{"affected":[{"ecosystem_specific":{"binaries":[{"xen":"4.2.5_12-15.1","xen-doc-html":"4.2.5_12-15.1","xen-doc-pdf":"4.2.5_12-15.1","xen-kmp-default":"4.2.5_12_3.0.101_0.47.55-15.1","xen-kmp-pae":"4.2.5_12_3.0.101_0.47.55-15.1","xen-libs":"4.2.5_12-15.1","xen-libs-32bit":"4.2.5_12-15.1","xen-tools":"4.2.5_12-15.1","xen-tools-domU":"4.2.5_12-15.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Desktop 11 SP3","name":"xen","purl":"pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Desktop%2011%20SP3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.2.5_12-15.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"\nxen was updated to fix the following security issues:\n\n* CVE-2015-5165: QEMU leak of uninitialized heap memory in rtl8139 device model (bsc#939712, XSA-140)\n* CVE-2015-5166: Use after free in QEMU/Xen block unplug protocol (bsc#939709, XSA-139)\n* CVE-2015-2751: Certain domctl operations could have be used to lock up the host (bsc#922709, XSA-127)\n* CVE-2015-3259: xl command line config handling stack overflow (bsc#935634, XSA-137)\n* CVE-2015-4164: DoS through iret hypercall handler (bsc#932996, XSA-136)\n* CVE-2015-5154: Host code execution via IDE subsystem CD-ROM (bsc#938344)\n","id":"SUSE-SU-2015:1479-2","modified":"2015-08-11T14:48:25Z","published":"2015-08-11T14:48:25Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2015/suse-su-20151479-2/"},{"type":"REPORT","url":"https://bugzilla.suse.com/922709"},{"type":"REPORT","url":"https://bugzilla.suse.com/932996"},{"type":"REPORT","url":"https://bugzilla.suse.com/935634"},{"type":"REPORT","url":"https://bugzilla.suse.com/938344"},{"type":"REPORT","url":"https://bugzilla.suse.com/939709"},{"type":"REPORT","url":"https://bugzilla.suse.com/939712"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-2751"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-3259"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-4164"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-5154"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-5165"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-5166"}],"related":["CVE-2015-2751","CVE-2015-3259","CVE-2015-4164","CVE-2015-5154","CVE-2015-5165","CVE-2015-5166"],"summary":"Security update for xen","upstream":["CVE-2015-2751","CVE-2015-3259","CVE-2015-4164","CVE-2015-5154","CVE-2015-5165","CVE-2015-5166"]}