Security update for xen

Announcement ID:	SUSE-SU-2017:2873-1
Rating:	important
References:	bsc#1059777 bsc#1061076 bsc#1061077 bsc#1061080 bsc#1061081 bsc#1061082 bsc#1061084 bsc#1061086 bsc#1061087
Cross-References:	CVE-2017-15588 CVE-2017-15589 CVE-2017-15590 CVE-2017-15591 CVE-2017-15592 CVE-2017-15593 CVE-2017-15594 CVE-2017-15595 CVE-2017-5526
CVSS scores:	CVE-2017-15588 ( SUSE ): 8.1 CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H CVE-2017-15588 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2017-15589 ( SUSE ): 3.2 CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N CVE-2017-15589 ( NVD ): 6.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2017-15590 ( SUSE ): 8.1 CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H CVE-2017-15590 ( NVD ): 8.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2017-15591 ( SUSE ): 5.9 CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H CVE-2017-15591 ( NVD ): 6.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2017-15592 ( SUSE ): 8.1 CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H CVE-2017-15592 ( NVD ): 8.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2017-15593 ( SUSE ): 5.9 CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H CVE-2017-15593 ( NVD ): 6.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2017-15594 ( SUSE ): 8.1 CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H CVE-2017-15594 ( NVD ): 8.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2017-15595 ( SUSE ): 8.1 CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H CVE-2017-15595 ( NVD ): 8.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2017-5526 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2017-5526 ( NVD ): 6.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Affected Products:	SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP1 LTSS 12-SP1 SUSE Linux Enterprise Server for SAP Applications 12 SP1 SUSE OpenStack Cloud 6

An update that solves nine vulnerabilities can now be installed.

Description:

This update for xen fixes several issues:

These security issues were fixed:

• CVE-2017-5526: The ES1370 audio device emulation support was vulnerable to a memory leakage issue allowing a privileged user inside the guest to cause a DoS and/or potentially crash the Qemu process on the host (bsc#1059777)
• CVE-2017-15593: Missing cleanup in the page type system allowed a malicious or buggy PV guest to cause DoS (XSA-242 bsc#1061084)
• CVE-2017-15592: A problem in the shadow pagetable code allowed a malicious or buggy HVM guest to cause DoS or cause hypervisor memory corruption potentially allowing the guest to escalate its privilege (XSA-243 bsc#1061086)
• CVE-2017-15594: Problematic handling of the selector fields in the Interrupt Descriptor Table (IDT) allowed a malicious or buggy x86 PV guest to escalate its privileges or cause DoS (XSA-244 bsc#1061087)
• CVE-2017-15591: Missing checks in the handling of DMOPs allowed malicious or buggy stub domain kernels or tool stacks otherwise living outside of Domain0 to cause a DoS (XSA-238 bsc#1061077)
• CVE-2017-15589: Intercepted I/O write operations with less than a full machine word's worth of data were not properly handled, which allowed a malicious unprivileged x86 HVM guest to obtain sensitive information from the host or other guests (XSA-239 bsc#1061080)
• CVE-2017-15595: In certain configurations of linear page tables a stack overflow might have occured that allowed a malicious or buggy PV guest to cause DoS and potentially privilege escalation and information leaks (XSA-240 bsc#1061081)
• CVE-2017-15588: Under certain conditions x86 PV guests could have caused the hypervisor to miss a necessary TLB flush for a page. This allowed a malicious x86 PV guest to access all of system memory, allowing for privilege escalation, DoS, and information leaks (XSA-241 bsc#1061082)
• CVE-2017-15590: Multiple issues existed with the setup of PCI MSI interrupts that allowed a malicious or buggy guest to cause DoS and potentially privilege escalation and information leaks (XSA-237 bsc#1061076)

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE OpenStack Cloud 6
  zypper in -t patch SUSE-OpenStack-Cloud-6-2017-1795=1
• SUSE Linux Enterprise Server for SAP Applications 12 SP1
  zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1795=1
• SUSE Linux Enterprise Server 12 SP1 LTSS 12-SP1
  zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1795=1

Package List:

• SUSE OpenStack Cloud 6 (x86_64)
  • xen-libs-debuginfo-4.5.5_18-22.31.1
  • xen-4.5.5_18-22.31.1
  • xen-doc-html-4.5.5_18-22.31.1
  • xen-libs-debuginfo-32bit-4.5.5_18-22.31.1
  • xen-libs-4.5.5_18-22.31.1
  • xen-tools-domU-debuginfo-4.5.5_18-22.31.1
  • xen-kmp-default-4.5.5_18_k3.12.74_60.64.60-22.31.1
  • xen-kmp-default-debuginfo-4.5.5_18_k3.12.74_60.64.60-22.31.1
  • xen-tools-4.5.5_18-22.31.1
  • xen-libs-32bit-4.5.5_18-22.31.1
  • xen-tools-domU-4.5.5_18-22.31.1
  • xen-tools-debuginfo-4.5.5_18-22.31.1
  • xen-debugsource-4.5.5_18-22.31.1
• SUSE Linux Enterprise Server for SAP Applications 12 SP1 (x86_64)
  • xen-doc-html-4.5.5_18-22.31.1
  • xen-4.5.5_18-22.31.1
  • xen-libs-debuginfo-4.5.5_18-22.31.1
  • xen-libs-debuginfo-32bit-4.5.5_18-22.31.1
  • xen-tools-debuginfo-4.5.5_18-22.31.1
  • xen-libs-4.5.5_18-22.31.1
  • xen-tools-domU-debuginfo-4.5.5_18-22.31.1
  • xen-kmp-default-4.5.5_18_k3.12.74_60.64.60-22.31.1
  • xen-libs-32bit-4.5.5_18-22.31.1
  • xen-tools-4.5.5_18-22.31.1
  • xen-tools-domU-4.5.5_18-22.31.1
  • xen-kmp-default-debuginfo-4.5.5_18_k3.12.74_60.64.60-22.31.1
  • xen-debugsource-4.5.5_18-22.31.1
• SUSE Linux Enterprise Server 12 SP1 LTSS 12-SP1 (x86_64)
  • xen-doc-html-4.5.5_18-22.31.1
  • xen-4.5.5_18-22.31.1
  • xen-libs-debuginfo-4.5.5_18-22.31.1
  • xen-libs-debuginfo-32bit-4.5.5_18-22.31.1
  • xen-tools-debuginfo-4.5.5_18-22.31.1
  • xen-libs-4.5.5_18-22.31.1
  • xen-tools-domU-debuginfo-4.5.5_18-22.31.1
  • xen-kmp-default-4.5.5_18_k3.12.74_60.64.60-22.31.1
  • xen-libs-32bit-4.5.5_18-22.31.1
  • xen-tools-4.5.5_18-22.31.1
  • xen-tools-domU-4.5.5_18-22.31.1
  • xen-kmp-default-debuginfo-4.5.5_18_k3.12.74_60.64.60-22.31.1
  • xen-debugsource-4.5.5_18-22.31.1

References:

• https://www.suse.com/security/cve/CVE-2017-15588.html
• https://www.suse.com/security/cve/CVE-2017-15589.html
• https://www.suse.com/security/cve/CVE-2017-15590.html
• https://www.suse.com/security/cve/CVE-2017-15591.html
• https://www.suse.com/security/cve/CVE-2017-15592.html
• https://www.suse.com/security/cve/CVE-2017-15593.html
• https://www.suse.com/security/cve/CVE-2017-15594.html
• https://www.suse.com/security/cve/CVE-2017-15595.html
• https://www.suse.com/security/cve/CVE-2017-5526.html
• https://bugzilla.suse.com/show_bug.cgi?id=1059777
• https://bugzilla.suse.com/show_bug.cgi?id=1061076
• https://bugzilla.suse.com/show_bug.cgi?id=1061077
• https://bugzilla.suse.com/show_bug.cgi?id=1061080
• https://bugzilla.suse.com/show_bug.cgi?id=1061081
• https://bugzilla.suse.com/show_bug.cgi?id=1061082
• https://bugzilla.suse.com/show_bug.cgi?id=1061084
• https://bugzilla.suse.com/show_bug.cgi?id=1061086
• https://bugzilla.suse.com/show_bug.cgi?id=1061087