{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"moderate"},"category":"csaf_security_advisory","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"Security update for xen","title":"Title of the patch"},{"category":"description","text":"\n\nThis update fixes the following security issues:\n\n- bsc#956832 -  CVE-2015-8345: xen: qemu: net: eepro100:\n  infinite loop in processing command block list\n\n- bsc#956408 -  CVE-2015-8339, CVE-2015-8340: xen:\n  XENMEM_exchange error handling issues (XSA-159)\n  xsa159.patch\n- bsc#956411 -  CVE-2015-7504: xen: heap buffer overflow\n  vulnerability in pcnet emulator (XSA-162)\n\n- bsc#954405 -  CVE-2015-8104: Xen: guest to host DoS by\n  triggering an infinite loop in microcode via #DB exception\n- bsc#953527 -  CVE-2015-5307: kernel: kvm/xen: x86: avoid\n  guest->host DOS by intercepting #AC (XSA-156)\n\n- bsc#950704 -  CVE-2015-7970: xen: x86: Long latency\n  populate-on-demand operation is not preemptible (XSA-150)\n\n- bsc#951845 -  CVE-2015-7972: xen: x86: populate-on-demand\n  balloon size inaccuracy can crash guests (XSA-153)\n\n- bsc#950703 -  CVE-2015-7969: xen: leak of main per-domain\n  vcpu pointer array (DoS) (XSA-149)\n- bsc#950705 -  CVE-2015-7969: xen: x86: leak of per-domain\n  profiling-related vcpu pointer array (DoS) (XSA-151)\n- bsc#950706 -  CVE-2015-7971: xen: x86: some pmu and\n  profiling hypercalls log without rate limiting (XSA-152)","title":"Description of the patch"},{"category":"details","text":"slessp2-xen-20151201-12273","title":"Patchnames"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"SUSE ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"self","summary":"URL of this CSAF notice","url":"https://ftp.suse.com/pub/projects/security/csaf/suse-su-2015_2306-1.json"},{"category":"self","summary":"URL for SUSE-SU-2015:2306-1","url":"https://www.suse.com/support/update/announcement/2015/suse-su-20152306-1/"},{"category":"self","summary":"E-Mail link for SUSE-SU-2015:2306-1","url":"https://lists.suse.com/pipermail/sle-security-updates/2015-December/001742.html"},{"category":"self","summary":"SUSE Bug 950703","url":"https://bugzilla.suse.com/950703"},{"category":"self","summary":"SUSE Bug 950704","url":"https://bugzilla.suse.com/950704"},{"category":"self","summary":"SUSE Bug 950705","url":"https://bugzilla.suse.com/950705"},{"category":"self","summary":"SUSE Bug 950706","url":"https://bugzilla.suse.com/950706"},{"category":"self","summary":"SUSE Bug 951845","url":"https://bugzilla.suse.com/951845"},{"category":"self","summary":"SUSE Bug 953527","url":"https://bugzilla.suse.com/953527"},{"category":"self","summary":"SUSE Bug 954405","url":"https://bugzilla.suse.com/954405"},{"category":"self","summary":"SUSE Bug 956408","url":"https://bugzilla.suse.com/956408"},{"category":"self","summary":"SUSE Bug 956411","url":"https://bugzilla.suse.com/956411"},{"category":"self","summary":"SUSE Bug 956832","url":"https://bugzilla.suse.com/956832"},{"category":"self","summary":"SUSE CVE CVE-2015-5307 page","url":"https://www.suse.com/security/cve/CVE-2015-5307/"},{"category":"self","summary":"SUSE CVE CVE-2015-7504 page","url":"https://www.suse.com/security/cve/CVE-2015-7504/"},{"category":"self","summary":"SUSE CVE CVE-2015-7969 page","url":"https://www.suse.com/security/cve/CVE-2015-7969/"},{"category":"self","summary":"SUSE CVE CVE-2015-7970 page","url":"https://www.suse.com/security/cve/CVE-2015-7970/"},{"category":"self","summary":"SUSE CVE CVE-2015-7971 page","url":"https://www.suse.com/security/cve/CVE-2015-7971/"},{"category":"self","summary":"SUSE CVE CVE-2015-7972 page","url":"https://www.suse.com/security/cve/CVE-2015-7972/"},{"category":"self","summary":"SUSE CVE CVE-2015-8104 page","url":"https://www.suse.com/security/cve/CVE-2015-8104/"},{"category":"self","summary":"SUSE CVE CVE-2015-8339 page","url":"https://www.suse.com/security/cve/CVE-2015-8339/"},{"category":"self","summary":"SUSE CVE CVE-2015-8340 page","url":"https://www.suse.com/security/cve/CVE-2015-8340/"},{"category":"self","summary":"SUSE CVE CVE-2015-8345 page","url":"https://www.suse.com/security/cve/CVE-2015-8345/"}],"title":"Security update for xen","tracking":{"current_release_date":"2015-12-18T17:18:02Z","generator":{"date":"2015-12-18T17:18:02Z","engine":{"name":"cve-database.git:bin/generate-csaf.pl","version":"1"}},"id":"SUSE-SU-2015:2306-1","initial_release_date":"2015-12-18T17:18:02Z","revision_history":[{"date":"2015-12-18T17:18:02Z","number":"1","summary":"Current version"}],"status":"final","version":"1"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_version","name":"xen-devel-4.1.6_08-23.1.i586","product":{"name":"xen-devel-4.1.6_08-23.1.i586","product_id":"xen-devel-4.1.6_08-23.1.i586"}},{"category":"product_version","name":"xen-kmp-default-4.1.6_08_3.0.101_0.7.37-23.1.i586","product":{"name":"xen-kmp-default-4.1.6_08_3.0.101_0.7.37-23.1.i586","product_id":"xen-kmp-default-4.1.6_08_3.0.101_0.7.37-23.1.i586"}},{"category":"product_version","name":"xen-kmp-pae-4.1.6_08_3.0.101_0.7.37-23.1.i586","product":{"name":"xen-kmp-pae-4.1.6_08_3.0.101_0.7.37-23.1.i586","product_id":"xen-kmp-pae-4.1.6_08_3.0.101_0.7.37-23.1.i586"}},{"category":"product_version","name":"xen-kmp-trace-4.1.6_08_3.0.101_0.7.37-23.1.i586","product":{"name":"xen-kmp-trace-4.1.6_08_3.0.101_0.7.37-23.1.i586","product_id":"xen-kmp-trace-4.1.6_08_3.0.101_0.7.37-23.1.i586"}},{"category":"product_version","name":"xen-libs-4.1.6_08-23.1.i586","product":{"name":"xen-libs-4.1.6_08-23.1.i586","product_id":"xen-libs-4.1.6_08-23.1.i586"}},{"category":"product_version","name":"xen-tools-domU-4.1.6_08-23.1.i586","product":{"name":"xen-tools-domU-4.1.6_08-23.1.i586","product_id":"xen-tools-domU-4.1.6_08-23.1.i586"}}],"category":"architecture","name":"i586"},{"branches":[{"category":"product_version","name":"xen-4.1.6_08-23.1.x86_64","product":{"name":"xen-4.1.6_08-23.1.x86_64","product_id":"xen-4.1.6_08-23.1.x86_64"}},{"category":"product_version","name":"xen-devel-4.1.6_08-23.1.x86_64","product":{"name":"xen-devel