Xen was updated to fix the following vulnerabilities:
* CVE-2014-0222: Qcow1 L2 table size integer overflows (bsc#877642)
* CVE-2015-4037: Insecure temporary file use in /net/slirp.c
(bsc#932267)
* CVE-2015-5239: Integer overflow in vnc_client_read() and
protocol_client_msg() (bsc#944463)
* CVE-2015-7504: Heap buffer overflow vulnerability in pcnet emulator
(XSA-162, bsc#956411)
* CVE-2015-7971: Some pmu and profiling hypercalls log without rate
limiting (XSA-152, bsc#950706)
* CVE-2015-8104: Guest to host DoS by triggering an infinite loop in
microcode via #DB exception (bsc#954405)
* CVE-2015-5307: Guest to host DOS by intercepting #AC (XSA-156,
bsc#953527)
* CVE-2015-8339: XENMEM_exchange error handling issues (XSA-159,
bsc#956408)
* CVE-2015-8340: XENMEM_exchange error handling issues (XSA-159,
bsc#956408)
* CVE-2015-7512: Buffer overflow in pcnet's non-loopback mode
(bsc#962360)
* CVE-2015-8550: Paravirtualized drivers incautious about shared
memory contents (XSA-155, bsc#957988)
* CVE-2015-8504: Avoid floating point exception in vnc support
(bsc#958493)
* CVE-2015-8555: Information leak in legacy x86 FPU/XMM initialization
(XSA-165, bsc#958009)
* Ioreq handling possibly susceptible to multiple read issue (XSA-166,
bsc#958523)
Security Issues:
* CVE-2014-0222
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0222">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0222</a>>
* CVE-2015-4037
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4037">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4037</a>>
* CVE-2015-5239
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5239">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5239</a>>
* CVE-2015-7504
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7504">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7504</a>>
* CVE-2015-7971
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7971">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7971</a>>
* CVE-2015-8104
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8104">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8104</a>>
* CVE-2015-5307
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5307">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5307</a>>
* CVE-2015-8339
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8339">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8339</a>>
* CVE-2015-8340
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8340">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8340</a>>
* CVE-2015-7512
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7512">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7512</a>>
* CVE-2015-8550
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8550">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8550</a>>
* CVE-2015-8504
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8504">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8504</a>>
* CVE-2015-8555
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8555">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8555</a>>
bugzilla.suse.com/877642
bugzilla.suse.com/932267
bugzilla.suse.com/944463
bugzilla.suse.com/950706
bugzilla.suse.com/953527
bugzilla.suse.com/954405
bugzilla.suse.com/956408
bugzilla.suse.com/956411
bugzilla.suse.com/957988
bugzilla.suse.com/958009
bugzilla.suse.com/958493
bugzilla.suse.com/958523
bugzilla.suse.com/962360
download.suse.com/patch/finder/?keywords=085198b0d3665c1af17df9c5dcb0be80