{
"date": "2015-08-11T08:50:04Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "xen-4.0.3_21548_18-29.1.i586",
"product": {
"name": "xen-4.0.3_21548_18-29.1.i586",
"product_id": "xen-4.0.3_21548_18-29.1.i586"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.0.3_21548_18-29.1.i586",
"product": {
"name": "xen-doc-html-4.0.3_21548_18-29.1.i586",
"product_id": "xen-doc-html-4.0.3_21548_18-29.1.i586"
}
},
{
"category": "product_version",
"name": "xen-doc-pdf-4.0.3_21548_18-29.1.i586",
"product": {
"name": "xen-doc-pdf-4.0.3_21548_18-29.1.i586",
"product_id": "xen-doc-pdf-4.0.3_21548_18-29.1.i586"
}
},
{
"category": "product_version",
"name": "xen-kmp-default-4.0.3_21548_18_2.6.32.59_0.19-29.1.i586",
"product": {
"name": "xen-kmp-default-4.0.3_21548_18_2.6.32.59_0.19-29.1.i586",
"product_id": "xen-kmp-default-4.0.3_21548_18_2.6.32.59_0.19-29.1.i586"
}
},
{
"category": "product_version",
"name": "xen-kmp-pae-4.0.3_21548_18_2.6.32.59_0.19-29.1.i586",
"product": {
"name": "xen-kmp-pae-4.0.3_21548_18_2.6.32.59_0.19-29.1.i586",
"product_id": "xen-kmp-pae-4.0.3_21548_18_2.6.32.59_0.19-29.1.i586"
}
},
{
"category": "product_version",
"name": "xen-kmp-trace-4.0.3_21548_18_2.6.32.59_0.19-29.1.i586",
"product": {
"name": "xen-kmp-trace-4.0.3_21548_18_2.6.32.59_0.19-29.1.i586",
"product_id": "xen-kmp-trace-4.0.3_21548_18_2.6.32.59_0.19-29.1.i586"
}
},
{
"category": "product_version",
"name": "xen-libs-4.0.3_21548_18-29.1.i586",
"product": {
"name": "xen-libs-4.0.3_21548_18-29.1.i586",
"product_id": "xen-libs-4.0.3_21548_18-29.1.i586"
}
},
{
"category": "product_version",
"name": "xen-tools-4.0.3_21548_18-29.1.i586",
"product": {
"name": "xen-tools-4.0.3_21548_18-29.1.i586",
"product_id": "xen-tools-4.0.3_21548_18-29.1.i586"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.0.3_21548_18-29.1.i586",
"product": {
"name": "xen-tools-domU-4.0.3_21548_18-29.1.i586",
"product_id": "xen-tools-domU-4.0.3_21548_18-29.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-4.0.3_21548_18-29.1.x86_64",
"product": {
"name": "xen-4.0.3_21548_18-29.1.x86_64",
"product_id": "xen-4.0.3_21548_18-29.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.0.3_21548_18-29.1.x86_64",
"product": {
"name": "xen-doc-html-4.0.3_21548_18-29.1.x86_64",
"product_id": "xen-doc-html-4.0.3_21548_18-29.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-doc-pdf-4.0.3_21548_18-29.1.x86_64",
"product": {
"name": "xen-doc-pdf-4.0.3_21548_18-29.1.x86_64",
"product_id": "xen-doc-pdf-4.0.3_21548_18-29.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-kmp-default-4.0.3_21548_18_2.6.32.59_0.19-29.1.x86_64",
"product": {
"name": "xen-kmp-default-4.0.3_21548_18_2.6.32.59_0.19-29.1.x86_64",
"product_id": "xen-kmp-default-4.0.3_21548_18_2.6.32.59_0.19-29.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-kmp-trace-4.0.3_21548_18_2.6.32.59_0.19-29.1.x86_64",
"product": {
"name": "xen-kmp-trace-4.0.3_21548_18_2.6.32.59_0.19-29.1.x86_64",
"product_id": "xen-kmp-trace-4.0.3_21548_18_2.6.32.59_0.19-29.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.0.3_21548_18-29.1.x86_64",
"product": {
"name": "xen-libs-4.0.3_21548_18-29.1.x86_64",
"product_id": "xen-libs-4.0.3_21548_18-29.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.0.3_21548_18-29.1.x86_64",
"product": {
"name": "xen-tools-4.0.3_21548_18-29.1.x86_64",
"product_id": "xen-tools-4.0.3_21548_18-29.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.0.3_21548_18-29.1.x86_64",
"product": {
"name": "xen-tools-domU-4.0.3_21548_18-29.1.x86_64",
"product_id": "xen-tools-domU-4.0.3_21548_18-29.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 11 SP1-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 11 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP1-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_sles_ltss:11:sp1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.0.3_21548_18-29.1.i586 as component of SUSE Linux Enterprise Server 11 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-4.0.3_21548_18-29.1.i586"
},
"product_reference": "xen-4.0.3_21548_18-29.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.0.3_21548_18-29.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-4.0.3_21548_18-29.1.x86_64"
},
"product_reference": "xen-4.0.3_21548_18-29.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.0.3_21548_18-29.1.i586 as component of SUSE Linux Enterprise Server 11 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-html-4.0.3_21548_18-29.1.i586"
},
"product_reference": "xen-doc-html-4.0.3_21548_18-29.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.0.3_21548_18-29.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-html-4.0.3_21548_18-29.1.x86_64"
},
"product_reference": "xen-doc-html-4.0.3_21548_18-29.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-pdf-4.0.3_21548_18-29.1.i586 as component of SUSE Linux Enterprise Server 11 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-pdf-4.0.3_21548_18-29.1.i586"
},
"product_reference": "xen-doc-pdf-4.0.3_21548_18-29.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-pdf-4.0.3_21548_18-29.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-pdf-4.0.3_21548_18-29.1.x86_64"
},
"product_reference": "xen-doc-pdf-4.0.3_21548_18-29.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-default-4.0.3_21548_18_2.6.32.59_0.19-29.1.i586 as component of SUSE Linux Enterprise Server 11 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-default-4.0.3_21548_18_2.6.32.59_0.19-29.1.i586"
},
"product_reference": "xen-kmp-default-4.0.3_21548_18_2.6.32.59_0.19-29.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-default-4.0.3_21548_18_2.6.32.59_0.19-29.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-default-4.0.3_21548_18_2.6.32.59_0.19-29.1.x86_64"
},
"product_reference": "xen-kmp-default-4.0.3_21548_18_2.6.32.59_0.19-29.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-pae-4.0.3_21548_18_2.6.32.59_0.19-29.1.i586 as component of SUSE Linux Enterprise Server 11 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-pae-4.0.3_21548_18_2.6.32.59_0.19-29.1.i586"
},
"product_reference": "xen-kmp-pae-4.0.3_21548_18_2.6.32.59_0.19-29.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-trace-4.0.3_21548_18_2.6.32.59_0.19-29.1.i586 as component of SUSE Linux Enterprise Server 11 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-trace-4.0.3_21548_18_2.6.32.59_0.19-29.1.i586"
},
"product_reference": "xen-kmp-trace-4.0.3_21548_18_2.6.32.59_0.19-29.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-trace-4.0.3_21548_18_2.6.32.59_0.19-29.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-trace-4.0.3_21548_18_2.6.32.59_0.19-29.1.x86_64"
},
"product_reference": "xen-kmp-trace-4.0.3_21548_18_2.6.32.59_0.19-29.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.0.3_21548_18-29.1.i586 as component of SUSE Linux Enterprise Server 11 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-libs-4.0.3_21548_18-29.1.i586"
},
"product_reference": "xen-libs-4.0.3_21548_18-29.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.0.3_21548_18-29.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-libs-4.0.3_21548_18-29.1.x86_64"
},
"product_reference": "xen-libs-4.0.3_21548_18-29.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.0.3_21548_18-29.1.i586 as component of SUSE Linux Enterprise Server 11 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-4.0.3_21548_18-29.1.i586"
},
"product_reference": "xen-tools-4.0.3_21548_18-29.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.0.3_21548_18-29.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-4.0.3_21548_18-29.1.x86_64"
},
