Security update for xen SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2017:0665-1 Final 1 1 2017-03-11T08:19:01Z current 2017-03-11T08:19:01Z 2017-03-11T08:19:01Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for xen This update for xen fixes several issues. These security issues were fixed: - CVE-2017-2620: In CIRRUS_BLTMODE_MEMSYSSRC mode the bitblit copy routine cirrus_bitblt_cputovideo failed to check the memory region, allowing for an out-of-bounds write that allows for privilege escalation (bsc#1024834). - CVE-2017-2615: An error in the bitblt copy operation could have allowed a malicious guest administrator to cause an out of bounds memory access, possibly leading to information disclosure or privilege escalation (bsc#1023004). - A malicious guest could have, by frequently rebooting over extended periods of time, run the host system out of memory, resulting in a Denial of Service (DoS) (bsc#1022871) - CVE-2016-9921: The Cirrus CLGD 54xx VGA Emulator support was vulnerable to a divide by zero issue while copying VGA data. A privileged user inside guest could have used this flaw to crash the process instance on the host, resulting in DoS (bsc#1015169 These non-security issues were fixed: - bsc#1000195: Prevent panic on CPU0 while booting on SLES 11 SP3 - bsc#1002496: Added support for reloading clvm in block-dmmd block-dmmd - bsc#1005028: Fixed building Xen RPMs from Sources This update was imported from the SUSE:SLE-12-SP2:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2017-03/msg00008.html E-Mail link for openSUSE-SU-2017:0665-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.2 xen-4.7.1_06-9.2 xen-devel-4.7.1_06-9.2 xen-doc-html-4.7.1_06-9.2 xen-libs-4.7.1_06-9.2 xen-libs-32bit-4.7.1_06-9.2 xen-tools-4.7.1_06-9.2 xen-tools-domU-4.7.1_06-9.2 xen-4.7.1_06-9.2 as a component of openSUSE Leap 42.2 xen-devel-4.7.1_06-9.2 as a component of openSUSE Leap 42.2 xen-doc-html-4.7.1_06-9.2 as a component of openSUSE Leap 42.2 xen-libs-4.7.1_06-9.2 as a component of openSUSE Leap 42.2 xen-libs-32bit-4.7.1_06-9.2 as a component of openSUSE Leap 42.2 xen-tools-4.7.1_06-9.2 as a component of openSUSE Leap 42.2 xen-tools-domU-4.7.1_06-9.2 as a component of openSUSE Leap 42.2 Quick emulator (Qemu) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to a divide by zero issue. It could occur while copying VGA data when cirrus graphics mode was set to be VGA. A privileged user inside guest could use this flaw to crash the Qemu process instance on the host, resulting in DoS. CVE-2016-9921 openSUSE Leap 42.2:xen-4.7.1_06-9.2 openSUSE Leap 42.2:xen-devel-4.7.1_06-9.2 openSUSE Leap 42.2:xen-doc-html-4.7.1_06-9.2 openSUSE Leap 42.2:xen-libs-32bit-4.7.1_06-9.2 openSUSE Leap 42.2:xen-libs-4.7.1_06-9.2 openSUSE Leap 42.2:xen-tools-4.7.1_06-9.2 openSUSE Leap 42.2:xen-tools-domU-4.7.1_06-9.2 moderate 1.9 AV:L/AC:M/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-03/msg00008.html https://www.suse.com/security/cve/CVE-2016-9921.html CVE-2016-9921 https://bugzilla.suse.com/1014702 SUSE Bug 1014702 https://bugzilla.suse.com/1015169 SUSE Bug 1015169 https://bugzilla.suse.com/1178658 SUSE Bug 1178658 The cirrus_do_copy function in hw/display/cirrus_vga.c in QEMU (aka Quick Emulator), when cirrus graphics mode is VGA, allows local guest OS privileged users to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving blit pitch values. CVE-2016-9922 openSUSE Leap 42.2:xen-4.7.1_06-9.2 openSUSE Leap 42.2:xen-devel-4.7.1_06-9.2 openSUSE Leap 42.2:xen-doc-html-4.7.1_06-9.2 openSUSE Leap 42.2:xen-libs-32bit-4.7.1_06-9.2 openSUSE Leap 42.2:xen-libs-4.7.1_06-9.2 openSUSE Leap 42.2:xen-tools-4.7.1_06-9.2 openSUSE Leap 42.2:xen-tools-domU-4.7.1_06-9.2 moderate 1.5 AV:L/AC:M/Au:S/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-03/msg00008.html https://www.suse.com/security/cve/CVE-2016-9922.html CVE-2016-9922 https://bugzilla.suse.com/1014702 SUSE Bug 1014702 https://bugzilla.suse.com/1015169 SUSE Bug 1015169 https://bugzilla.suse.com/1178658 SUSE Bug 1178658 Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU process on the host. CVE-2017-2615 openSUSE Leap 42.2:xen-4.7.1_06-9.2 openSUSE Leap 42.2:xen-devel-4.7.1_06-9.2 openSUSE Leap 42.2:xen-doc-html-4.7.1_06-9.2 openSUSE Leap 42.2:xen-libs-32bit-4.7.1_06-9.2 openSUSE Leap 42.2:xen-libs-4.7.1_06-9.2 openSUSE Leap 42.2:xen-tools-4.7.1_06-9.2 openSUSE Leap 42.2:xen-tools-domU-4.7.1_06-9.2 moderate 4.9 AV:A/AC:M/Au:S/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-03/msg00008.html https://www.suse.com/security/cve/CVE-2017-2615.html CVE-2017-2615 https://bugzilla.suse.com/1023004 SUSE Bug 1023004 https://bugzilla.suse.com/1178658 SUSE Bug 1178658 Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process. CVE-2017-2620 openSUSE Leap 42.2:xen-4.7.1_06-9.2 openSUSE Leap 42.2:xen-devel-4.7.1_06-9.2 openSUSE Leap 42.2:xen-doc-html-4.7.1_06-9.2 openSUSE Leap 42.2:xen-libs-32bit-4.7.1_06-9.2 openSUSE Leap 42.2:xen-libs-4.7.1_06-9.2 openSUSE Leap 42.2:xen-tools-4.7.1_06-9.2 openSUSE Leap 42.2:xen-tools-domU-4.7.1_06-9.2 moderate 4.9 AV:A/AC:M/Au:S/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-03/msg00008.html https://www.suse.com/security/cve/CVE-2017-2620.html CVE-2017-2620 https://bugzilla.suse.com/1024834 SUSE Bug 1024834 https://bugzilla.suse.com/1024972 SUSE Bug 1024972 https://bugzilla.suse.com/1178658 SUSE Bug 1178658