-4.1.6_08-23.1.x86_64","product_id":"xen-devel-4.1.6_08-23.1.x86_64"}},{"category":"product_version","name":"xen-doc-html-4.1.6_08-23.1.x86_64","product":{"name":"xen-doc-html-4.1.6_08-23.1.x86_64","product_id":"xen-doc-html-4.1.6_08-23.1.x86_64"}},{"category":"product_version","name":"xen-doc-pdf-4.1.6_08-23.1.x86_64","product":{"name":"xen-doc-pdf-4.1.6_08-23.1.x86_64","product_id":"xen-doc-pdf-4.1.6_08-23.1.x86_64"}},{"category":"product_version","name":"xen-kmp-default-4.1.6_08_3.0.101_0.7.37-23.1.x86_64","product":{"name":"xen-kmp-default-4.1.6_08_3.0.101_0.7.37-23.1.x86_64","product_id":"xen-kmp-default-4.1.6_08_3.0.101_0.7.37-23.1.x86_64"}},{"category":"product_version","name":"xen-kmp-trace-4.1.6_08_3.0.101_0.7.37-23.1.x86_64","product":{"name":"xen-kmp-trace-4.1.6_08_3.0.101_0.7.37-23.1.x86_64","product_id":"xen-kmp-trace-4.1.6_08_3.0.101_0.7.37-23.1.x86_64"}},{"category":"product_version","name":"xen-libs-4.1.6_08-23.1.x86_64","product":{"name":"xen-libs-4.1.6_08-23.1.x86_64","product_id":"xen-libs-4.1.6_08-23.1.x86_64"}},{"category":"product_version","name":"xen-libs-32bit-4.1.6_08-23.1.x86_64","product":{"name":"xen-libs-32bit-4.1.6_08-23.1.x86_64","product_id":"xen-libs-32bit-4.1.6_08-23.1.x86_64"}},{"category":"product_version","name":"xen-tools-4.1.6_08-23.1.x86_64","product":{"name":"xen-tools-4.1.6_08-23.1.x86_64","product_id":"xen-tools-4.1.6_08-23.1.x86_64"}},{"category":"product_version","name":"xen-tools-domU-4.1.6_08-23.1.x86_64","product":{"name":"xen-tools-domU-4.1.6_08-23.1.x86_64","product_id":"xen-tools-domU-4.1.6_08-23.1.x86_64"}}],"category":"architecture","name":"x86_64"},{"branches":[{"category":"product_name","name":"SUSE Linux Enterprise Server 11 SP2-LTSS","product":{"name":"SUSE Linux Enterprise Server 11 SP2-LTSS","product_id":"SUSE Linux Enterprise Server 11 SP2-LTSS","product_identification_helper":{"cpe":"cpe:/o:suse:suse_sles_ltss:11:sp2"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"xen-4.1.6_08-23.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP2-LTSS","product_id":"SUSE Linux Enterprise Server 11 SP2-LTSS:xen-4.1.6_08-23.1.x86_64"},"product_reference":"xen-4.1.6_08-23.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Server 11 SP2-LTSS"},{"category":"default_component_of","full_product_name":{"name":"xen-devel-4.1.6_08-23.1.i586 as component of SUSE Linux Enterprise Server 11 SP2-LTSS","product_id":"SUSE Linux Enterprise Server 11 SP2-LTSS:xen-devel-4.1.6_08-23.1.i586"},"product_reference":"xen-devel-4.1.6_08-23.1.i586","relates_to_product_reference":"SUSE Linux Enterprise Server 11 SP2-LTSS"},{"category":"default_component_of","full_product_name":{"name":"xen-devel-4.1.6_08-23.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP2-LTSS","product_id":"SUSE Linux Enterprise Server 11 SP2-LTSS:xen-devel-4.1.6_08-23.1.x86_64"},"product_reference":"xen-devel-4.1.6_08-23.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Server 11 SP2-LTSS"},{"category":"default_component_of","full_product_name":{"name":"xen-doc-html-4.1.6_08-23.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP2-LTSS","product_id":"SUSE Linux Enterprise Server 11 SP2-LTSS:xen-doc-html-4.1.6_08-23.1.x86_64"},"product_reference":"xen-doc-html-4.1.6_08-23.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Server 11 SP2-LTSS"},{"category":"default_component_of","full_product_name":{"name":"xen-doc-pdf-4.1.6_08-23.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP2-LTSS","product_id":"SUSE Linux Enterprise Server 11 SP2-LTSS:xen-doc-pdf-4.1.6_08-23.1.x86_64"},"product_reference":"xen-doc-pdf-4.1.6_08-23.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Server 11 SP2-LTSS"},{"category":"default_component_of","full_product_name":{"name":"xen-kmp-default-4.1.6_08_3.0.101_0.7.37-23.1.i586 as component of SUSE Linux Enterprise Server 11 SP2-LTSS","product_id":"SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-default-4.1.6_08_3.0.101_0.7.37-23.1.i586"},"product_reference":"xen-kmp-default-4.1.6_08_3.0.101_0.7.37-23.1.i586","relates_to_product_reference":"SUSE Linux Enterprise Server 11 SP2-LTSS"},{"category":"default_component_of","full_product_name":{"name":"xen-kmp-default-4.1.6_08_3.0.101_0.7.37-23.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP2-LTSS","product_id":"SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-default-4.1.6_08_3.0.101_0.7.37-23.1.x86_64"},"product_reference":"xen-kmp-default-4.1.6_08_3.0.101_0.7.37-23.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Server 11 SP2-LTSS"},{"category":"default_component_of","full_product_name":{"name":"xen-kmp-pae-4.1.6_08_3.0.101_0.7.37-23.1.i586 as component of SUSE Linux Enterprise Server 11 SP2-LTSS","product_id":"SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-pae-4.1.6_08_3.0.101_0.7.37-23.1.i586"},"product_reference":"xen-kmp-pae-4.1.6_08_3.0.101_0.7.37-23.1.i586","relates_to_product_reference":"SUSE Linux Enterprise Server 11 SP2-LTSS"},{"category":"default_component_of","full_product_name":{"name":"xen-kmp-trace-4.1.6_08_3.0.101_0.7.37-23.1.i586 as component of SUSE Linux Enterprise Server 11 SP2-LTSS","product_id":"SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-trace-4.1.6_08_3.0.101_0.7.37-23.1.i586"},"product_reference":"xen-kmp-trace-4.1.6_08_3.0.101_0.7.37-23.1.i586","relates_to_product_reference":"SUSE Linux Enterprise Server 11 SP2-LTSS"},{"category":"default_component_of","full_product_name":{"name":"xen-kmp-trace-4.1.6_08_3.0.101_0.7.37-23.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP2-LTSS","product_id":"SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-trace-4.1.6_08_3.0.101_0.7.37-23.1.x86_64"},"product_reference":"xen-kmp-trace-4.1.6_08_3.0.101_0.7.37-23.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Server 11 SP2-LTSS"},{"category":"default_component_of","full_product_name":{"name":"xen-libs-4.1.6_08-23.1.i586 as component of SUSE Linux Enterprise Server 11 SP2-LTSS","product_id":"SUSE Linux Enterprise Server 11 SP2-LTSS:xen-libs-4.1.6_08-23.1.i586"},"product_reference":"xen-libs-4.1.6_08-23.1.i586","relates_to_product_reference":"SUSE Linux Enterprise Server 11 SP2-LTSS"},{"category":"default_component_of","full_product_name":{"name":"xen-libs-4.1.6_08-23.