"product_reference": "xen-tools-4.0.3_21548_18-29.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.0.3_21548_18-29.1.i586 as component of SUSE Linux Enterprise Server 11 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-domU-4.0.3_21548_18-29.1.i586"
},
"product_reference": "xen-tools-domU-4.0.3_21548_18-29.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.0.3_21548_18-29.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-domU-4.0.3_21548_18-29.1.x86_64"
},
"product_reference": "xen-tools-domU-4.0.3_21548_18-29.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP1-LTSS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-5154",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-5154"
}
],
"notes": [
{
"category": "general",
"text": "Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP1-LTSS:xen-4.0.3_21548_18-29.1.i586",
"SUSE Linux Enterprise Server 11 SP1-LTSS:xen-4.0.3_21548_18-29.1.x86_64",
"SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-html-4.0.3_21548_18-29.1.i586",
"SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-html-4.0.3_21548_18-29.1.x86_64",
"SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-pdf-4.0.3_21548_18-29.1.i586",
"SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-pdf-4.0.3_21548_18-29.1.x86_64",
"SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-default-4.0.3_21548_18_2.6.32.59_0.19-29.1.i586",
"SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-default-4.0.3_21548_18_2.6.32.59_0.19-29.1.x86_64",
"SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-pae-4.0.3_21548_18_2.6.32.59_0.19-29.1.i586",
"SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-trace-4.0.3_21548_18_2.6.32.59_0.19-29.1.i586",
"SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-trace-4.0.3_21548_18_2.6.32.59_0.19-29.1.x86_64",
"SUSE Linux Enterprise Server 11 SP1-LTSS:xen-libs-4.0.3_21548_18-29.1.i586",
"SUSE Linux Enterprise Server 11 SP1-LTSS:xen-libs-4.0.3_21548_18-29.1.x86_64",
"SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-4.0.3_21548_18-29.1.i586",
"SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-4.0.3_21548_18-29.1.x86_64",
"SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-domU-4.0.3_21548_18-29.1.i586",
"SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-domU-4.0.3_21548_18-29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-5154",
"url": "https://www.suse.com/security/cve/CVE-2015-5154"
},
{
"category": "external",
"summary": "SUSE Bug 938344 for CVE-2015-5154",
"url": "https://bugzilla.suse.com/938344"
},
{
"category": "external",
"summary": "SUSE Bug 950367 for CVE-2015-5154",
"url": "https://bugzilla.suse.com/950367"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP1-LTSS:xen-4.0.3_21548_18-29.1.i586",
"SUSE Linux Enterprise Server 11 SP1-LTSS:xen-4.0.3_21548_18-29.1.x86_64",
"SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-html-4.0.3_21548_18-29.1.i586",
"SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-html-4.0.3_21548_18-29.1.x86_64",
"SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-pdf-4.0.3_21548_18-29.1.i586",
"SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-pdf-4.0.3_21548_18-29.1.x86_64",
"SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-default-4.0.3_21548_18_2.6.32.59_0.19-29.1.i586",
"SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-default-4.0.3_21548_18_2.6.32.59_0.19-29.1.x86_64",
"SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-pae-4.0.3_21548_18_2.6.32.59_0.19-29.1.i586",
"SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-trace-4.0.3_21548_18_2.6.32.59_0.19-29.1.i586",
"SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-trace-4.0.3_21548_18_2.6.32.59_0.19-29.1.x86_64",
"SUSE Linux Enterprise Server 11 SP1-LTSS:xen-libs-4.0.3_21548_18-29.1.i586",
"SUSE Linux Enterprise Server 11 SP1-LTSS:xen-libs-4.0.3_21548_18-29.1.x86_64",
"SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-4.0.3_21548_18-29.1.i586",
"SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-4.0.3_21548_18-29.1.x86_64",
"SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-domU-4.0.3_21548_18-29.1.i586",
"SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-domU-4.0.3_21548_18-29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2015-08-11T08:50:04Z",
"details": "important"
}
],
"title": "CVE-2015-5154"
},
{
"cve": "CVE-2015-5165",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-5165"
}
],
"notes": [
{
"category": "general",
"text": "The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP1-LTSS:xen-4.0.3_21548_18-29.1.i586",
"SUSE Linux Enterprise Server 11 SP1-LTSS:xen-4.0.3_21548_18-29.1.x86_64",
"SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-html-4.0.3_21548_18-29.1.i586",
"SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-html-4.0.3_21548_18-29.1.x86_64",
"SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-pdf-4.0.3_21548_18-29.1.i586",
"SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-pdf-4.0.3_21548_18-29.1.x86_64",
"SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-default-4.0.3_21548_18_2.6.32.59_0.19-29.1.i586",
"SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-default-4.0.3_21548_18_2.6.32.59_0.19-29.1.x86_64",
"SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-pae-4.0.3_21548_18_2.6.32.59_0.19-29.1.i586",
"SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-trace-4.0.3_21548_18_2.6.32.59_0.19-29.1.i586",
"SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-trace-4.0.3_21548_18_2.6.32.59_0.19-29.1.x86_64",
"SUSE Linux Enterprise Server 11 SP1-LTSS:xen-libs-4.0.3_21548_18-29.1.i586",
"SUSE Linux Enterprise Server 11 SP1-LTSS:xen-libs-4.0.3_21548_18-29.1.x86_64",
"SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-4.0.3_21548_18-29.1.i586",
"SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-4.0.3_21548_18-29.1.x86_64",
"SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-domU-4.0.3_21548_18-29.1.i586",
"SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-domU-4.0.3_21548_18-29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-5165",
"url": "https://www.suse.com/security/cve/CVE-2015-5165"
},
{
"category": "external",
"summary": "SUSE Bug 939712 for CVE-2015-5165",
"url": "https://bugzilla.suse.com/939712"
},
{
"category": "external",
"summary": "SUSE Bug 950367 for CVE-2015-5165",
"url": "https://bugzilla.suse.com/950367"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP1-LTSS:xen-4.0.3_21548_18-29.1.i586",
"SUSE Linux Enterprise Server 11 SP1-LTSS:xen-4.0.3_21548_18-29.1.x86_64",
"SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-html-4.0.3_21548_18-29.1.i586",
"SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-html-4.0.3_21548_18-29.1.x86_64",
"SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-pdf-4.0.3_21548_18-29.1.i586",
"SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-pdf-4.0.3_21548_18-29.1.x86_64",
"SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-default-4.0.3_21548_18_2.6.32.59_0.19-29.1.i586",
"SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-default-4.0.3_21548_18_2.6.32.59_0.19-29.1.x86_64",
"SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-pae-4.0.3_21548_18_2.6.32.59_0.19-29.1.i586",
"SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-trace-4.0.3_21548_18_2.6.32.59_0.19-29.1.i586",
"SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-trace-4.0.3_21548_18_2.6.32.59_0.19-29.1.x86_64",
"SUSE Linux Enterprise Server 11 SP1-LTSS:xen-libs-4.0.3_21548_18-29.1.i586",
"SUSE Linux Enterprise Server 11 SP1-LTSS:xen-libs-4.0.3_21548_18-29.1.x86_64",
"SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-4.0.3_21548_18-29.1.i586",
"SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-4.0.3_21548_18-29.1.x86_64",
"SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-domU-4.0.3_21548_18-29.1.i586",
"SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-domU-4.0.3_21548_18-29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 11 SP1-LTSS:xen-4.0.3_21548_18-29.1.i586",
"SUSE Linux Enterprise Server 11 SP1-LTSS:xen-4.0.3_21548_18-29.1.x86_64",
"SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-html-4.0.3_21548_18-29.1.i586",
"SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-html-4.0.3_21548_18-29.1.x86_64",
"SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-pdf-4.0.3_21548_18-29.1.i586",
"SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-pdf-4.0.3_21548_18-29.1.x86_64",
"SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-default-4.0.3_21548_18_2.6.32.59_0.19-29.1.i586",
"SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-default-4.0.3_21548_18_2.6.32.59_0.19-29.1.x86_64",
"SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-pae-4.0.3_21548_18_2.6.32.59_0.19-29.1.i586",
"SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-trace-4.0.3_21548_18_2.6.32.59_0.19-29.1.i586",
"SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-trace-4.0.3_21548_18_2.6.32.59_0.19-29.1.x86_64",
"SUSE Linux Enterprise Server 11 SP1-LTSS:xen-libs-4.0.3_21548_18-29.1.i586",
"SUSE Linux Enterprise Server 11 SP1-LTSS:xen-libs-4.0.3_21548_18-29.1.x86_64",
"SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-4.0.3_21548_18-29.1.i586",
"SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-4.0.3_21548_18-29.1.x86_64",
"SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-domU-4.0.3_21548_18-29.1.i586",
"SUSE Linux Enterprise Server 11 SP1-LTSS:xen-tools-domU-4.0.3_21548_18-29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2015-08-11T08:50:04Z",
"details": "moderate"
}
],
"title": "CVE-2015-5165"
}
]
}
SUSE-SU-2015:1426-1
Vulnerability from csaf_suse - Published: 2015-08-07 17:46 - Updated: 2015-08-07 17:46Summary
Security update for kvm
Severity
Important
Notes
Title of the patch: Security update for kvm
Description of the patch: kvm was updated to fix two security issues.
The following vulnerabilities were fixed:
- CVE-2015-5154: Host code execution via IDE subsystem CD-ROM (bsc#938344).
- CVE-2015-3209: Fix buffer overflow in pcnet emulation (bsc#932770).
Patchnames: slessp2-kvm-12041
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP2-LTSS:kvm-0.15.1-0.32.2.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP2-LTSS:kvm-0.15.1-0.32.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP2-LTSS:kvm-0.15.1-0.32.2.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP2-LTSS:kvm-0.15.1-0.32.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
15 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for kvm",
"title": "Title of the patch"
},
{
"category": "description",
"text": "kvm was updated to fix two security issues.\n\nThe following vulnerabilities were fixed:\n\n- CVE-2015-5154: Host code execution via IDE subsystem CD-ROM (bsc#938344).\n- CVE-2015-3209: Fix buffer overflow in pcnet emulation (bsc#932770).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "slessp2-kvm-12041",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2015_1426-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2015:1426-1",
"url": "https://www.suse.com/support/update/announcement/2015/suse-su-20151426-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2015:1426-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2015-August/001550.html"
},
{
"category": "self",
"summary": "SUSE Bug 932770",
"url": "https://bugzilla.suse.com/932770"
},
{
"category": "self",
"summary": "SUSE Bug 938344",
"url": "https://bugzilla.suse.com/938344"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-3209 page",
"url": "https://www.suse.com/security/cve/CVE-2015-3209/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-5154 page",
"url": "https://www.suse.com/security/cve/CVE-2015-5154/"
}
],
"title": "Security update for kvm",
"tracking": {
"current_release_date": "2015-08-07T17:46:18Z",
"generator": {
"date": "2015-08-07T17:46:18Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2015:1426-1",
"initial_release_date": "2015-08-07T17:46:18Z",
"revision_history": [
{
"date": "2015-08-07T17:46:18Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kvm-0.15.1-0.32.2.i586",
"product": {
"name": "kvm-0.15.1-0.32.2.i586",
"product_id": "kvm-0.15.1-0.32.2.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "kvm-0.15.1-0.32.2.x86_64",
"product": {
"name": "kvm-0.15.1-0.32.2.x86_64",
"product_id": "kvm-0.15.1-0.32.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 11 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 11 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_sles_ltss:11:sp2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kvm-0.15.1-0.32.2.i586 as component of SUSE Linux Enterprise Server 11 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP2-LTSS:kvm-0.15.1-0.32.2.i586"
},
"product_reference": "kvm-0.15.1-0.32.2.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kvm-0.15.1-0.32.2.x86_64 as component of SUSE Linux Enterprise Server 11 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP2-LTSS:kvm-0.15.1-0.32.2.x86_64"
},
"product_reference": "kvm-0.15.1-0.32.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP2-LTSS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-3209",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-3209"
}
],
"notes": [
{
"category": "general",
"text": "Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_DEVICEOWNS set.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP2-LTSS:kvm-0.15.1-0.32.2.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:kvm-0.15.1-0.32.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-3209",
"url": "https://www.suse.com/security/cve/CVE-2015-3209"
},
{
"category": "external",
"summary": "SUSE Bug 932267 for CVE-2015-3209",
"url": "https://bugzilla.suse.com/932267"
},
{
"category": "external",
"summary": "SUSE Bug 932770 for CVE-2015-3209",
"url": "https://bugzilla.suse.com/932770"
},
{
"category": "external",
"summary": "SUSE Bug 932823 for CVE-2015-3209",
"url": "https://bugzilla.suse.com/932823"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP2-LTSS:kvm-0.15.1-0.32.2.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:kvm-0.15.1-0.32.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2015-08-07T17:46:18Z",
"details": "important"
}
],
"title": "CVE-2015-3209"
},
{
"cve": "CVE-2015-5154",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-5154"
}
],
"notes": [
{
"category": "general",
"text": "Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP2-LTSS:kvm-0.15.1-0.32.2.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:kvm-0.15.1-0.32.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-5154",
"url": "https://www.suse.com/security/cve/CVE-2015-5154"
},
{
"category": "external",
"summary": "SUSE Bug 938344 for CVE-2015-5154",
"url": "https://bugzilla.suse.com/938344"
},
{
"category": "external",
"summary": "SUSE Bug 950367 for CVE-2015-5154",
"url": "https://bugzilla.suse.com/950367"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP2-LTSS:kvm-0.15.1-0.32.2.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:kvm-0.15.1-0.32.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2015-08-07T17:46:18Z",
"details": "important"
}
],
"title": "CVE-2015-5154"
}
]
}
SUSE-SU-2015:1455-1
Vulnerability from csaf_suse - Published: 2015-07-17 09:41 - Updated: 2015-07-17 09:41Summary
Security update for kvm
Severity
Important
Notes
Title of the patch: Security update for kvm
Description of the patch:
kvm was updated to fix one security issue.
This security issue was fixed:
- CVE-2015-5154: Host code execution via IDE subsystem CD-ROM (bsc#938344).
