Security update for xen SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2016:0126-1 Final 1 1 2016-01-14T18:12:32Z current 2016-01-14T18:12:32Z 2016-01-14T18:12:32Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for xen This update for xen fixes the following issues: - CVE-2015-8567,CVE-2015-8568: xen: qemu: net: vmxnet3: host memory leakage (boo#959387) - CVE-2015-8550: xen: paravirtualized drivers incautious about shared memory contents (XSA-155, boo#957988) - CVE-2015-8558: xen: qemu: usb: infinite loop in ehci_advance_state results in DoS (boo#959006) - CVE-2015-7549: xen: qemu pci: null pointer dereference issue (boo#958918) - CVE-2015-8504: xen: qemu: ui: vnc: avoid floating point exception (boo#958493) - CVE-2015-8554: xen: qemu-dm buffer overrun in MSI-X handling (XSA-164, boo#958007) - CVE-2015-8555: xen: information leak in legacy x86 FPU/XMM initialization (XSA-165, boo#958009) - boo#958523: xen: ioreq handling possibly susceptible to multiple read issue (XSA-166) - CVE-2015-8345: xen: qemu: net: eepro100: infinite loop in processing command block list (boo#956832) - CVE-2015-5307: xen: x86: CPU lockup during fault delivery (XSA-156, boo#954018) - boo#956592: xen: virtual PMU is unsupported (XSA-163) - CVE-2015-8339, CVE-2015-8340: xen: XENMEM_exchange error handling issues (XSA-159, boo#956408) - CVE-2015-8341: xen: libxl leak of pv kernel and initrd on error (XSA-160, boo#956409) - CVE-2015-7504: xen: heap buffer overflow vulnerability in pcnet emulator (XSA-162, boo#956411) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2016-01/msg00012.html E-Mail link for openSUSE-SU-2016:0126-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.1 xen-4.5.2_04-9.2 xen-devel-4.5.2_04-9.2 xen-doc-html-4.5.2_04-9.2 xen-kmp-default-4.5.2_04_k4.1.13_5-9.2 xen-libs-4.5.2_04-9.2 xen-libs-32bit-4.5.2_04-9.2 xen-tools-4.5.2_04-9.2 xen-tools-domU-4.5.2_04-9.2 xen-4.5.2_04-9.2 as a component of openSUSE Leap 42.1 xen-devel-4.5.2_04-9.2 as a component of openSUSE Leap 42.1 xen-doc-html-4.5.2_04-9.2 as a component of openSUSE Leap 42.1 xen-kmp-default-4.5.2_04_k4.1.13_5-9.2 as a component of openSUSE Leap 42.1 xen-libs-4.5.2_04-9.2 as a component of openSUSE Leap 42.1 xen-libs-32bit-4.5.2_04-9.2 as a component of openSUSE Leap 42.1 xen-tools-4.5.2_04-9.2 as a component of openSUSE Leap 42.1 xen-tools-domU-4.5.2_04-9.2 as a component of openSUSE Leap 42.1 The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c. CVE-2015-5307 openSUSE Leap 42.1:xen-4.5.2_04-9.2 openSUSE Leap 42.1:xen-devel-4.5.2_04-9.2 openSUSE Leap 42.1:xen-doc-html-4.5.2_04-9.2 openSUSE Leap 42.1:xen-kmp-default-4.5.2_04_k4.1.13_5-9.2 openSUSE Leap 42.1:xen-libs-32bit-4.5.2_04-9.2 openSUSE Leap 42.1:xen-libs-4.5.2_04-9.2 openSUSE Leap 42.1:xen-tools-4.5.2_04-9.2 openSUSE Leap 42.1:xen-tools-domU-4.5.2_04-9.2 moderate 4.7 AV:L/AC:M/Au:N/C:N/I:N/A:C Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-01/msg00012.html https://www.suse.com/security/cve/CVE-2015-5307.html CVE-2015-5307 https://bugzilla.suse.com/953527 SUSE Bug 953527 https://bugzilla.suse.com/954018 SUSE Bug 954018 https://bugzilla.suse.com/954404 SUSE Bug 954404 https://bugzilla.suse.com/954405 SUSE Bug 954405 https://bugzilla.suse.com/962977 SUSE Bug 962977 Heap-based buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU allows guest OS administrators to cause a denial of service (instance crash) or possibly execute arbitrary code via a series of packets in loopback mode. CVE-2015-7504 