- bsc#960093 - VUL-0: CVE-2015-8615: xen: x86: unintentional

logging upon guest changing callback method (XSA-169) 5677f350-x86-make-debug-output-consistent-in-hvm_set_callback_via.patch - bsc#959387 - VUL-0: CVE-2015-8568 CVE-2015-8567: xen: qemu: net: vmxnet3: host memory leakage CVE-2015-8568-qemuu-net-vmxnet3-avoid-memory-leakage-in-activate_device.patch - bsc#957988 - VUL-0: CVE-2015-8550: xen: paravirtualized drivers incautious about shared memory contents (XSA-155) xsa155-xen-0001-xen-Add-RING_COPY_REQUEST.patch xsa155-xen-0002-blktap2-Use-RING_COPY_REQUEST.patch xsa155-xen-0003-libvchan-Read-prod-cons-only-once.patch xsa155-qemuu-qdisk-double-access.patch xsa155-qemut-qdisk-double-access.patch xsa155-qemuu-xenfb.patch xsa155-qemut-xenfb.patch - bsc#959006 - VUL-0: CVE-2015-8558: xen: qemu: usb: infinite loop in ehci_advance_state results in DoS CVE-2015-8558-qemuu-usb-infinite-loop-in-ehci_advance_state-results-in-DoS.patch - bsc#958918 - VUL-0: CVE-2015-7549: xen: qemu pci: null pointer dereference issue CVE-2015-7549-qemuu-pci-null-pointer-dereference-issue.patch - bsc#958493 - VUL-0: CVE-2015-8504: xen: qemu: ui: vnc: avoid floating point exception CVE-2015-8504-qemuu-vnc-avoid-floating-point-exception.patch CVE-2015-8504-qemut-vnc-avoid-floating-point-exception.patch - bsc#958007 - VUL-0: CVE-2015-8554: xen: qemu-dm buffer overrun in MSI-X handling (XSA-164) xsa164.patch OBS-URL: https://build.opensuse.org/package/show/Virtualization/xen?expand=0&rev=393
2016-01-04 22:25:00 +00:00
parent 881e6522ea
commit 8292994238
27 changed files with 1363 additions and 14 deletions
--- a/xen.changes
+++ b/xen.changes
@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Mon Jan  4 11:32:10 MST 2016 - carnold@suse.com
+
+- bsc#960093 - VUL-0: CVE-2015-8615: xen: x86: unintentional
+  logging upon guest changing callback method (XSA-169)
+  5677f350-x86-make-debug-output-consistent-in-hvm_set_callback_via.patch
+
 -------------------------------------------------------------------
 Mon Dec 21 09:09:55 UTC 2015 - ohering@suse.de

@@ -5,6 +12,79 @@ Mon Dec 21 09:09:55 UTC 2015 - ohering@suse.de
  instead of proc-xen.mount to workaround a bug in systemd "design"
  (bnc#959845)

+-------------------------------------------------------------------
+Wed Dec 16 12:16:21 MST 2015 - carnold@suse.com
+
+- bsc#959387 - VUL-0: CVE-2015-8568 CVE-2015-8567: xen: qemu: net:
+  vmxnet3: host memory leakage
+  CVE-2015-8568-qemuu-net-vmxnet3-avoid-memory-leakage-in-activate_device.patch
+
+-------------------------------------------------------------------
+Mon Dec 14 10:12:05 MST 2015 - carnold@suse.com
+
+- bsc#957988 - VUL-0: CVE-2015-8550: xen: paravirtualized drivers
+  incautious about shared memory contents (XSA-155)
+  xsa155-xen-0001-xen-Add-RING_COPY_REQUEST.patch
+  xsa155-xen-0002-blktap2-Use-RING_COPY_REQUEST.patch
+  xsa155-xen-0003-libvchan-Read-prod-cons-only-once.patch
+  xsa155-qemuu-qdisk-double-access.patch
+  xsa155-qemut-qdisk-double-access.patch
+  xsa155-qemuu-xenfb.patch
+  xsa155-qemut-xenfb.patch
+- bsc#959006 - VUL-0: CVE-2015-8558: xen: qemu: usb: infinite loop
+  in ehci_advance_state results in DoS
+  CVE-2015-8558-qemuu-usb-infinite-loop-in-ehci_advance_state-results-in-DoS.patch
+- bsc#958918 - VUL-0: CVE-2015-7549: xen: qemu pci: null pointer
+  dereference issue
+  CVE-2015-7549-qemuu-pci-null-pointer-dereference-issue.patch
+- bsc#958493 - VUL-0: CVE-2015-8504: xen: qemu: ui: vnc: avoid
+  floating point exception
+  CVE-2015-8504-qemuu-vnc-avoid-floating-point-exception.patch
+  CVE-2015-8504-qemut-vnc-avoid-floating-point-exception.patch
+- bsc#958007 - VUL-0: CVE-2015-8554: xen: qemu-dm buffer overrun in
+  MSI-X handling (XSA-164)
+  xsa164.patch
+- bsc#958009 - VUL-0: CVE-2015-8555: xen: information leak in
+  legacy x86 FPU/XMM initialization (XSA-165)
+  xsa165.patch
+- bsc#958523 - VUL-0: xen: ioreq handling possibly susceptible to
+  multiple read issue (XSA-166)
+  xsa166.patch
+
+-------------------------------------------------------------------
+Fri Nov 27 10:39:38 MST 2015 - carnold@suse.com
+
+- bsc#956832 - VUL-0: CVE-2015-8345: xen: qemu: net: eepro100:
+  infinite loop in processing command block list
+  CVE-2015-8345-qemuu-eepro100-infinite-loop-fix.patch
+  CVE-2015-8345-qemut-eepro100-infinite-loop-fix.patch
+- Upstream patches from Jan
+  56377442-x86-PoD-Make-p2m_pod_empty_cache-restartable.patch
+  5641ceec-x86-HVM-always-intercept-AC-and-DB.patch (Replaces CVE-2015-5307-xsa156.patch)
+  5644b756-x86-HVM-don-t-inject-DB-with-error-code.patch
+  56544a57-VMX-fix-adjust-trap-injection.patch
+  56546ab2-sched-fix-insert_vcpu-locking.patch
+
+-------------------------------------------------------------------
+Wed Nov 25 10:06:30 MST 2015 - carnold@suse.com
+
+- bsc#956592 - VUL-0: xen: virtual PMU is unsupported (XSA-163)
+  56549f24-x86-vPMU-document-as-unsupported.patch
+- bsc#956408 - VUL-0: CVE-2015-8339, CVE-2015-8340: xen:
+  XENMEM_exchange error handling issues (XSA-159)
+  xsa159.patch
+- bsc#956409 - VUL-0: CVE-2015-8341: xen: libxl leak of pv kernel
+  and initrd on error (XSA-160)
+  xsa160.patch
+- bsc#956411 - VUL-0: CVE-2015-7504: xen: heap buffer overflow
+  vulnerability in pcnet emulator (XSA-162)
+  xsa162-qemuu.patch
+  xsa162-qemut.patch
+- bsc#947165 - VUL-0: CVE-2015-7311: xen: libxl fails to honour
+  readonly flag on disks with qemu-xen (xsa-142)
+  5628fc67-libxl-No-emulated-disk-driver-for-xvdX-disk.patch
+  5649bcbe-libxl-relax-readonly-check-introduced-by-XSA-142-fix.patch
+
 -------------------------------------------------------------------
 Tue Nov 24 08:44:57 MST 2015 - carnold@suse.com