Patchnames: sledsp4-kvm-12053,slessp4-kvm-12053
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Desktop 11 SP4:kvm-1.4.2-32.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 11 SP4:kvm-1.4.2-32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:kvm-1.4.2-32.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:kvm-1.4.2-32.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:kvm-1.4.2-32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:kvm-1.4.2-32.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:kvm-1.4.2-32.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:kvm-1.4.2-32.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
9 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for kvm",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nkvm was updated to fix one security issue.\n\nThis security issue was fixed:\n- CVE-2015-5154: Host code execution via IDE subsystem CD-ROM (bsc#938344).\n ",
"title": "Description of the patch"
},
{
"category": "details",
"text": "sledsp4-kvm-12053,slessp4-kvm-12053",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2015_1455-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2015:1455-1",
"url": "https://www.suse.com/support/update/announcement/2015/suse-su-20151455-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2015:1455-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2015-August/001557.html"
},
{
"category": "self",
"summary": "SUSE Bug 938344",
"url": "https://bugzilla.suse.com/938344"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-5154 page",
"url": "https://www.suse.com/security/cve/CVE-2015-5154/"
}
],
"title": "Security update for kvm",
"tracking": {
"current_release_date": "2015-07-17T09:41:05Z",
"generator": {
"date": "2015-07-17T09:41:05Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2015:1455-1",
"initial_release_date": "2015-07-17T09:41:05Z",
"revision_history": [
{
"date": "2015-07-17T09:41:05Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kvm-1.4.2-32.1.i586",
"product": {
"name": "kvm-1.4.2-32.1.i586",
"product_id": "kvm-1.4.2-32.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "kvm-1.4.2-32.1.s390x",
"product": {
"name": "kvm-1.4.2-32.1.s390x",
"product_id": "kvm-1.4.2-32.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kvm-1.4.2-32.1.x86_64",
"product": {
"name": "kvm-1.4.2-32.1.x86_64",
"product_id": "kvm-1.4.2-32.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Desktop 11 SP4",
"product": {
"name": "SUSE Linux Enterprise Desktop 11 SP4",
"product_id": "SUSE Linux Enterprise Desktop 11 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_sled:11:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 11 SP4",
"product": {
"name": "SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_sles:11:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:11:sp4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kvm-1.4.2-32.1.i586 as component of SUSE Linux Enterprise Desktop 11 SP4",
"product_id": "SUSE Linux Enterprise Desktop 11 SP4:kvm-1.4.2-32.1.i586"
},
"product_reference": "kvm-1.4.2-32.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kvm-1.4.2-32.1.x86_64 as component of SUSE Linux Enterprise Desktop 11 SP4",
"product_id": "SUSE Linux Enterprise Desktop 11 SP4:kvm-1.4.2-32.1.x86_64"
},
"product_reference": "kvm-1.4.2-32.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kvm-1.4.2-32.1.i586 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:kvm-1.4.2-32.1.i586"
},
"product_reference": "kvm-1.4.2-32.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kvm-1.4.2-32.1.s390x as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:kvm-1.4.2-32.1.s390x"
},
"product_reference": "kvm-1.4.2-32.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kvm-1.4.2-32.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:kvm-1.4.2-32.1.x86_64"
},
"product_reference": "kvm-1.4.2-32.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kvm-1.4.2-32.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kvm-1.4.2-32.1.i586"
},
"product_reference": "kvm-1.4.2-32.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kvm-1.4.2-32.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kvm-1.4.2-32.1.s390x"
},
"product_reference": "kvm-1.4.2-32.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kvm-1.4.2-32.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:kvm-1.4.2-32.1.x86_64"
},
"product_reference": "kvm-1.4.2-32.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-5154",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-5154"
}
],
"notes": [
{
"category": "general",
"text": "Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 11 SP4:kvm-1.4.2-32.1.i586",
"SUSE Linux Enterprise Desktop 11 SP4:kvm-1.4.2-32.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:kvm-1.4.2-32.1.i586",
"SUSE Linux Enterprise Server 11 SP4:kvm-1.4.2-32.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:kvm-1.4.2-32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:kvm-1.4.2-32.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:kvm-1.4.2-32.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:kvm-1.4.2-32.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-5154",
"url": "https://www.suse.com/security/cve/CVE-2015-5154"
},
{
"category": "external",
"summary": "SUSE Bug 938344 for CVE-2015-5154",
"url": "https://bugzilla.suse.com/938344"
},
{
"category": "external",
"summary": "SUSE Bug 950367 for CVE-2015-5154",
"url": "https://bugzilla.suse.com/950367"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 11 SP4:kvm-1.4.2-32.1.i586",
"SUSE Linux Enterprise Desktop 11 SP4:kvm-1.4.2-32.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:kvm-1.4.2-32.1.i586",
"SUSE Linux Enterprise Server 11 SP4:kvm-1.4.2-32.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:kvm-1.4.2-32.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:kvm-1.4.2-32.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:kvm-1.4.2-32.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:kvm-1.4.2-32.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2015-07-17T09:41:05Z",
"details": "important"
}
],
"title": "CVE-2015-5154"
}
]
}
SUSE-SU-2015:1472-1
Vulnerability from csaf_suse - Published: 2015-08-21 17:14 - Updated: 2015-08-21 17:14Summary
Security update for kvm
Severity
Important
Notes
Title of the patch: Security update for kvm
Description of the patch: kvm was updated to fix one security issue.
This security issue was fixed:
- CVE-2015-5154: Host code execution via IDE subsystem CD-ROM (bsc#938344).