openSUSE Leap 42.1:xen-4.5.2_04-9.2 openSUSE Leap 42.1:xen-devel-4.5.2_04-9.2 openSUSE Leap 42.1:xen-doc-html-4.5.2_04-9.2 openSUSE Leap 42.1:xen-kmp-default-4.5.2_04_k4.1.13_5-9.2 openSUSE Leap 42.1:xen-libs-32bit-4.5.2_04-9.2 openSUSE Leap 42.1:xen-libs-4.5.2_04-9.2 openSUSE Leap 42.1:xen-tools-4.5.2_04-9.2 openSUSE Leap 42.1:xen-tools-domU-4.5.2_04-9.2 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-01/msg00012.html https://www.suse.com/security/cve/CVE-2015-7504.html CVE-2015-7504 https://bugzilla.suse.com/956411 SUSE Bug 956411 The MSI-X MMIO support in hw/pci/msix.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by leveraging failure to define the .write method. CVE-2015-7549 openSUSE Leap 42.1:xen-4.5.2_04-9.2 openSUSE Leap 42.1:xen-devel-4.5.2_04-9.2 openSUSE Leap 42.1:xen-doc-html-4.5.2_04-9.2 openSUSE Leap 42.1:xen-kmp-default-4.5.2_04_k4.1.13_5-9.2 openSUSE Leap 42.1:xen-libs-32bit-4.5.2_04-9.2 openSUSE Leap 42.1:xen-libs-4.5.2_04-9.2 openSUSE Leap 42.1:xen-tools-4.5.2_04-9.2 openSUSE Leap 42.1:xen-tools-domU-4.5.2_04-9.2 low 2.3 AV:A/AC:M/Au:S/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-01/msg00012.html https://www.suse.com/security/cve/CVE-2015-7549.html CVE-2015-7549 https://bugzilla.suse.com/958917 SUSE Bug 958917 https://bugzilla.suse.com/958918 SUSE Bug 958918 The memory_exchange function in common/memory.c in Xen 3.2.x through 4.6.x does not properly hand back pages to a domain, which might allow guest OS administrators to cause a denial of service (host crash) via unspecified vectors related to domain teardown. CVE-2015-8339 openSUSE Leap 42.1:xen-4.5.2_04-9.2 openSUSE Leap 42.1:xen-devel-4.5.2_04-9.2 openSUSE Leap 42.1:xen-doc-html-4.5.2_04-9.2 openSUSE Leap 42.1:xen-kmp-default-4.5.2_04_k4.1.13_5-9.2 openSUSE Leap 42.1:xen-libs-32bit-4.5.2_04-9.2 openSUSE Leap 42.1:xen-libs-4.5.2_04-9.2 openSUSE Leap 42.1:xen-tools-4.5.2_04-9.2 openSUSE Leap 42.1:xen-tools-domU-4.5.2_04-9.2 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-01/msg00012.html https://www.suse.com/security/cve/CVE-2015-8339.html CVE-2015-8339 https://bugzilla.suse.com/956408 SUSE Bug 956408 The memory_exchange function in common/memory.c in Xen 3.2.x through 4.6.x does not properly release locks, which might allow guest OS administrators to cause a denial of service (deadlock or host crash) via unspecified vectors, related to XENMEM_exchange error handling. CVE-2015-8340 openSUSE Leap 42.1:xen-4.5.2_04-9.2 openSUSE Leap 42.1:xen-devel-4.5.2_04-9.2 openSUSE Leap 42.1:xen-doc-html-4.5.2_04-9.2 openSUSE Leap 42.1:xen-kmp-default-4.5.2_04_k4.1.13_5-9.2 openSUSE Leap 42.1:xen-libs-32bit-4.5.2_04-9.2 openSUSE Leap 42.1:xen-libs-4.5.2_04-9.2 openSUSE Leap 42.1:xen-tools-4.5.2_04-9.2 openSUSE Leap 42.1:xen-tools-domU-4.5.2_04-9.2 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-01/msg00012.html https://www.suse.com/security/cve/CVE-2015-8340.html CVE-2015-8340 https://bugzilla.suse.com/956408 SUSE Bug 956408 The libxl toolstack library in Xen 4.1.x through 4.6.x does not properly release mappings of files used as kernels and initial ramdisks when managing multiple domains in the same process, which allows attackers to cause a denial of service (memory and disk consumption) by starting domains. CVE-2015-8341 openSUSE Leap 42.1:xen-4.5.2_04-9.2 openSUSE Leap 42.1:xen-devel-4.5.2_04-9.2 openSUSE Leap 42.1:xen-doc-html-4.5.2_04-9.2 openSUSE Leap 42.1:xen-kmp-default-4.5.2_04_k4.1.13_5-9.2 openSUSE Leap 42.1:xen-libs-32bit-4.5.2_04-9.2 