Security update for xen

Announcement ID:	SUSE-SU-2017:1742-1
Rating:	important
References:	bsc#1027519 bsc#1035642 bsc#1037243 bsc#1042160 bsc#1042882 bsc#1042893 bsc#1042915 bsc#1042923 bsc#1042924 bsc#1042931 bsc#1042938
Cross-References:	CVE-2017-8309 CVE-2017-9330
CVSS scores:	CVE-2017-8309 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2017-9330 ( SUSE ): 3.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L CVE-2017-9330 ( NVD ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2017-9330 ( NVD ): 5.6 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H
Affected Products:	SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise High Performance Computing 12 SP2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server for SAP Applications 12 SP2 SUSE Linux Enterprise Software Development Kit 12 12-SP2

An update that solves two vulnerabilities and has nine security fixes can now be installed.

Description:

This update for xen fixes several issues.

These security issues were fixed:

• Page transfer might have allowed PV guest to elevate privilege (XSA-217, bsc#1042882)
• Races in the grant table unmap code allowed for informations leaks and potentially privilege escalation (XSA-218, bsc#1042893)
• Insufficient reference counts during shadow emulation allowed a malicious pair of guest to elevate their privileges to the privileges that XEN runs under (XSA-219, bsc#1042915)
• Missing NULL pointer check in event channel poll allows guests to DoS the host (XSA-221, bsc#1042924)
• Stale P2M mappings due to insufficient error checking allowed malicious guest to leak information or elevate privileges (XSA-222, bsc#1042931)
• Grant table operations mishandled reference counts allowing malicious guests to escape (XSA-224, bsc#1042938)
• CVE-2017-9330: USB OHCI Emulation in qemu allowed local guest OS users to cause a denial of service (infinite loop) by leveraging an incorrect return value (bsc#1042160)
• CVE-2017-8309: Memory leak in the audio/audio.c allowed remote attackers to cause a denial of service (memory consumption) by repeatedly starting and stopping audio capture (bsc#1037243)
• PKRU and BND* leakage between vCPU-s might have leaked information to other guests (XSA-220, bsc#1042923)

These non-security issues were fixed:

• bsc#1027519: Included various upstream patches
• bsc#1035642: Ensure that rpmbuild works

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Desktop 12 SP2
  zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1087=1
• SUSE Linux Enterprise Software Development Kit 12 12-SP2
  zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1087=1
• SUSE Linux Enterprise High Performance Computing 12 SP2
  zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1087=1
• SUSE Linux Enterprise Server 12 SP2
  zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1087=1
• SUSE Linux Enterprise Server for SAP Applications 12 SP2
  zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1087=1

Package List:

• SUSE Linux Enterprise Desktop 12 SP2 (x86_64)
  • xen-4.7.2_06-42.1
  • xen-libs-debuginfo-32bit-4.7.2_06-42.1
  • xen-libs-32bit-4.7.2_06-42.1
  • xen-libs-4.7.2_06-42.1
  • xen-libs-debuginfo-4.7.2_06-42.1
  • xen-debugsource-4.7.2_06-42.1
• SUSE Linux Enterprise Software Development Kit 12 12-SP2 (aarch64 x86_64)
  • xen-devel-4.7.2_06-42.1
  • xen-debugsource-4.7.2_06-42.1
• SUSE Linux Enterprise High Performance Computing 12 SP2 (x86_64)
  • xen-tools-domU-4.7.2_06-42.1
  • xen-4.7.2_06-42.1
  • xen-libs-debuginfo-32bit-4.7.2_06-42.1
  • xen-tools-4.7.2_06-42.1
  • xen-tools-domU-debuginfo-4.7.2_06-42.1
  • xen-libs-32bit-4.7.2_06-42.1
  • xen-libs-4.7.2_06-42.1
  • xen-doc-html-4.7.2_06-42.1
  • xen-libs-debuginfo-4.7.2_06-42.1
  • xen-tools-debuginfo-4.7.2_06-42.1
  • xen-debugsource-4.7.2_06-42.1
• SUSE Linux Enterprise Server 12 SP2 (x86_64)
  • xen-tools-domU-4.7.2_06-42.1
  • xen-4.7.2_06-42.1
  • xen-libs-debuginfo-32bit-4.7.2_06-42.1
  • xen-tools-4.7.2_06-42.1
  • xen-tools-domU-debuginfo-4.7.2_06-42.1
  • xen-libs-32bit-4.7.2_06-42.1
  • xen-libs-4.7.2_06-42.1
  • xen-doc-html-4.7.2_06-42.1
  • xen-libs-debuginfo-4.7.2_06-42.1
  • xen-tools-debuginfo-4.7.2_06-42.1
  • xen-debugsource-4.7.2_06-42.1
• SUSE Linux Enterprise Server for SAP Applications 12 SP2 (x86_64)
  • xen-tools-domU-4.7.2_06-42.1
  • xen-4.7.2_06-42.1
  • xen-libs-debuginfo-32bit-4.7.2_06-42.1
  • xen-tools-4.7.2_06-42.1
  • xen-tools-domU-debuginfo-4.7.2_06-42.1
  • xen-libs-32bit-4.7.2_06-42.1
  • xen-libs-4.7.2_06-42.1
  • xen-doc-html-4.7.2_06-42.1
  • xen-libs-debuginfo-4.7.2_06-42.1
  • xen-tools-debuginfo-4.7.2_06-42.1
  • xen-debugsource-4.7.2_06-42.1

References:

• https://www.suse.com/security/cve/CVE-2017-8309.html
• https://www.suse.com/security/cve/CVE-2017-9330.html
• https://bugzilla.suse.com/show_bug.cgi?id=1027519
• https://bugzilla.suse.com/show_bug.cgi?id=1035642
• https://bugzilla.suse.com/show_bug.cgi?id=1037243
• https://bugzilla.suse.com/show_bug.cgi?id=1042160
• https://bugzilla.suse.com/show_bug.cgi?id=1042882
• https://bugzilla.suse.com/show_bug.cgi?id=1042893
• https://bugzilla.suse.com/show_bug.cgi?id=1042915
• https://bugzilla.suse.com/show_bug.cgi?id=1042923
• https://bugzilla.suse.com/show_bug.cgi?id=1042924
• https://bugzilla.suse.com/show_bug.cgi?id=1042931
• https://bugzilla.suse.com/show_bug.cgi?id=1042938