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP2-LTSS","product_id":"SUSE Linux Enterprise Server 11 SP2-LTSS:xen-libs-4.1.6_08-23.1.x86_64"},"product_reference":"xen-libs-4.1.6_08-23.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Server 11 SP2-LTSS"},{"category":"default_component_of","full_product_name":{"name":"xen-libs-32bit-4.1.6_08-23.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP2-LTSS","product_id":"SUSE Linux Enterprise Server 11 SP2-LTSS:xen-libs-32bit-4.1.6_08-23.1.x86_64"},"product_reference":"xen-libs-32bit-4.1.6_08-23.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Server 11 SP2-LTSS"},{"category":"default_component_of","full_product_name":{"name":"xen-tools-4.1.6_08-23.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP2-LTSS","product_id":"SUSE Linux Enterprise Server 11 SP2-LTSS:xen-tools-4.1.6_08-23.1.x86_64"},"product_reference":"xen-tools-4.1.6_08-23.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Server 11 SP2-LTSS"},{"category":"default_component_of","full_product_name":{"name":"xen-tools-domU-4.1.6_08-23.1.i586 as component of SUSE Linux Enterprise Server 11 SP2-LTSS","product_id":"SUSE Linux Enterprise Server 11 SP2-LTSS:xen-tools-domU-4.1.6_08-23.1.i586"},"product_reference":"xen-tools-domU-4.1.6_08-23.1.i586","relates_to_product_reference":"SUSE Linux Enterprise Server 11 SP2-LTSS"},{"category":"default_component_of","full_product_name":{"name":"xen-tools-domU-4.1.6_08-23.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP2-LTSS","product_id":"SUSE Linux Enterprise Server 11 SP2-LTSS:xen-tools-domU-4.1.6_08-23.1.x86_64"},"product_reference":"xen-tools-domU-4.1.6_08-23.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Server 11 SP2-LTSS"}]},"vulnerabilities":[{"cve":"CVE-2015-5307","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2015-5307"}],"notes":[{"category":"general","text":"The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Server 11 SP2-LTSS:xen-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-devel-4.1.6_08-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-devel-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-doc-html-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-doc-pdf-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-default-4.1.6_08_3.0.101_0.7.37-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-default-4.1.6_08_3.0.101_0.7.37-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-pae-4.1.6_08_3.0.101_0.7.37-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-trace-4.1.6_08_3.0.101_0.7.37-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-trace-4.1.6_08_3.0.101_0.7.37-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-libs-32bit-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-libs-4.1.6_08-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-libs-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-tools-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-tools-domU-4.1.6_08-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-tools-domU-4.1.6_08-23.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2015-5307","url":"https://www.suse.com/security/cve/CVE-2015-5307"},{"category":"external","summary":"SUSE Bug 953527 for CVE-2015-5307","url":"https://bugzilla.suse.com/953527"},{"category":"external","summary":"SUSE Bug 954018 for CVE-2015-5307","url":"https://bugzilla.suse.com/954018"},{"category":"external","summary":"SUSE Bug 954404 for CVE-2015-5307","url":"https://bugzilla.suse.com/954404"},{"category":"external","summary":"SUSE Bug 954405 for CVE-2015-5307","url":"https://bugzilla.suse.com/954405"},{"category":"external","summary":"SUSE Bug 962977 for CVE-2015-5307","url":"https://bugzilla.suse.com/962977"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Server 11 SP2-LTSS:xen-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-devel-4.1.6_08-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-devel-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-doc-html-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-doc-pdf-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-default-4.1.6_08_3.0.101_0.7.37-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-default-4.1.6_08_3.0.101_0.7.37-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-pae-4.1.6_08_3.0.101_0.7.37-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-trace-4.1.6_08_3.0.101_0.7.37-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-trace-4.1.6_08_3.0.101_0.7.37-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-libs-32bit-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-libs-4.1.6_08-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-libs-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-tools-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-tools-domU-4.1.6_08-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-tools-domU-4.1.6_08-23.1.x86_64"]}],"threats":[{"category":"impact","date":"2015-12-18T17:18:02Z","details":"moderate"}],"title":"CVE-2015-5307"},{"cve":"CVE-2015-7504","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2015-7504"}],"notes":[{"category":"general","text":"Heap-based buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU allows guest OS administrators to cause a denial of service (instance crash) or possibly execute arbitrary code via a series of packets in loopback mode.