Security update for xen

Announcement ID: SUSE-SU-2016:2507-1
Rating: important
References:
Cross-References:
CVSS scores:
  • CVE-2016-6258 ( NVD ): 8.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
  • CVE-2016-6833 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
  • CVE-2016-6833 ( NVD ): 4.4 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
  • CVE-2016-6834 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
  • CVE-2016-6834 ( NVD ): 4.4 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
  • CVE-2016-6835 ( NVD ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
  • CVE-2016-6835 ( NVD ): 6.0 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
  • CVE-2016-6836 ( NVD ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
  • CVE-2016-6836 ( NVD ): 6.0 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
  • CVE-2016-6888 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
  • CVE-2016-6888 ( NVD ): 4.4 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
  • CVE-2016-7092 ( SUSE ): 8.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
  • CVE-2016-7092 ( NVD ): 8.2 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
  • CVE-2016-7093 ( NVD ): 8.2 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
  • CVE-2016-7094 ( NVD ): 4.1 CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
  • CVE-2016-7154 ( NVD ): 6.7 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected Products:
  • SLES for SAP Applications 11-SP4
  • SUSE Linux Enterprise Server 11 SP4
  • SUSE Linux Enterprise Software Development Kit 11 SP4

An update that solves 10 vulnerabilities and has eight security fixes can now be installed.

Description:

This update for xen fixes several issues.

These security issues were fixed: - CVE-2016-7092: The get_page_from_l3e function in arch/x86/mm.c in Xen allowed local 32-bit PV guest OS administrators to gain host OS privileges via vectors related to L3 recursive pagetables (bsc#995785) - CVE-2016-7093: Xen allowed local HVM guest OS administrators to overwrite hypervisor memory and consequently gain host OS privileges by leveraging mishandling of instruction pointer truncation during emulation (bsc#995789) - CVE-2016-7094: Buffer overflow in Xen allowed local x86 HVM guest OS administrators on guests running with shadow paging to cause a denial of service via a pagetable update (bsc#995792) - CVE-2016-7154: Use-after-free vulnerability in the FIFO event channel code in Xen allowed local guest OS administrators to cause a denial of service (host crash) and possibly execute arbitrary code or obtain sensitive information via an invalid guest frame number (bsc#997731) - CVE-2016-6836: VMWARE VMXNET3 NIC device allowed privileged user inside the guest to leak information. It occured while processing transmit(tx) queue, when it reaches the end of packet (bsc#994761) - CVE-2016-6888: A integer overflow int the VMWARE VMXNET3 NIC device support, during the initialisation of new packets in the device, could have allowed a privileged user inside guest to crash the Qemu instance resulting in DoS (bsc#994772) - CVE-2016-6833: A use-after-free issue in the VMWARE VMXNET3 NIC device support allowed privileged user inside guest to crash the Qemu instance resulting in DoS (bsc#994775) - CVE-2016-6835: Buffer overflow in the VMWARE VMXNET3 NIC device support, causing an OOB read access (bsc#994625) - CVE-2016-6834: A infinite loop during packet fragmentation in the VMWARE VMXNET3 NIC device support allowed privileged user inside guest to crash the Qemu instance resulting in DoS (bsc#994421) - CVE-2016-6258: The PV pagetable code in arch/x86/mm.c in Xen allowed local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries (bsc#988675)

These non-security issues were fixed: - bsc#993507: virsh detach-disk failing to detach disk - bsc#991934: Xen hypervisor crash in csched_acct - bsc#992224: During boot of Xen Hypervisor, Failed to get contiguous memory for DMA - bsc#970135: New virtualization project clock test randomly fails on Xen - bsc#994136: Unplug also SCSI disks in qemu-xen-traditional for upstream unplug protocol - bsc#994136: xen_platform: unplug also SCSI disks in qemu-xen - bsc#971949: xl: Support (by ignoring) xl migrate --live. xl migrations are always live - bsc#990970: Add PMU support for Intel E7-8867 v4 (fam=6, model=79) - bsc#966467: Live Migration SLES 11 SP3 to SP4 on AMD

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • SUSE Linux Enterprise Software Development Kit 11 SP4
    zypper in -t patch sdksp4-xen-12782=1
  • SUSE Linux Enterprise Server 11 SP4
    zypper in -t patch slessp4-xen-12782=1
  • SLES for SAP Applications 11-SP4
    zypper in -t patch slessp4-xen-12782=1

Package List:

  • SUSE Linux Enterprise Software Development Kit 11 SP4 (x86_64 i586)
    • xen-devel-4.4.4_08-40.2
  • SUSE Linux Enterprise Server 11 SP4 (x86_64 i586)
    • xen-tools-domU-4.4.4_08-40.2
    • xen-libs-4.4.4_08-40.2
    • xen-kmp-default-4.4.4_08_3.0.101_80-40.2
  • SUSE Linux Enterprise Server 11 SP4 (i586)
    • xen-kmp-pae-4.4.4_08_3.0.101_80-40.2
  • SUSE Linux Enterprise Server 11 SP4 (x86_64)
    • xen-4.4.4_08-40.2
    • xen-doc-html-4.4.4_08-40.2
    • xen-tools-4.4.4_08-40.2
    • xen-libs-32bit-4.4.4_08-40.2
  • SLES for SAP Applications 11-SP4 (x86_64)
    • xen-tools-4.4.4_08-40.2
    • xen-4.4.4_08-40.2
    • xen-doc-html-4.4.4_08-40.2
    • xen-tools-domU-4.4.4_08-40.2
    • xen-libs-32bit-4.4.4_08-40.2
    • xen-kmp-default-4.4.4_08_3.0.101_80-40.2
    • xen-libs-4.4.4_08-40.2

References: