CVE-2015-7311 Information

Description

libxl in Xen 4.1.x through 4.6.x does not properly handle the readonly flag on disks when using the qemu-xen device model which allows local guest users to write to a read-only disk image.

Reference

http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167077.html http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167792.html http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167820.html http://lists.opensuse.org/opensuse-updates/2015-12/msg00053.html http://www.debian.org/security/2015/dsa-3414 http://www.securityfocus.com/bid/76823 http://www.securitytracker.com/id/1033633 http://xenbits.xen.org/xsa/advisory-142.html https://bugzilla.redhat.com/show_bug.cgi?id=1257893 https://security.gentoo.org/glsa/201604-03