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Server 11 SP2-LTSS:xen-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-devel-4.1.6_08-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-devel-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-doc-html-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-doc-pdf-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-default-4.1.6_08_3.0.101_0.7.37-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-default-4.1.6_08_3.0.101_0.7.37-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-pae-4.1.6_08_3.0.101_0.7.37-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-trace-4.1.6_08_3.0.101_0.7.37-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-trace-4.1.6_08_3.0.101_0.7.37-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-libs-32bit-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-libs-4.1.6_08-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-libs-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-tools-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-tools-domU-4.1.6_08-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-tools-domU-4.1.6_08-23.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2015-7504","url":"https://www.suse.com/security/cve/CVE-2015-7504"},{"category":"external","summary":"SUSE Bug 956411 for CVE-2015-7504","url":"https://bugzilla.suse.com/956411"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Server 11 SP2-LTSS:xen-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-devel-4.1.6_08-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-devel-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-doc-html-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-doc-pdf-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-default-4.1.6_08_3.0.101_0.7.37-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-default-4.1.6_08_3.0.101_0.7.37-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-pae-4.1.6_08_3.0.101_0.7.37-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-trace-4.1.6_08_3.0.101_0.7.37-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-trace-4.1.6_08_3.0.101_0.7.37-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-libs-32bit-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-libs-4.1.6_08-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-libs-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-tools-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-tools-domU-4.1.6_08-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-tools-domU-4.1.6_08-23.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":8.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","version":"3.1"},"products":["SUSE Linux Enterprise Server 11 SP2-LTSS:xen-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-devel-4.1.6_08-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-devel-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-doc-html-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-doc-pdf-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-default-4.1.6_08_3.0.101_0.7.37-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-default-4.1.6_08_3.0.101_0.7.37-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-pae-4.1.6_08_3.0.101_0.7.37-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-trace-4.1.6_08_3.0.101_0.7.37-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-trace-4.1.6_08_3.0.101_0.7.37-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-libs-32bit-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-libs-4.1.6_08-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-libs-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-tools-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-tools-domU-4.1.6_08-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-tools-domU-4.1.6_08-23.1.x86_64"]}],"threats":[{"category":"impact","date":"2015-12-18T17:18:02Z","details":"important"}],"title":"CVE-2015-7504"},{"cve":"CVE-2015-7969","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2015-7969"}],"notes":[{"category":"general","text":"Multiple memory leaks in Xen 4.0 through 4.6.x allow local guest administrators or domains with certain permission to cause a denial of service (memory consumption) via a large number of \"teardowns\" of domains with the vcpu pointer array allocated using the (1) XEN_DOMCTL_max_vcpus hypercall or the xenoprofile state vcpu pointer array allocated using the (2) XENOPROF_get_buffer or (3) XENOPROF_set_passive hypercall.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Server 11 SP2-LTSS:xen-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-devel-4.1.6_08-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-devel-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-doc-html-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-doc-pdf-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-default-4.1.6_08_3.0.101_0.7.37-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-default-4.1.6_08_3.0.101_0.7.37-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-pae-4.1.6_08_3.0.101_0.7.37-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-trace-4.1.6_08_3.0.101_0.7.37-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-trace-4.1.6_08_3.0.101_0.7.37-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-libs-32bit-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-libs-4.1.6_08-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-libs-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-tools-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-tools-domU-4.1.6_08-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-tools-domU-4.1.6_08-23.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2015-7969","url":"https://www.suse.com/security/cve/CVE-2015-7969"},{"category":"external","summary":"SUSE Bug 950703 for CVE-2015-7969","url":"https://bugzilla.suse.com/950703"},{"category":"external","summary":"SUSE Bug 950705 for CVE-2015-7969","url":"https://bugzilla.suse.com/950705"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Server 11 SP2-LTSS:xen-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-devel-4.1.6_08-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-devel-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-doc-html-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-doc-pdf-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-default-4.1.6_08_3.0.101_0.7.37-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-default-4.1.6_08_3.0.101_0.7.37-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-pae-4.1.6_08_3.0.101_0.7.37-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-trace-4.1.6_08_3.0.101_0.7.37-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-trace-4.1.6_08_3.0.101_0.7.37-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-libs-32bit-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-libs-4.1.6_08-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-libs-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-tools-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-tools-domU-4.1.6_08-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-tools-domU-4.1.6_08-23.1.x86_64"]}],"threats":[{"category":"impact","date":"2015-12-18T17:18:02Z","details":"moderate"}],"title":"CVE-2015-7969"},{"cve":"CVE-2015-7970","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2015-7970"}],"notes":[{"category":"general","text":"The p2m_pod_emergency_sweep function in arch/x86/mm/p2m-pod.c in Xen 3.4.x, 3.5.x, and 3.6.x is not preemptible, which allows local x86 HVM guest administrators to cause a denial of service (CPU consumption and possibly reboot) via crafted memory contents that triggers a \"time-consuming linear scan,\" related to Populate-on-Demand.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Server 11 SP2-LTSS:xen-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-devel-4.1.6_08-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-devel-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-doc-html-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-doc-pdf-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-default-4.1.6_08_3.0.101_0.7.37-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-default-4.1.6_08_3.0.101_0.7.37-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-pae-4.1.6_08_3.0.101_0.7.37-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-trace-4.1.6_08_3.0.101_0.7.37-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-trace-4.1.6_08_3.0.101_0.7.37-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-libs-32bit-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-libs-4.1.6_08-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-libs-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-tools-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-tools-domU-4.1.6_08-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-tools-domU-4.1.6_08-23.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2015-7970","url":"https://www.suse.com/security/cve/CVE-2015-7970"},{"category":"external","summary":"SUSE Bug 950704 for CVE-2015-7970","url":"https://bugzilla.suse.com/950704"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Server 11 SP2-LTSS:xen-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-devel-4.1.6_08-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-devel-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-doc-html-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-doc-pdf-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-default-4.1.6_08_3.0.101_0.7.37-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-default-4.1.6_08_3.0.101_0.7.37-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-pae-4.1.6_08_3.0.101_0.7.37-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-trace-4.1.6_08_3.0.101_0.7.37-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-trace-4.1.6_08_3.0.101_0.7.37-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-libs-32bit-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-libs-4.1.6_08-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-libs-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-tools-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-tools-domU-4.1.6_08-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-tools-domU-4.1.6_08-23.1.x86_64"]}],"threats":[{"category":"impact","date":"2015-12-18T17:18:02Z","details":"moderate"}],"title":"CVE-2015-7970"},{"cve":"CVE-2015-7971","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2015-7971"}],"notes":[{"category":"general","text":"Xen 3.2.x through 4.6.x does not limit the number of printk console messages when logging certain pmu and profiling hypercalls, which allows local guests to cause a denial of service via a sequence of crafted (1) HYPERCALL_xenoprof_op hypercalls, which are not properly handled in the do_xenoprof_op function in common/xenoprof.c, or (2) HYPERVISOR_xenpmu_op hypercalls, which are not properly handled in the do_xenpmu_op function in arch/x86/cpu/vpmu.c.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Server 11 SP2-LTSS:xen-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-devel-4.1.6_08-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-devel-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-doc-html-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-doc-pdf-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-default-4.1.6_08_3.0.101_0.7.37-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-default-4.1.6_08_3.0.101_0.7.37-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-pae-4.1.6_08_3.0.101_0.7.37-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-trace-4.1.6_08_3.0.101_0.7.37-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-trace-4.1.6_08_3.0.101_0.7.37-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-libs-32bit-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-libs-4.1.6_08-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-libs-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-tools-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-tools-domU-4.1.6_08-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-tools-domU-4.1.6_08-23.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2015-7971","url":"https://www.suse.com/security/cve/CVE-2015-7971"},{"category":"external","summary":"SUSE Bug 950706 for CVE-2015-7971","url":"https://bugzilla.suse.com/950706"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Server 11 SP2-LTSS:xen-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-devel-4.1.6_08-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-devel-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-doc-html-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-doc-pdf-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-default-4.1.6_08_3.0.101_0.7.37-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-default-4.1.6_08_3.0.101_0.7.37-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-pae-4.1.6_08_3.0.101_0.7.37-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-trace-4.1.6_08_3.0.101_0.7.37-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-trace-4.1.6_08_3.0.101_0.7.37-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-libs-32bit-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-libs-4.1.6_08-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-libs-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-tools-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-tools-domU-4.1.6_08-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-tools-domU-4.1.6_08-23.1.x86_64"]}],"threats":[{"category":"impact","date":"2015-12-18T17:18:02Z","details":"low"}],"title":"CVE-2015-7971"},{"cve":"CVE-2015-7972","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2015-7972"}],"notes":[{"category":"general","text":"The (1) libxl_set_memory_target function in tools/libxl/libxl.c and (2) libxl__build_post function in tools/libxl/libxl_dom.c in Xen 3.4.x through 4.6.x do not properly calculate the balloon size when using the populate-on-demand (PoD) system, which allows local HVM guest users to cause a denial of service (guest crash) via unspecified vectors related to \"heavy memory pressure.\"","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Server 11 SP2-LTSS:xen-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-devel-4.1.6_08-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-devel-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-doc-html-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-doc-pdf-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-default-4.1.6_08_3.0.101_0.7.37-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-default-4.1.6_08_3.0.101_0.7.37-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-pae-4.1.6_08_3.0.101_0.7.37-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-trace-4.1.6_08_3.0.101_0.7.37-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-trace-4.1.6_08_3.0.101_0.7.37-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-libs-32bit-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-libs-4.1.6_08-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-libs-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-tools-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-tools-domU-4.1.6_08-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-tools-domU-4.1.6_08-23.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2015-7972","url":"https://www.suse.com/security/cve/CVE-2015-7972"},{"category":"external","summary":"SUSE Bug 950704 for CVE-2015-7972","url":"https://bugzilla.suse.com/950704"},{"category":"external","summary":"SUSE Bug 951845 for CVE-2015-7972","url":"https://bugzilla.suse.com/951845"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Server 11 SP2-LTSS:xen-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-devel-4.1.6_08-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-devel-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-doc-html-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-doc-pdf-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-default-4.1.6_08_3.0.101_0.7.37-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-default-4.1.6_08_3.0.101_0.7.37-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-pae-4.1.6_08_3.0.101_0.7.37-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-trace-4.1.6_08_3.0.101_0.7.37-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-trace-4.1.6_08_3.0.101_0.7.37-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-libs-32bit-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-libs-4.1.6_08-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-libs-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-tools-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-tools-domU-4.1.6_08-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-tools-domU-4.1.6_08-23.1.x86_64"]}],"threats":[{"category":"impact","date":"2015-12-18T17:18:02Z","details":"low"}],"title":"CVE-2015-7972"},{"cve":"CVE-2015-8104","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2015-8104"}],"notes":[{"category":"general","text":"The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Server 11 SP2-LTSS:xen-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-devel-4.1.6_08-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-devel-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-doc-html-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-doc-pdf-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-default-4.1.6_08_3.0.101_0.7.37-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-default-4.1.6_08_3.0.101_0.7.37-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-pae-4.1.6_08_3.0.101_0.7.37-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-trace-4.1.6_08_3.0.101_0.7.37-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-trace-4.1.6_08_3.0.101_0.7.37-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-libs-32bit-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-libs-4.1.6_08-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-libs-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-tools-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-tools-domU-4.1.6_08-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-tools-domU-4.1.6_08-23.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2015-8104","url":"https://www.suse.com/security/cve/CVE-2015-8104"},{"category":"external","summary":"SUSE Bug 1215748 for CVE-2015-8104","url":"https://bugzilla.suse.com/1215748"},{"category":"external","summary":"SUSE Bug 953527 for CVE-2015-8104","url":"https://bugzilla.suse.com/953527"},{"category":"external","summary":"SUSE Bug 954018 for CVE-2015-8104","url":"https://bugzilla.suse.com/954018"},{"category":"external","summary":"SUSE Bug 954404 for CVE-2015-8104","url":"https://bugzilla.suse.com/954404"},{"category":"external","summary":"SUSE Bug 954405 for CVE-2015-8104","url":"https://bugzilla.suse.com/954405"},{"category":"external","summary":"SUSE Bug 962977 for CVE-2015-8104","url":"https://bugzilla.suse.com/962977"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Server 11 SP2-LTSS:xen-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-devel-4.1.6_08-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-devel-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-doc-html-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-doc-pdf-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-default-4.1.6_08_3.0.101_0.7.37-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-default-4.1.6_08_3.0.101_0.7.37-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-pae-4.1.6_08_3.0.101_0.7.37-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-trace-4.1.6_08_3.0.101_0.7.37-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-trace-4.1.6_08_3.0.101_0.7.37-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-libs-32bit-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-libs-4.1.6_08-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-libs-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-tools-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-tools-domU-4.1.6_08-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-tools-domU-4.1.6_08-23.1.x86_64"]}],"threats":[{"category":"impact","date":"2015-12-18T17:18:02Z","details":"critical"}],"title":"CVE-2015-8104"},{"cve":"CVE-2015-8339","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2015-8339"}],"notes":[{"category":"general","text":"The memory_exchange function in common/memory.c in Xen 3.2.x through 4.6.x does not properly hand back pages to a domain, which might allow guest OS administrators to cause a denial of service (host crash) via unspecified vectors related to domain teardown.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Server 11 SP2-LTSS:xen-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-devel-4.1.6_08-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-devel-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-doc-html-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-doc-pdf-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-default-4.1.6_08_3.0.101_0.7.37-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-default-4.1.6_08_3.0.101_0.7.37-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-pae-4.1.6_08_3.0.101_0.7.37-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-trace-4.1.6_08_3.0.101_0.7.37-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-trace-4.1.6_08_3.0.101_0.7.37-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-libs-32bit-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-libs-4.1.6_08-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-libs-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-tools-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-tools-domU-4.1.6_08-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-tools-domU-4.1.6_08-23.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2015-8339","url":"https://www.suse.com/security/cve/CVE-2015-8339"},{"category":"external","summary":"SUSE Bug 956408 for CVE-2015-8339","url":"https://bugzilla.suse.com/956408"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Server 11 SP2-LTSS:xen-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-devel-4.1.6_08-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-devel-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-doc-html-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-doc-pdf-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-default-4.1.6_08_3.0.101_0.7.37-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-default-4.1.6_08_3.0.101_0.7.37-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-pae-4.1.6_08_3.0.101_0.7.37-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-trace-4.1.6_08_3.0.101_0.7.37-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-trace-4.1.6_08_3.0.101_0.7.37-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-libs-32bit-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-libs-4.1.6_08-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-libs-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-tools-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-tools-domU-4.1.6_08-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-tools-domU-4.1.6_08-23.1.x86_64"]}],"threats":[{"category":"impact","date":"2015-12-18T17:18:02Z","details":"moderate"}],"title":"CVE-2015-8339"},{"cve":"CVE-2015-8340","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2015-8340"}],"notes":[{"category":"general","text":"The memory_exchange function in common/memory.c in Xen 3.2.x through 4.6.x does not properly release locks, which might allow guest OS administrators to cause a denial of service (deadlock or host crash) via unspecified vectors, related to XENMEM_exchange error handling.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Server 11 SP2-LTSS:xen-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-devel-4.1.6_08-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-devel-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-doc-html-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-doc-pdf-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-default-4.1.6_08_3.0.101_0.7.37-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-default-4.1.6_08_3.0.101_0.7.37-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-pae-4.1.6_08_3.0.101_0.7.37-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-trace-4.1.6_08_3.0.101_0.7.37-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-trace-4.1.6_08_3.0.101_0.7.37-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-libs-32bit-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-libs-4.1.6_08-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-libs-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-tools-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-tools-domU-4.1.6_08-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-tools-domU-4.1.6_08-23.