openSUSE Security Update : xen (openSUSE-2015-391) (Venom)
High Nessus Plugin ID 83965
SynopsisThe remote openSUSE host is missing a security update.
DescriptionThe XEN hypervisor was updated to fix two security issues :
- Fixed a buffer overflow in the floppy drive emulation, which could be used to denial of service attacks or potential code execution against the host.
- Xen did not initialize certain fields, which allowed certain remote service domains to obtain sensitive information from memory via a (1) XEN_DOMCTL_gettscinfo or (2) XEN_SYSCTL_getdomaininfolist request.
SolutionUpdate the affected xen packages.