Patchnames: sledsp3-kvm-12062,slessp3-kvm-12062
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Desktop 11 SP3:kvm-1.4.2-0.22.34.3.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 11 SP3:kvm-1.4.2-0.22.34.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-0.22.34.3.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-0.22.34.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-0.22.34.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3:kvm-1.4.2-0.22.34.3.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3:kvm-1.4.2-0.22.34.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3:kvm-1.4.2-0.22.34.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP3:kvm-1.4.2-0.22.34.3.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP3:kvm-1.4.2-0.22.34.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP3:kvm-1.4.2-0.22.34.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
9 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for kvm",
"title": "Title of the patch"
},
{
"category": "description",
"text": "kvm was updated to fix one security issue.\n\nThis security issue was fixed:\n- CVE-2015-5154: Host code execution via IDE subsystem CD-ROM (bsc#938344).\n ",
"title": "Description of the patch"
},
{
"category": "details",
"text": "sledsp3-kvm-12062,slessp3-kvm-12062",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2015_1472-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2015:1472-1",
"url": "https://www.suse.com/support/update/announcement/2015/suse-su-20151472-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2015:1472-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2015-September/001559.html"
},
{
"category": "self",
"summary": "SUSE Bug 938344",
"url": "https://bugzilla.suse.com/938344"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-5154 page",
"url": "https://www.suse.com/security/cve/CVE-2015-5154/"
}
],
"title": "Security update for kvm",
"tracking": {
"current_release_date": "2015-08-21T17:14:50Z",
"generator": {
"date": "2015-08-21T17:14:50Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2015:1472-1",
"initial_release_date": "2015-08-21T17:14:50Z",
"revision_history": [
{
"date": "2015-08-21T17:14:50Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kvm-1.4.2-0.22.34.3.i586",
"product": {
"name": "kvm-1.4.2-0.22.34.3.i586",
"product_id": "kvm-1.4.2-0.22.34.3.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "kvm-1.4.2-0.22.34.3.s390x",
"product": {
"name": "kvm-1.4.2-0.22.34.3.s390x",
"product_id": "kvm-1.4.2-0.22.34.3.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kvm-1.4.2-0.22.34.3.x86_64",
"product": {
"name": "kvm-1.4.2-0.22.34.3.x86_64",
"product_id": "kvm-1.4.2-0.22.34.3.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Desktop 11 SP3",
"product": {
"name": "SUSE Linux Enterprise Desktop 11 SP3",
"product_id": "SUSE Linux Enterprise Desktop 11 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_sled:11:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 11 SP3",
"product": {
"name": "SUSE Linux Enterprise Server 11 SP3",
"product_id": "SUSE Linux Enterprise Server 11 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_sles:11:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product": {
"name": "SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:11:sp3:teradata"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 11 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 11 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:11:sp3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kvm-1.4.2-0.22.34.3.i586 as component of SUSE Linux Enterprise Desktop 11 SP3",
"product_id": "SUSE Linux Enterprise Desktop 11 SP3:kvm-1.4.2-0.22.34.3.i586"
},
"product_reference": "kvm-1.4.2-0.22.34.3.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kvm-1.4.2-0.22.34.3.x86_64 as component of SUSE Linux Enterprise Desktop 11 SP3",
"product_id": "SUSE Linux Enterprise Desktop 11 SP3:kvm-1.4.2-0.22.34.3.x86_64"
},
"product_reference": "kvm-1.4.2-0.22.34.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kvm-1.4.2-0.22.34.3.i586 as component of SUSE Linux Enterprise Server 11 SP3",
"product_id": "SUSE Linux Enterprise Server 11 SP3:kvm-1.4.2-0.22.34.3.i586"
},
"product_reference": "kvm-1.4.2-0.22.34.3.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kvm-1.4.2-0.22.34.3.s390x as component of SUSE Linux Enterprise Server 11 SP3",
"product_id": "SUSE Linux Enterprise Server 11 SP3:kvm-1.4.2-0.22.34.3.s390x"
},
"product_reference": "kvm-1.4.2-0.22.34.3.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kvm-1.4.2-0.22.34.3.x86_64 as component of SUSE Linux Enterprise Server 11 SP3",
"product_id": "SUSE Linux Enterprise Server 11 SP3:kvm-1.4.2-0.22.34.3.x86_64"
},
"product_reference": "kvm-1.4.2-0.22.34.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kvm-1.4.2-0.22.34.3.i586 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-0.22.34.3.i586"
},
"product_reference": "kvm-1.4.2-0.22.34.3.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kvm-1.4.2-0.22.34.3.s390x as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-0.22.34.3.s390x"
},
"product_reference": "kvm-1.4.2-0.22.34.3.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kvm-1.4.2-0.22.34.3.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-0.22.34.3.x86_64"
},
"product_reference": "kvm-1.4.2-0.22.34.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kvm-1.4.2-0.22.34.3.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP3:kvm-1.4.2-0.22.34.3.i586"
},
"product_reference": "kvm-1.4.2-0.22.34.3.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kvm-1.4.2-0.22.34.3.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP3:kvm-1.4.2-0.22.34.3.s390x"
},
"product_reference": "kvm-1.4.2-0.22.34.3.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kvm-1.4.2-0.22.34.3.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP3:kvm-1.4.2-0.22.34.3.x86_64"
},
"product_reference": "kvm-1.4.2-0.22.34.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-5154",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-5154"
}
],
"notes": [
{
"category": "general",
"text": "Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 11 SP3:kvm-1.4.2-0.22.34.3.i586",
"SUSE Linux Enterprise Desktop 11 SP3:kvm-1.4.2-0.22.34.3.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-0.22.34.3.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-0.22.34.3.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-0.22.34.3.x86_64",
"SUSE Linux Enterprise Server 11 SP3:kvm-1.4.2-0.22.34.3.i586",
"SUSE Linux Enterprise Server 11 SP3:kvm-1.4.2-0.22.34.3.s390x",
"SUSE Linux Enterprise Server 11 SP3:kvm-1.4.2-0.22.34.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:kvm-1.4.2-0.22.34.3.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:kvm-1.4.2-0.22.34.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:kvm-1.4.2-0.22.34.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-5154",
"url": "https://www.suse.com/security/cve/CVE-2015-5154"
},
{
"category": "external",
"summary": "SUSE Bug 938344 for CVE-2015-5154",
"url": "https://bugzilla.suse.com/938344"
},
{
"category": "external",
"summary": "SUSE Bug 950367 for CVE-2015-5154",
"url": "https://bugzilla.suse.com/950367"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 11 SP3:kvm-1.4.2-0.22.34.3.i586",
"SUSE Linux Enterprise Desktop 11 SP3:kvm-1.4.2-0.22.34.3.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-0.22.34.3.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-0.22.34.3.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-0.22.34.3.x86_64",
"SUSE Linux Enterprise Server 11 SP3:kvm-1.4.2-0.22.34.3.i586",
"SUSE Linux Enterprise Server 11 SP3:kvm-1.4.2-0.22.34.3.s390x",
"SUSE Linux Enterprise Server 11 SP3:kvm-1.4.2-0.22.34.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:kvm-1.4.2-0.22.34.3.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:kvm-1.4.2-0.22.34.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:kvm-1.4.2-0.22.34.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2015-08-21T17:14:50Z",
"details": "important"
}
],
"title": "CVE-2015-5154"
}
]
}
SUSE-SU-2015:1479-1
Vulnerability from csaf_suse - Published: 2015-08-11 14:48 - Updated: 2015-08-11 14:48Summary
Security update for xen
Severity
Important
Notes
Title of the patch: Security update for xen
Description of the patch:
xen was updated to fix the following security issues:
* CVE-2015-5165: QEMU leak of uninitialized heap memory in rtl8139 device model (bsc#939712, XSA-140)
* CVE-2015-5166: Use after free in QEMU/Xen block unplug protocol (bsc#939709, XSA-139)
* CVE-2015-2751: Certain domctl operations could have be used to lock up the host (bsc#922709, XSA-127)
* CVE-2015-3259: xl command line config handling stack overflow (bsc#935634, XSA-137)
* CVE-2015-4164: DoS through iret hypercall handler (bsc#932996, XSA-136)
* CVE-2015-5154: Host code execution via IDE subsystem CD-ROM (bsc#938344)
Patchnames: sdksp3-xen-12066,sledsp3-xen-12066,slessp3-xen-12066
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
50 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Desktop 11 SP3:xen-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 11 SP3:xen-libs-4.2.5_12-15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 11 SP3:xen-libs-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 11 SP3:xen-tools-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-doc-html-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-doc-pdf-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-libs-32bit-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-libs-4.2.5_12-15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-libs-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-tools-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-tools-domU-4.2.5_12-15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-tools-domU-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3:xen-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3:xen-libs-4.2.5_12-15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3:xen-libs-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3:xen-tools-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-libs-4.2.5_12-15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-libs-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-tools-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP3:xen-devel-4.2.5_12-15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP3:xen-devel-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