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2015-8340","url":"https://www.suse.com/security/cve/CVE-2015-8340"},{"category":"external","summary":"SUSE Bug 956408 for CVE-2015-8340","url":"https://bugzilla.suse.com/956408"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Server 11 SP2-LTSS:xen-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-devel-4.1.6_08-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-devel-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-doc-html-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-doc-pdf-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-default-4.1.6_08_3.0.101_0.7.37-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-default-4.1.6_08_3.0.101_0.7.37-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-pae-4.1.6_08_3.0.101_0.7.37-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-trace-4.1.6_08_3.0.101_0.7.37-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-trace-4.1.6_08_3.0.101_0.7.37-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-libs-32bit-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-libs-4.1.6_08-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-libs-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-tools-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-tools-domU-4.1.6_08-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-tools-domU-4.1.6_08-23.1.x86_64"]}],"threats":[{"category":"impact","date":"2015-12-18T17:18:02Z","details":"moderate"}],"title":"CVE-2015-8340"},{"cve":"CVE-2015-8345","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2015-8345"}],"notes":[{"category":"general","text":"The eepro100 emulator in QEMU qemu-kvm blank allows local guest users to cause a denial of service (application crash and infinite loop) via vectors involving the command block list.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Server 11 SP2-LTSS:xen-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-devel-4.1.6_08-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-devel-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-doc-html-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-doc-pdf-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-default-4.1.6_08_3.0.101_0.7.37-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-default-4.1.6_08_3.0.101_0.7.37-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-pae-4.1.6_08_3.0.101_0.7.37-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-trace-4.1.6_08_3.0.101_0.7.37-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-trace-4.1.6_08_3.0.101_0.7.37-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-libs-32bit-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-libs-4.1.6_08-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-libs-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-tools-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-tools-domU-4.1.6_08-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-tools-domU-4.1.6_08-23.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2015-8345","url":"https://www.suse.com/security/cve/CVE-2015-8345"},{"category":"external","summary":"SUSE Bug 956829 for CVE-2015-8345","url":"https://bugzilla.suse.com/956829"},{"category":"external","summary":"SUSE Bug 956832 for CVE-2015-8345","url":"https://bugzilla.suse.com/956832"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Server 11 SP2-LTSS:xen-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-devel-4.1.6_08-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-devel-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-doc-html-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-doc-pdf-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-default-4.1.6_08_3.0.101_0.7.37-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-default-4.1.6_08_3.0.101_0.7.37-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-pae-4.1.6_08_3.0.101_0.7.37-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-trace-4.1.6_08_3.0.101_0.7.37-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-trace-4.1.6_08_3.0.101_0.7.37-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-libs-32bit-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-libs-4.1.6_08-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-libs-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-tools-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-tools-domU-4.1.6_08-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-tools-domU-4.1.6_08-23.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":6.5,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H","version":"3.1"},"products":["SUSE Linux Enterprise Server 11 SP2-LTSS:xen-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-devel-4.1.6_08-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-devel-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-doc-html-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-doc-pdf-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-default-4.1.6_08_3.0.101_0.7.37-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-default-4.1.6_08_3.0.101_0.7.37-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-pae-4.1.6_08_3.0.101_0.7.37-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-trace-4.1.6_08_3.0.101_0.7.37-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-trace-4.1.6_08_3.0.101_0.7.37-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-libs-32bit-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-libs-4.1.6_08-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-libs-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-tools-4.1.6_08-23.1.x86_64","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-tools-domU-4.1.6_08-23.1.i586","SUSE Linux Enterprise Server 11 SP2-LTSS:xen-tools-domU-4.1.6_08-23.1.x86_64"]}],"threats":[{"category":"impact","date":"2015-12-18T17:18:02Z","details":"moderate"}],"title":"CVE-2015-8345"}]}