Security update for xen SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2015:0732-1 Final 1 1 2015-04-13T12:01:24Z current 2015-04-13T12:01:24Z 2015-04-13T12:01:24Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for xen Xen was updated to 4.3.4 to fix multiple vulnerabities and non-security bugs. The following vulnerabilities were fixed: - Long latency MMIO mapping operations are not preemptible (XSA-125 CVE-2015-2752 bnc#922705) - Unmediated PCI command register access in qemu (XSA-126 CVE-2015-2756 bnc#922706) - Hypervisor memory corruption due to x86 emulator flaw (bnc#919464 CVE-2015-2151 XSA-123) - Information leak through version information hypercall (bnc#918998 CVE-2015-2045 XSA-122) - Information leak via internal x86 system device emulation (bnc#918995 (CVE-2015-2044 XSA-121) - HVM qemu unexpectedly enabling emulated VGA graphics backends (bnc#919663 CVE-2015-2152 XSA-119) - information leakage when guest sets high resolution (bnc#895528 CVE-2014-3615) The following non-security bugs were fixed: - L3: XEN blktap device intermittently fails to connect (bnc#919098) - Problems with detecting free loop devices on Xen guest startup (bnc#903680) - xentop reports 'Found interface vif101.0 but domain 101 does not exist.' (bnc#861318) - Intel ixgbe driver assigns rx/tx queues per core resulting in irq problems on servers with a large amount of CPU cores (bnc#901488) - SLES11 SP3 Xen VT-d igb NIC doesn't work (bnc#910254) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2015-04/msg00014.html E-Mail link for openSUSE-SU-2015:0732-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings xen-4.3.4_02-41.1 xen-devel-4.3.4_02-41.1 xen-doc-html-4.3.4_02-41.1 xen-kmp-default-4.3.4_02_k3.11.10_29-41.1 xen-kmp-desktop-4.3.4_02_k3.11.10_29-41.1 xen-kmp-pae-4.3.4_02_k3.11.10_29-41.1 xen-libs-4.3.4_02-41.1 xen-libs-32bit-4.3.4_02-41.1 xen-tools-4.3.4_02-41.1 xen-tools-domU-4.3.4_02-41.1 xen-xend-tools-4.3.4_02-41.1 The VGA emulator in QEMU allows local guest users to read host memory by setting the display to a high resolution. CVE-2014-3615 moderate 1.7 AV:L/AC:L/Au:S/C:P/I:N/A:N Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2015-04/msg00014.html https://www.suse.com/security/cve/CVE-2014-3615.html CVE-2014-3615 https://bugzilla.suse.com/895528 SUSE Bug 895528 https://bugzilla.suse.com/918998 SUSE Bug 918998 The emulation routines for unspecified X86 devices in Xen 3.2.x through 4.5.x does not properly initialize data, which allow local HVM guest users to obtain sensitive information via vectors involving an unsupported access size. CVE-2015-2044 low Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2015-04/msg00014.html https://www.suse.com/security/cve/CVE-2015-2044.html CVE-2015-2044 https://bugzilla.suse.com/918995 SUSE Bug 918995 https://bugzilla.suse.com/918998 SUSE Bug 918998 The HYPERVISOR_xen_version hypercall in Xen 3.2.x through 4.5.x does not properly initialize data structures, which allows local guest users to obtain sensitive information via unspecified vectors. CVE-2015-2045 low Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2015-04/msg00014.html https://www.suse.com/security/cve/CVE-2015-2045.html CVE-2015-2045 https://bugzilla.suse.com/918998 SUSE Bug 918998 The x86 emulator in Xen 3.2.x through 4.5.x does not properly ignore segment overrides for instructions with register operands, which allows local guest users to obtain sensitive information, cause a denial of service (memory corruption), or possibly execute arbitrary code via unspecified vectors. CVE-2015-2151 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2015-04/msg00014.html https://www.suse.com/security/cve/CVE-2015-2151.html CVE-2015-2151 https://bugzilla.suse.com/918998 SUSE Bug 918998 https://bugzilla.suse.com/919464 SUSE Bug 919464 Xen 4.5.x and earlier enables certain default backends when emulating a VGA device for an x86 HVM guest qemu even when the configuration disables them, which allows local guest users to obtain access to the VGA console by (1) setting the DISPLAY environment variable, when compiled with SDL support, or connecting to the VNC server on (2) ::1 or (3) 127.0.0.1, when not compiled with SDL support. CVE-2015-2152 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2015-04/msg00014.html https://www.suse.com/security/cve/CVE-2015-2152.html CVE-2015-2152 https://bugzilla.suse.com/918998 SUSE Bug 918998 https://bugzilla.suse.com/919663 SUSE Bug 919663 https://bugzilla.suse.com/950367 SUSE Bug 950367 The XEN_DOMCTL_memory_mapping hypercall in Xen 3.2.x through 4.5.x, when using a PCI passthrough device, is not preemptible, which allows local x86 HVM domain users to cause a denial of service (host CPU consumption) via a crafted request to the device model (qemu-dm). CVE-2015-2752 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2015-04/msg00014.html https://www.suse.com/security/cve/CVE-2015-2752.html CVE-2015-2752 https://bugzilla.suse.com/922705 SUSE Bug 922705 QEMU, as used in Xen 3.3.x through 4.5.x, does not properly restrict access to PCI command registers, which might allow local HVM guest users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response. CVE-2015-2756 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2015-04/msg00014.html https://www.suse.com/security/cve/CVE-2015-2756.html CVE-2015-2756 https://bugzilla.suse.com/922706 SUSE Bug 922706