Security update for xen

Announcement ID:	SUSE-SU-2016:2473-1
Rating:	important
References:	bsc#953518 bsc#955104 bsc#959330 bsc#959552 bsc#970135 bsc#971949 bsc#988675 bsc#988676 bsc#990500 bsc#990970 bsc#991934 bsc#992224 bsc#993665 bsc#994421 bsc#994625 bsc#994761 bsc#994772 bsc#994775 bsc#995785 bsc#995789 bsc#995792
Cross-References:	CVE-2016-6258 CVE-2016-6259 CVE-2016-6833 CVE-2016-6834 CVE-2016-6835 CVE-2016-6836 CVE-2016-6888 CVE-2016-7092 CVE-2016-7093 CVE-2016-7094
CVSS scores:	CVE-2016-6258 ( NVD ): 8.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2016-6259 ( NVD ): 6.2 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2016-6833 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2016-6833 ( NVD ): 4.4 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2016-6834 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2016-6834 ( NVD ): 4.4 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2016-6835 ( NVD ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2016-6835 ( NVD ): 6.0 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2016-6836 ( NVD ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N CVE-2016-6836 ( NVD ): 6.0 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N CVE-2016-6888 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2016-6888 ( NVD ): 4.4 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2016-7092 ( SUSE ): 8.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2016-7092 ( NVD ): 8.2 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2016-7093 ( NVD ): 8.2 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2016-7094 ( NVD ): 4.1 CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
Affected Products:	SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server for SAP Applications 12 SP1 SUSE Linux Enterprise Software Development Kit 12 SP1

An update that solves 10 vulnerabilities and has 11 security fixes can now be installed.

Description:

This update for xen fixes several issues.

These security issues were fixed: - CVE-2016-7092: The get_page_from_l3e function in arch/x86/mm.c in Xen allowed local 32-bit PV guest OS administrators to gain host OS privileges via vectors related to L3 recursive pagetables (bsc#995785). - CVE-2016-7093: Xen allowed local HVM guest OS administrators to overwrite hypervisor memory and consequently gain host OS privileges by leveraging mishandling of instruction pointer truncation during emulation (bsc#995789). - CVE-2016-7094: Buffer overflow in Xen allowed local x86 HVM guest OS administrators on guests running with shadow paging to cause a denial of service via a pagetable update (bsc#995792). - CVE-2016-6836: Information leakage in vmxnet3_complete_packet (bsc#994761). - CVE-2016-6888: Integer overflow in packet initialisation in VMXNET3 device driver. Aprivileged user inside guest c... (bsc#994772). - CVE-2016-6833: Use after free while writing (bsc#994775). - CVE-2016-6835: Buffer overflow in vmxnet_tx_pkt_parse_headers() in vmxnet3 deviceemulation. (bsc#994625). - CVE-2016-6834: An infinite loop during packet fragmentation (bsc#994421). - CVE-2016-6258: The PV pagetable code in arch/x86/mm.c in Xen allowed local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries (bsc#988675). - CVE-2016-6259: Xen did not implement Supervisor Mode Access Prevention (SMAP) whitelisting in 32-bit exception and event delivery, which allowed local 32-bit PV guest OS kernels to cause a denial of service (hypervisor and VM crash) by triggering a safety check (bsc#988676).

These non-security issues were fixed: - bsc#991934: Hypervisor crash in csched_acct - bsc#992224: During boot of Xen Hypervisor, failed to get contiguous memory for DMA - bsc#955104: Virsh reports error "one or more references were leaked after disconnect from hypervisor" when "virsh save" failed due to "no response from client after 6 keepalive messages" - bsc#959552: Migration of HVM guest leads into libvirt segmentation fault - bsc#993665: Migration of xen guests finishes in: One or more references were leaked after disconnect from the hypervisor - bsc#959330: Guest migrations using virsh results in error "Internal error: received hangup / error event on socket" - bsc#990500: VM virsh migration fails with keepalive error: ":virKeepAliveTimerInternal:143 : No response from client" - bsc#953518: Unplug also SCSI disks in qemu-xen-traditional for upstream unplug protocol - bsc#953518: xen_platform: unplug also SCSI disks in qemu-xen - bsc#971949: xl: Support (by ignoring) xl migrate --live. xl migrations are always live - bsc#970135: New virtualization project clock test randomly fails on Xen - bsc#990970: Add PMU support for Intel E7-8867 v4 (fam=6, model=79)

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Desktop 12 SP1
  zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1444=1
• SUSE Linux Enterprise Software Development Kit 12 SP1
  zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1444=1
• SUSE Linux Enterprise Server for SAP Applications 12 SP1
  zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1444=1
• SUSE Linux Enterprise Server 12 SP1
  zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1444=1

Package List:

• SUSE Linux Enterprise Desktop 12 SP1 (x86_64)
  • xen-libs-4.5.3_10-20.1
  • xen-libs-debuginfo-32bit-4.5.3_10-20.1
  • xen-4.5.3_10-20.1
  • xen-libs-32bit-4.5.3_10-20.1
  • xen-libs-debuginfo-4.5.3_10-20.1
  • xen-kmp-default-4.5.3_10_k3.12.62_60.62-20.1
  • xen-debugsource-4.5.3_10-20.1
  • xen-kmp-default-debuginfo-4.5.3_10_k3.12.62_60.62-20.1
• SUSE Linux Enterprise Software Development Kit 12 SP1 (x86_64)
  • xen-devel-4.5.3_10-20.1
  • xen-debugsource-4.5.3_10-20.1
• SUSE Linux Enterprise Server for SAP Applications 12 SP1 (x86_64)
  • xen-tools-domU-4.5.3_10-20.1
  • xen-tools-domU-debuginfo-4.5.3_10-20.1
  • xen-tools-debuginfo-4.5.3_10-20.1
  • xen-libs-4.5.3_10-20.1
  • xen-libs-debuginfo-32bit-4.5.3_10-20.1
  • xen-4.5.3_10-20.1
  • xen-libs-32bit-4.5.3_10-20.1
  • xen-libs-debuginfo-4.5.3_10-20.1
  • xen-tools-4.5.3_10-20.1
  • xen-kmp-default-4.5.3_10_k3.12.62_60.62-20.1
  • xen-debugsource-4.5.3_10-20.1
  • xen-kmp-default-debuginfo-4.5.3_10_k3.12.62_60.62-20.1
  • xen-doc-html-4.5.3_10-20.1
• SUSE Linux Enterprise Server 12 SP1 (x86_64)
  • xen-tools-domU-4.5.3_10-20.1
  • xen-tools-domU-debuginfo-4.5.3_10-20.1
  • xen-tools-debuginfo-4.5.3_10-20.1
  • xen-libs-4.5.3_10-20.1
  • xen-libs-debuginfo-32bit-4.5.3_10-20.1
  • xen-4.5.3_10-20.1
  • xen-libs-32bit-4.5.3_10-20.1
  • xen-libs-debuginfo-4.5.3_10-20.1
  • xen-tools-4.5.3_10-20.1
  • xen-kmp-default-4.5.3_10_k3.12.62_60.62-20.1
  • xen-debugsource-4.5.3_10-20.1
  • xen-kmp-default-debuginfo-4.5.3_10_k3.12.62_60.62-20.1
  • xen-doc-html-4.5.3_10-20.1

References:

• https://www.suse.com/security/cve/CVE-2016-6258.html
• https://www.suse.com/security/cve/CVE-2016-6259.html
• https://www.suse.com/security/cve/CVE-2016-6833.html
• https://www.suse.com/security/cve/CVE-2016-6834.html
• https://www.suse.com/security/cve/CVE-2016-6835.html
• https://www.suse.com/security/cve/CVE-2016-6836.html
• https://www.suse.com/security/cve/CVE-2016-6888.html
• https://www.suse.com/security/cve/CVE-2016-7092.html
• https://www.suse.com/security/cve/CVE-2016-7093.html
• https://www.suse.com/security/cve/CVE-2016-7094.html
• https://bugzilla.suse.com/show_bug.cgi?id=953518
• https://bugzilla.suse.com/show_bug.cgi?id=955104
• https://bugzilla.suse.com/show_bug.cgi?id=959330
• https://bugzilla.suse.com/show_bug.cgi?id=959552
• https://bugzilla.suse.com/show_bug.cgi?id=970135
• https://bugzilla.suse.com/show_bug.cgi?id=971949
• https://bugzilla.suse.com/show_bug.cgi?id=988675
• https://bugzilla.suse.com/show_bug.cgi?id=988676
• https://bugzilla.suse.com/show_bug.cgi?id=990500
• https://bugzilla.suse.com/show_bug.cgi?id=990970
• https://bugzilla.suse.com/show_bug.cgi?id=991934
• https://bugzilla.suse.com/show_bug.cgi?id=992224
• https://bugzilla.suse.com/show_bug.cgi?id=993665
• https://bugzilla.suse.com/show_bug.cgi?id=994421
• https://bugzilla.suse.com/show_bug.cgi?id=994625
• https://bugzilla.suse.com/show_bug.cgi?id=994761
• https://bugzilla.suse.com/show_bug.cgi?id=994772
• https://bugzilla.suse.com/show_bug.cgi?id=994775
• https://bugzilla.suse.com/show_bug.cgi?id=995785
• https://bugzilla.suse.com/show_bug.cgi?id=995789
• https://bugzilla.suse.com/show_bug.cgi?id=995792