50 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Desktop 11 SP3:xen-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 11 SP3:xen-libs-4.2.5_12-15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 11 SP3:xen-libs-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 11 SP3:xen-tools-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-doc-html-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-doc-pdf-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-libs-32bit-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-libs-4.2.5_12-15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-libs-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-tools-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-tools-domU-4.2.5_12-15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-tools-domU-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3:xen-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3:xen-libs-4.2.5_12-15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3:xen-libs-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3:xen-tools-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-libs-4.2.5_12-15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-libs-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-tools-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP3:xen-devel-4.2.5_12-15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP3:xen-devel-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
50 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Desktop 11 SP3:xen-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 11 SP3:xen-libs-4.2.5_12-15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 11 SP3:xen-libs-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 11 SP3:xen-tools-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-doc-html-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-doc-pdf-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-libs-32bit-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-libs-4.2.5_12-15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-libs-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-tools-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-tools-domU-4.2.5_12-15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-tools-domU-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3:xen-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3:xen-libs-4.2.5_12-15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3:xen-libs-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3:xen-tools-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-libs-4.2.5_12-15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-libs-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-tools-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP3:xen-devel-4.2.5_12-15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP3:xen-devel-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
50 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Desktop 11 SP3:xen-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 11 SP3:xen-libs-4.2.5_12-15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 11 SP3:xen-libs-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 11 SP3:xen-tools-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-doc-html-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-doc-pdf-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-libs-32bit-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-libs-4.2.5_12-15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-libs-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-tools-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-tools-domU-4.2.5_12-15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-tools-domU-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3:xen-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3:xen-libs-4.2.5_12-15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3:xen-libs-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3:xen-tools-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-libs-4.2.5_12-15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-libs-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-tools-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP3:xen-devel-4.2.5_12-15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP3:xen-devel-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.5 (Medium)
Affected products
Recommended
50 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Desktop 11 SP3:xen-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 11 SP3:xen-libs-4.2.5_12-15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 11 SP3:xen-libs-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 11 SP3:xen-tools-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-doc-html-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-doc-pdf-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-libs-32bit-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-libs-4.2.5_12-15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-libs-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-tools-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-tools-domU-4.2.5_12-15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-tools-domU-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3:xen-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3:xen-libs-4.2.5_12-15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3:xen-libs-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3:xen-tools-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-libs-4.2.5_12-15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-libs-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-tools-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP3:xen-devel-4.2.5_12-15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP3:xen-devel-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
50 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Desktop 11 SP3:xen-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 11 SP3:xen-libs-4.2.5_12-15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 11 SP3:xen-libs-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 11 SP3:xen-tools-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-doc-html-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-doc-pdf-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-libs-32bit-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-libs-4.2.5_12-15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-libs-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-tools-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-tools-domU-4.2.5_12-15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-tools-domU-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3:xen-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3:xen-libs-4.2.5_12-15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3:xen-libs-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3:xen-tools-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-libs-4.2.5_12-15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-libs-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-tools-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP3:xen-devel-4.2.5_12-15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP3:xen-devel-4.2.5_12-15.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
36 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for xen",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nxen was updated to fix the following security issues:\n\n* CVE-2015-5165: QEMU leak of uninitialized heap memory in rtl8139 device model (bsc#939712, XSA-140)\n* CVE-2015-5166: Use after free in QEMU/Xen block unplug protocol (bsc#939709, XSA-139)\n* CVE-2015-2751: Certain domctl operations could have be used to lock up the host (bsc#922709, XSA-127)\n* CVE-2015-3259: xl command line config handling stack overflow (bsc#935634, XSA-137)\n* CVE-2015-4164: DoS through iret hypercall handler (bsc#932996, XSA-136)\n* CVE-2015-5154: Host code execution via IDE subsystem CD-ROM (bsc#938344)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "sdksp3-xen-12066,sledsp3-xen-12066,slessp3-xen-12066",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2015_1479-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2015:1479-1",
"url": "https://www.suse.com/support/update/announcement/2015/suse-su-20151479-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2015:1479-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2015-September/001564.html"
},
{
"category": "self",
"summary": "SUSE Bug 922709",
"url": "https://bugzilla.suse.com/922709"
},
{
"category": "self",
"summary": "SUSE Bug 932996",
"url": "https://bugzilla.suse.com/932996"
},
{
"category": "self",
"summary": "SUSE Bug 935634",
"url": "https://bugzilla.suse.com/935634"
},
{
"category": "self",
"summary": "SUSE Bug 938344",
"url": "https://bugzilla.suse.com/938344"
},
{
"category": "self",
"summary": "SUSE Bug 939709",
"url": "https://bugzilla.suse.com/939709"
},
{
"category": "self",
"summary": "SUSE Bug 939712",
"url": "https://bugzilla.suse.com/939712"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-2751 page",
"url": "https://www.suse.com/security/cve/CVE-2015-2751/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-3259 page",
"url": "https://www.suse.com/security/cve/CVE-2015-3259/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-4164 page",
"url": "https://www.suse.com/security/cve/CVE-2015-4164/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-5154 page",
"url": "https://www.suse.com/security/cve/CVE-2015-5154/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-5165 page",
"url": "https://www.suse.com/security/cve/CVE-2015-5165/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-5166 page",
"url": "https://www.suse.com/security/cve/CVE-2015-5166/"
}
],
"title": "Security update for xen",
"tracking": {
"current_release_date": "2015-08-11T14:48:22Z",
"generator": {
"date": "2015-08-11T14:48:22Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2015:1479-1",
"initial_release_date": "2015-08-11T14:48:22Z",
"revision_history": [
{
"date": "2015-08-11T14:48:22Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "xen-devel-4.2.5_12-15.1.i586",
"product": {
"name": "xen-devel-4.2.5_12-15.1.i586",
"product_id": "xen-devel-4.2.5_12-15.1.i586"
}
},
{
"category": "product_version",
"name": "xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"product": {
"name": "xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"product_id": "xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586"
}
},
{
"category": "product_version",
"name": "xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"product": {
"name": "xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"product_id": "xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586"
}
},
{
"category": "product_version",
"name": "xen-libs-4.2.5_12-15.1.i586",
"product": {
"name": "xen-libs-4.2.5_12-15.1.i586",
"product_id": "xen-libs-4.2.5_12-15.1.i586"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.2.5_12-15.1.i586",
"product": {
"name": "xen-tools-domU-4.2.5_12-15.1.i586",
"product_id": "xen-tools-domU-4.2.5_12-15.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-devel-4.2.5_12-15.1.x86_64",
"product": {
"name": "xen-devel-4.2.5_12-15.1.x86_64",
"product_id": "xen-devel-4.2.5_12-15.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-4.2.5_12-15.1.x86_64",
"product": {
"name": "xen-4.2.5_12-15.1.x86_64",
"product_id": "xen-4.2.5_12-15.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.2.5_12-15.1.x86_64",
"product": {
"name": "xen-doc-html-4.2.5_12-15.1.x86_64",
"product_id": "xen-doc-html-4.2.5_12-15.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-doc-pdf-4.2.5_12-15.1.x86_64",
"product": {
"name": "xen-doc-pdf-4.2.5_12-15.1.x86_64",
"product_id": "xen-doc-pdf-4.2.5_12-15.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"product": {
"name": "xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"product_id": "xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.2.5_12-15.1.x86_64",
"product": {
"name": "xen-libs-4.2.5_12-15.1.x86_64",
"product_id": "xen-libs-4.2.5_12-15.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-32bit-4.2.5_12-15.1.x86_64",
"product": {
"name": "xen-libs-32bit-4.2.5_12-15.1.x86_64",
"product_id": "xen-libs-32bit-4.2.5_12-15.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.2.5_12-15.1.x86_64",
"product": {
"name": "xen-tools-4.2.5_12-15.1.x86_64",
"product_id": "xen-tools-4.2.5_12-15.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.2.5_12-15.1.x86_64",
"product": {
"name": "xen-tools-domU-4.2.5_12-15.1.x86_64",
"product_id": "xen-tools-domU-4.2.5_12-15.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 11 SP3",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 11 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP3",
"product_identification_helper": {
"cpe": "cpe:/a:suse:sle-sdk:11:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Desktop 11 SP3",
"product": {
"name": "SUSE Linux Enterprise Desktop 11 SP3",
"product_id": "SUSE Linux Enterprise Desktop 11 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_sled:11:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 11 SP3",
"product": {
"name": "SUSE Linux Enterprise Server 11 SP3",
"product_id": "SUSE Linux Enterprise Server 11 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_sles:11:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product": {
"name": "SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:11:sp3:teradata"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 11 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 11 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:11:sp3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.2.5_12-15.1.i586 as component of SUSE Linux Enterprise Software Development Kit 11 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP3:xen-devel-4.2.5_12-15.1.i586"
},
"product_reference": "xen-devel-4.2.5_12-15.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.2.5_12-15.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 11 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP3:xen-devel-4.2.5_12-15.1.x86_64"
},
"product_reference": "xen-devel-4.2.5_12-15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.2.5_12-15.1.x86_64 as component of SUSE Linux Enterprise Desktop 11 SP3",
"product_id": "SUSE Linux Enterprise Desktop 11 SP3:xen-4.2.5_12-15.1.x86_64"
},
"product_reference": "xen-4.2.5_12-15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.2.5_12-15.1.x86_64 as component of SUSE Linux Enterprise Desktop 11 SP3",
"product_id": "SUSE Linux Enterprise Desktop 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64"
},
"product_reference": "xen-doc-html-4.2.5_12-15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-pdf-4.2.5_12-15.1.x86_64 as component of SUSE Linux Enterprise Desktop 11 SP3",
"product_id": "SUSE Linux Enterprise Desktop 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64"
},
"product_reference": "xen-doc-pdf-4.2.5_12-15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586 as component of SUSE Linux Enterprise Desktop 11 SP3",
"product_id": "SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586"
},
"product_reference": "xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64 as component of SUSE Linux Enterprise Desktop 11 SP3",
"product_id": "SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64"
},
"product_reference": "xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586 as component of SUSE Linux Enterprise Desktop 11 SP3",
"product_id": "SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586"
},
"product_reference": "xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.2.5_12-15.1.i586 as component of SUSE Linux Enterprise Desktop 11 SP3",
"product_id": "SUSE Linux Enterprise Desktop 11 SP3:xen-libs-4.2.5_12-15.1.i586"
},
"product_reference": "xen-libs-4.2.5_12-15.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.2.5_12-15.1.x86_64 as component of SUSE Linux Enterprise Desktop 11 SP3",
"product_id": "SUSE Linux Enterprise Desktop 11 SP3:xen-libs-4.2.5_12-15.1.x86_64"
},
"product_reference": "xen-libs-4.2.5_12-15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.2.5_12-15.1.x86_64 as component of SUSE Linux Enterprise Desktop 11 SP3",
"product_id": "SUSE Linux Enterprise Desktop 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64"
},
"product_reference": "xen-libs-32bit-4.2.5_12-15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.2.5_12-15.1.x86_64 as component of SUSE Linux Enterprise Desktop 11 SP3",
"product_id": "SUSE Linux Enterprise Desktop 11 SP3:xen-tools-4.2.5_12-15.1.x86_64"
},
"product_reference": "xen-tools-4.2.5_12-15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.2.5_12-15.1.i586 as component of SUSE Linux Enterprise Desktop 11 SP3",
"product_id": "SUSE Linux Enterprise Desktop 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586"
},
"product_reference": "xen-tools-domU-4.2.5_12-15.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.2.5_12-15.1.x86_64 as component of SUSE Linux Enterprise Desktop 11 SP3",
"product_id": "SUSE Linux Enterprise Desktop 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64"
},
"product_reference": "xen-tools-domU-4.2.5_12-15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.2.5_12-15.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3",
"product_id": "SUSE Linux Enterprise Server 11 SP3:xen-4.2.5_12-15.1.x86_64"
},
"product_reference": "xen-4.2.5_12-15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.2.5_12-15.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3",
"product_id": "SUSE Linux Enterprise Server 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64"
},
"product_reference": "xen-doc-html-4.2.5_12-15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-pdf-4.2.5_12-15.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3",
"product_id": "SUSE Linux Enterprise Server 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64"
},
"product_reference": "xen-doc-pdf-4.2.5_12-15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586 as component of SUSE Linux Enterprise Server 11 SP3",
"product_id": "SUSE Linux Enterprise Server 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586"
},
"product_reference": "xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3",
"product_id": "SUSE Linux Enterprise Server 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64"
},
"product_reference": "xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586 as component of SUSE Linux Enterprise Server 11 SP3",
"product_id": "SUSE Linux Enterprise Server 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586"
},
"product_reference": "xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.2.5_12-15.1.i586 as component of SUSE Linux Enterprise Server 11 SP3",
"product_id": "SUSE Linux Enterprise Server 11 SP3:xen-libs-4.2.5_12-15.1.i586"
},
"product_reference": "xen-libs-4.2.5_12-15.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.2.5_12-15.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3",
"product_id": "SUSE Linux Enterprise Server 11 SP3:xen-libs-4.2.5_12-15.1.x86_64"
},
"product_reference": "xen-libs-4.2.5_12-15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.2.5_12-15.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3",
"product_id": "SUSE Linux Enterprise Server 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64"
},
"product_reference": "xen-libs-32bit-4.2.5_12-15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.2.5_12-15.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3",
"product_id": "SUSE Linux Enterprise Server 11 SP3:xen-tools-4.2.5_12-15.1.x86_64"
},
"product_reference": "xen-tools-4.2.5_12-15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.2.5_12-15.1.i586 as component of SUSE Linux Enterprise Server 11 SP3",
"product_id": "SUSE Linux Enterprise Server 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586"
},
"product_reference": "xen-tools-domU-4.2.5_12-15.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.2.5_12-15.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3",
"product_id": "SUSE Linux Enterprise Server 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64"
},
"product_reference": "xen-tools-domU-4.2.5_12-15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.2.5_12-15.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-4.2.5_12-15.1.x86_64"
},
"product_reference": "xen-4.2.5_12-15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.2.5_12-15.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-doc-html-4.2.5_12-15.1.x86_64"
},
"product_reference": "xen-doc-html-4.2.5_12-15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-pdf-4.2.5_12-15.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-doc-pdf-4.2.5_12-15.1.x86_64"
},
"product_reference": "xen-doc-pdf-4.2.5_12-15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586"
},
"product_reference": "xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64"
},
"product_reference": "xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586"
},
"product_reference": "xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.2.5_12-15.1.i586 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-libs-4.2.5_12-15.1.i586"
},
"product_reference": "xen-libs-4.2.5_12-15.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.2.5_12-15.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-libs-4.2.5_12-15.1.x86_64"
},
"product_reference": "xen-libs-4.2.5_12-15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.2.5_12-15.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-libs-32bit-4.2.5_12-15.1.x86_64"
},
"product_reference": "xen-libs-32bit-4.2.5_12-15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.2.5_12-15.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-tools-4.2.5_12-15.1.x86_64"
},
"product_reference": "xen-tools-4.2.5_12-15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.2.5_12-15.1.i586 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-tools-domU-4.2.5_12-15.1.i586"
},
"product_reference": "xen-tools-domU-4.2.5_12-15.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.2.5_12-15.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-tools-domU-4.2.5_12-15.1.x86_64"
},
"product_reference": "xen-tools-domU-4.2.5_12-15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.2.5_12-15.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-4.2.5_12-15.1.x86_64"
},
"product_reference": "xen-4.2.5_12-15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.2.5_12-15.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64"
},
"product_reference": "xen-doc-html-4.2.5_12-15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-pdf-4.2.5_12-15.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64"
},
"product_reference": "xen-doc-pdf-4.2.5_12-15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586"
},
"product_reference": "xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64"
},
"product_reference": "xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586"
},
"product_reference": "xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.2.5_12-15.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-libs-4.2.5_12-15.1.i586"
},
"product_reference": "xen-libs-4.2.5_12-15.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.2.5_12-15.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-libs-4.2.5_12-15.1.x86_64"
},
"product_reference": "xen-libs-4.2.5_12-15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.2.5_12-15.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64"
},
"product_reference": "xen-libs-32bit-4.2.5_12-15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.2.5_12-15.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-tools-4.2.5_12-15.1.x86_64"
},
"product_reference": "xen-tools-4.2.5_12-15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.2.5_12-15.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586"
},
"product_reference": "xen-tools-domU-4.2.5_12-15.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.2.5_12-15.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64"
},
"product_reference": "xen-tools-domU-4.2.5_12-15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-2751",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-2751"
}
],
"notes": [
{
"category": "general",
"text": "Xen 4.3.x, 4.4.x, and 4.5.x, when using toolstack disaggregation, allows remote domains with partial management control to cause a denial of service (host lock) via unspecified domctl operations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 11 SP3:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-tools-domU-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP3:xen-devel-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP3:xen-devel-4.2.5_12-15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-2751",
"url": "https://www.suse.com/security/cve/CVE-2015-2751"
},
{
"category": "external",
"summary": "SUSE Bug 922709 for CVE-2015-2751",
"url": "https://bugzilla.suse.com/922709"
},
{
"category": "external",
"summary": "SUSE Bug 950367 for CVE-2015-2751",
"url": "https://bugzilla.suse.com/950367"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 11 SP3:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-tools-domU-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP3:xen-devel-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP3:xen-devel-4.2.5_12-15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2015-08-11T14:48:22Z",
"details": "important"
}
],
"title": "CVE-2015-2751"
},
{
"cve": "CVE-2015-3259",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-3259"
}
],
"notes": [
{
"category": "general",
"text": "Stack-based buffer overflow in the xl command line utility in Xen 4.1.x through 4.5.x allows local guest administrators to gain privileges via a long configuration argument.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 11 SP3:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-tools-domU-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP3:xen-devel-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP3:xen-devel-4.2.5_12-15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-3259",
"url": "https://www.suse.com/security/cve/CVE-2015-3259"
},
{
"category": "external",
"summary": "SUSE Bug 935634 for CVE-2015-3259",
"url": "https://bugzilla.suse.com/935634"
},
{
"category": "external",
"summary": "SUSE Bug 936281 for CVE-2015-3259",
"url": "https://bugzilla.suse.com/936281"
},
{
"category": "external",
"summary": "SUSE Bug 937018 for CVE-2015-3259",
"url": "https://bugzilla.suse.com/937018"
},
{
"category": "external",
"summary": "SUSE Bug 950367 for CVE-2015-3259",
"url": "https://bugzilla.suse.com/950367"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 11 SP3:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-tools-domU-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP3:xen-devel-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP3:xen-devel-4.2.5_12-15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2015-08-11T14:48:22Z",
"details": "moderate"
}
],
"title": "CVE-2015-3259"
},
{
"cve": "CVE-2015-4164",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-4164"
}
],
"notes": [
{
"category": "general",
"text": "The compat_iret function in Xen 3.1 through 4.5 iterates the wrong way through a loop, which allows local 32-bit PV guest administrators to cause a denial of service (large loop and system hang) via a hypercall_iret call with EFLAGS.VM set.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 11 SP3:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-tools-domU-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP3:xen-devel-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP3:xen-devel-4.2.5_12-15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-4164",
"url": "https://www.suse.com/security/cve/CVE-2015-4164"
},
{
"category": "external",
"summary": "SUSE Bug 932996 for CVE-2015-4164",
"url": "https://bugzilla.suse.com/932996"
},
{
"category": "external",
"summary": "SUSE Bug 950367 for CVE-2015-4164",
"url": "https://bugzilla.suse.com/950367"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 11 SP3:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-tools-domU-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP3:xen-devel-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP3:xen-devel-4.2.5_12-15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2015-08-11T14:48:22Z",
"details": "moderate"
}
],
"title": "CVE-2015-4164"
},
{
"cve": "CVE-2015-5154",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-5154"
}
],
"notes": [
{
"category": "general",
"text": "Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 11 SP3:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-tools-domU-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP3:xen-devel-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP3:xen-devel-4.2.5_12-15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-5154",
"url": "https://www.suse.com/security/cve/CVE-2015-5154"
},
{
"category": "external",
"summary": "SUSE Bug 938344 for CVE-2015-5154",
"url": "https://bugzilla.suse.com/938344"
},
{
"category": "external",
"summary": "SUSE Bug 950367 for CVE-2015-5154",
"url": "https://bugzilla.suse.com/950367"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 11 SP3:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-tools-domU-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP3:xen-devel-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP3:xen-devel-4.2.5_12-15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2015-08-11T14:48:22Z",
"details": "important"
}
],
"title": "CVE-2015-5154"
},
{
"cve": "CVE-2015-5165",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-5165"
}
],
"notes": [
{
"category": "general",
"text": "The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 11 SP3:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-tools-domU-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP3:xen-devel-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP3:xen-devel-4.2.5_12-15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-5165",
"url": "https://www.suse.com/security/cve/CVE-2015-5165"
},
{
"category": "external",
"summary": "SUSE Bug 939712 for CVE-2015-5165",
"url": "https://bugzilla.suse.com/939712"
},
{
"category": "external",
"summary": "SUSE Bug 950367 for CVE-2015-5165",
"url": "https://bugzilla.suse.com/950367"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 11 SP3:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-tools-domU-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP3:xen-devel-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP3:xen-devel-4.2.5_12-15.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Desktop 11 SP3:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-tools-domU-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP3:xen-devel-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP3:xen-devel-4.2.5_12-15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2015-08-11T14:48:22Z",
"details": "moderate"
}
],
"title": "CVE-2015-5165"
},
{
"cve": "CVE-2015-5166",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-5166"
}
],
"notes": [
{
"category": "general",
"text": "Use-after-free vulnerability in QEMU in Xen 4.5.x and earlier does not completely unplug emulated block devices, which allows local HVM guest users to gain privileges by unplugging a block device twice.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 11 SP3:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-tools-domU-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP3:xen-devel-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP3:xen-devel-4.2.5_12-15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-5166",
"url": "https://www.suse.com/security/cve/CVE-2015-5166"
},
{
"category": "external",
"summary": "SUSE Bug 939709 for CVE-2015-5166",
"url": "https://bugzilla.suse.com/939709"
},
{
"category": "external",
"summary": "SUSE Bug 950367 for CVE-2015-5166",
"url": "https://bugzilla.suse.com/950367"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 11 SP3:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Desktop 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:xen-tools-domU-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-doc-html-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-doc-pdf-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-libs-32bit-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-libs-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-libs-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-tools-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-tools-domU-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:xen-tools-domU-4.2.5_12-15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP3:xen-devel-4.2.5_12-15.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP3:xen-devel-4.2.5_12-15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2015-08-11T14:48:22Z",
"details": "important"
}
],
"title": "CVE-2015-5166"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…