openSUSE Leap 42.1:xen-libs-4.5.2_04-9.2 openSUSE Leap 42.1:xen-tools-4.5.2_04-9.2 openSUSE Leap 42.1:xen-tools-domU-4.5.2_04-9.2 moderate 5.5 AV:A/AC:L/Au:S/C:N/I:N/A:C Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-01/msg00012.html https://www.suse.com/security/cve/CVE-2015-8341.html CVE-2015-8341 https://bugzilla.suse.com/956409 SUSE Bug 956409 The eepro100 emulator in QEMU qemu-kvm blank allows local guest users to cause a denial of service (application crash and infinite loop) via vectors involving the command block list. CVE-2015-8345 openSUSE Leap 42.1:xen-4.5.2_04-9.2 openSUSE Leap 42.1:xen-devel-4.5.2_04-9.2 openSUSE Leap 42.1:xen-doc-html-4.5.2_04-9.2 openSUSE Leap 42.1:xen-kmp-default-4.5.2_04_k4.1.13_5-9.2 openSUSE Leap 42.1:xen-libs-32bit-4.5.2_04-9.2 openSUSE Leap 42.1:xen-libs-4.5.2_04-9.2 openSUSE Leap 42.1:xen-tools-4.5.2_04-9.2 openSUSE Leap 42.1:xen-tools-domU-4.5.2_04-9.2 moderate 5.2 AV:A/AC:M/Au:S/C:N/I:N/A:C Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-01/msg00012.html https://www.suse.com/security/cve/CVE-2015-8345.html CVE-2015-8345 https://bugzilla.suse.com/956829 SUSE Bug 956829 https://bugzilla.suse.com/956832 SUSE Bug 956832 Qemu, when built with VNC display driver support, allows remote attackers to cause a denial of service (arithmetic exception and application crash) via crafted SetPixelFormat messages from a client. CVE-2015-8504 openSUSE Leap 42.1:xen-4.5.2_04-9.2 openSUSE Leap 42.1:xen-devel-4.5.2_04-9.2 openSUSE Leap 42.1:xen-doc-html-4.5.2_04-9.2 openSUSE Leap 42.1:xen-kmp-default-4.5.2_04_k4.1.13_5-9.2 openSUSE Leap 42.1:xen-libs-32bit-4.5.2_04-9.2 openSUSE Leap 42.1:xen-libs-4.5.2_04-9.2 openSUSE Leap 42.1:xen-tools-4.5.2_04-9.2 openSUSE Leap 42.1:xen-tools-domU-4.5.2_04-9.2 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-01/msg00012.html https://www.suse.com/security/cve/CVE-2015-8504.html CVE-2015-8504 https://bugzilla.suse.com/958491 SUSE Bug 958491 https://bugzilla.suse.com/958493 SUSE Bug 958493 Xen, when used on a system providing PV backends, allows local guest OS administrators to cause a denial of service (host OS crash) or gain privileges by writing to memory shared between the frontend and backend, aka a double fetch vulnerability. CVE-2015-8550 openSUSE Leap 42.1:xen-4.5.2_04-9.2 openSUSE Leap 42.1:xen-devel-4.5.2_04-9.2 openSUSE Leap 42.1:xen-doc-html-4.5.2_04-9.2 openSUSE Leap 42.1:xen-kmp-default-4.5.2_04_k4.1.13_5-9.2 openSUSE Leap 42.1:xen-libs-32bit-4.5.2_04-9.2 openSUSE Leap 42.1:xen-libs-4.5.2_04-9.2 openSUSE Leap 42.1:xen-tools-4.5.2_04-9.2 openSUSE Leap 42.1:xen-tools-domU-4.5.2_04-9.2 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-01/msg00012.html https://www.suse.com/security/cve/CVE-2015-8550.html CVE-2015-8550 https://bugzilla.suse.com/1052256 SUSE Bug 1052256 https://bugzilla.suse.com/957988 SUSE Bug 957988 Buffer overflow in hw/pt-msi.c in Xen 4.6.x and earlier, when using the qemu-xen-traditional (aka qemu-dm) device model, allows local x86 HVM guest administrators to gain privileges by leveraging a system with access to a passed-through MSI-X capable physical PCI device and MSI-X table entries, related to a "write path." CVE-2015-8554 openSUSE Leap 42.1:xen-4.5.2_04-9.2 openSUSE Leap 42.1:xen-devel-4.5.2_04-9.2 openSUSE Leap 42.1:xen-doc-html-4.5.2_04-9.2 openSUSE Leap 42.1:xen-kmp-default-4.5.2_04_k4.1.13_5-9.2 openSUSE Leap 42.1:xen-libs-32bit-4.5.2_04-9.2 openSUSE Leap 42.1:xen-libs-4.5.2_04-9.2 openSUSE Leap 42.1:xen-tools-4.5.2_04-9.2 openSUSE Leap 42.1:xen-tools-domU-4.5.2_04-9.2 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-01/msg00012.html https://www.suse.com/security/cve/CVE-2015-8554.html CVE-2015-8554 https://bugzilla.suse.com/958007 SUSE Bug 958007 Xen 4.6.x, 4.5.x, 4.4.x, 4.3.x, and earlier do not initialize x86 FPU stack and XMM registers when XSAVE/XRSTOR are not used to manage guest extended register state, which allows local guest domains to obtain sensitive information from other domains via unspecified vectors. CVE-2015-8555 openSUSE Leap 42.1:xen-4.5.2_04-9.2 openSUSE Leap 42.1:xen-devel-4.5.2_04-9.2 openSUSE Leap 42.1:xen-doc-html-4.5.2_04-9.2 openSUSE Leap 42.1:xen-kmp-default-4.5.2_04_k4.1.13_5-9.2 openSUSE Leap 42.1:xen-libs-32bit-4.5.2_04-9.2 openSUSE Leap 42.1:xen-libs-4.5.2_04-9.2 openSUSE Leap 42.1:xen-tools-4.5.2_04-9.2 openSUSE Leap 42.1:xen-tools-domU-4.5.2_04-9.2 low Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-01/msg00012.html https://www.suse.com/security/cve/CVE-2015-8555.html CVE-2015-8555 https://bugzilla.suse.com/958009 SUSE Bug 958009 The ehci_process_itd function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular isochronous transfer descriptor (iTD) list. CVE-2015-8558 openSUSE Leap 42.1:xen-4.5.2_04-9.2 openSUSE Leap 42.1:xen-devel-4.5.2_04-9.2 openSUSE Leap 42.1:xen-doc-html-4.5.2_04-9.2 openSUSE Leap 42.1:xen-kmp-default-4.5.2_04_k4.1.13_5-9.2 openSUSE Leap 42.1:xen-libs-32bit-4.5.2_04-9.2 openSUSE Leap 42.1:xen-libs-4.5.2_04-9.2 openSUSE Leap 42.1:xen-tools-4.5.2_04-9.2 openSUSE Leap 42.1:xen-tools-domU-4.5.2_04-9.2 low Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-01/msg00012.html https://www.suse.com/security/cve/CVE-2015-8558.html CVE-2015-8558 https://bugzilla.suse.com/959005 SUSE Bug 959005 https://bugzilla.suse.com/959006 SUSE Bug 959006 https://bugzilla.suse.com/976109 SUSE Bug 976109 https://bugzilla.suse.com/976111 SUSE Bug 976111 Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause a denial of service (memory consumption). CVE-2015-8567 openSUSE Leap 42.1:xen-4.5.2_04-9.2 openSUSE Leap 42.1:xen-devel-4.5.2_04-9.2 openSUSE Leap 42.1:xen-doc-html-4.5.2_04-9.2 openSUSE Leap 42.1:xen-kmp-default-4.5.2_04_k4.1.13_5-9.2 openSUSE Leap 42.1:xen-libs-32bit-4.5.2_04-9.2 openSUSE Leap 42.1:xen-libs-4.5.2_04-9.2 openSUSE Leap 42.1:xen-tools-4.5.2_04-9.2 openSUSE Leap 42.1:xen-tools-domU-4.5.2_04-9.2 low 2.3 AV:A/AC:M/Au:S/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-01/msg00012.html https://www.suse.com/security/cve/CVE-2015-8567.html CVE-2015-8567 https://bugzilla.suse.com/959386 SUSE Bug 959386 https://bugzilla.suse.com/959387 SUSE Bug 959387 Memory leak in QEMU, when built with a VMWARE VMXNET3 paravirtual NIC emulator support, allows local guest users to cause a denial of service (host memory consumption) by trying to activate the vmxnet3 device repeatedly. CVE-2015-8568 openSUSE Leap 42.1:xen-4.5.2_04-9.2 openSUSE Leap 42.1:xen-devel-4.5.2_04-9.2 openSUSE Leap 42.1:xen-doc-html-4.5.2_04-9.2 openSUSE Leap 42.1:xen-kmp-default-4.5.2_04_k4.1.13_5-9.2 openSUSE Leap 42.1:xen-libs-32bit-4.5.2_04-9.2 openSUSE Leap 42.1:xen-libs-4.5.2_04-9.2 openSUSE Leap 42.1:xen-tools-4.5.2_04-9.2 openSUSE Leap 42.1:xen-tools-domU-4.5.2_04-9.2 low Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-01/msg00012.html https://www.suse.com/security/cve/CVE-2015-8568.html CVE-2015-8568 https://bugzilla.suse.com/959386 SUSE Bug 959386 https://bugzilla.suse.com/959387 SUSE Bug 959387