Security update for xen SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2015:2249-1 Final 1 1 2015-12-10T13:33:49Z current 2015-12-10T13:33:49Z 2015-12-10T13:33:49Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for xen This update fixes the following security issues: - bsc#947165 - CVE-2015-7311: xen: libxl fails to honour readonly flag on disks with qemu-xen (xsa-142) - bsc#954405 - CVE-2015-8104: Xen: guest to host DoS by triggering an infinite loop in microcode via #DB exception - bsc#954018 - CVE-2015-5307: xen: x86: CPU lockup during fault delivery (XSA-156) - bsc#950704 - CVE-2015-7970 xen: x86: Long latency populate-on-demand operation is not preemptible (XSA-150) 563212c9-x86-PoD-Eager-sweep-for-zeroed-pages.patch The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2015-12/msg00052.html E-Mail link for openSUSE-SU-2015:2249-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.1 xen-4.5.2_01-6.1 xen-devel-4.5.2_01-6.1 xen-doc-html-4.5.2_01-6.1 xen-kmp-default-4.5.2_01_k4.1.12_1-6.1 xen-libs-4.5.2_01-6.1 xen-libs-32bit-4.5.2_01-6.1 xen-tools-4.5.2_01-6.1 xen-tools-domU-4.5.2_01-6.1 xen-4.5.2_01-6.1 as a component of openSUSE Leap 42.1 xen-devel-4.5.2_01-6.1 as a component of openSUSE Leap 42.1 xen-doc-html-4.5.2_01-6.1 as a component of openSUSE Leap 42.1 xen-kmp-default-4.5.2_01_k4.1.12_1-6.1 as a component of openSUSE Leap 42.1 xen-libs-4.5.2_01-6.1 as a component of openSUSE Leap 42.1 xen-libs-32bit-4.5.2_01-6.1 as a component of openSUSE Leap 42.1 xen-tools-4.5.2_01-6.1 as a component of openSUSE Leap 42.1 xen-tools-domU-4.5.2_01-6.1 as a component of openSUSE Leap 42.1 Stack-based buffer overflow in the xl command line utility in Xen 4.1.x through 4.5.x allows local guest administrators to gain privileges via a long configuration argument. CVE-2015-3259 openSUSE Leap 42.1:xen-4.5.2_01-6.1 openSUSE Leap 42.1:xen-devel-4.5.2_01-6.1 openSUSE Leap 42.1:xen-doc-html-4.5.2_01-6.1 openSUSE Leap 42.1:xen-kmp-default-4.5.2_01_k4.1.12_1-6.1 openSUSE Leap 42.1:xen-libs-32bit-4.5.2_01-6.1 openSUSE Leap 42.1:xen-libs-4.5.2_01-6.1 openSUSE Leap 42.1:xen-tools-4.5.2_01-6.1 openSUSE Leap 42.1:xen-tools-domU-4.5.2_01-6.1 moderate 4.1 AV:L/AC:M/Au:S/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-12/msg00052.html https://www.suse.com/security/cve/CVE-2015-3259.html CVE-2015-3259 https://bugzilla.suse.com/935634 SUSE Bug 935634 https://bugzilla.suse.com/936281 SUSE Bug 936281 https://bugzilla.suse.com/937018 SUSE Bug 937018 https://bugzilla.suse.com/950367 SUSE Bug 950367 QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might allow local x86 HVM guests to gain privileges, cause a denial of service (host crash), obtain sensitive information, or possibly have other unspecified impact via unknown vectors. CVE-2015-4106 openSUSE Leap 42.1:xen-4.5.2_01-6.1 openSUSE Leap 42.1:xen-devel-4.5.2_01-6.1 openSUSE Leap 42.1:xen-doc-html-4.5.2_01-6.1 openSUSE Leap 42.1:xen-kmp-default-4.5.2_01_k4.1.12_1-6.1 openSUSE Leap 42.1:xen-libs-32bit-4.5.2_01-6.1 openSUSE Leap 42.1:xen-libs-4.5.2_01-6.1 openSUSE Leap 42.1:xen-tools-4.5.2_01-6.1 openSUSE Leap 42.1:xen-tools-domU-4.5.2_01-6.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-12/msg00052.html https://www.suse.com/security/cve/CVE-2015-4106.html CVE-2015-4106 https://bugzilla.suse.com/931628 SUSE Bug 931628 Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands. CVE-2015-5154 openSUSE Leap 42.1:xen-4.5.2_01-6.1 openSUSE Leap 42.1:xen-devel-4.5.2_01-6.1 openSUSE Leap 42.1:xen-doc-html-4.5.2_01-6.1 openSUSE Leap 42.1:xen-kmp-default-4.5.2_01_k4.1.12_1-6.1 openSUSE Leap 42.1:xen-libs-32bit-4.5.2_01-6.1 openSUSE Leap 42.1:xen-libs-4.5.2_01-6.1 openSUSE Leap 42.1:xen-tools-4.5.2_01-6.1 openSUSE Leap 42.1:xen-tools-domU-4.5.2_01-6.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-12/msg00052.html https://www.suse.com/security/cve/CVE-2015-5154.html CVE-2015-5154 https://bugzilla.suse.com/938344 SUSE Bug 938344 https://bugzilla.suse.com/950367 SUSE Bug 950367 Integer overflow in the VNC display driver in QEMU before 2.1.0 allows attachers to cause a denial of service (process crash) via a CLIENT_CUT_TEXT message, which triggers an infinite loop. CVE-2015-5239 openSUSE Leap 42.1:xen-4.5.2_01-6.1 openSUSE Leap 42.1:xen-devel-4.5.2_01-6.1 openSUSE Leap 42.1:xen-doc-html-4.5.2_01-6.1 openSUSE Leap 42.1:xen-kmp-default-4.5.2_01_k4.1.12_1-6.1 openSUSE Leap 42.1:xen-libs-32bit-4.5.2_01-6.1 openSUSE Leap 42.1:xen-libs-4.5.2_01-6.1 openSUSE Leap 42.1:xen-tools-4.5.2_01-6.1 openSUSE Leap 42.1:xen-tools-domU-4.5.2_01-6.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-12/msg00052.html https://www.suse.com/security/cve/CVE-2015-5239.html CVE-2015-5239 https://bugzilla.suse.com/944463 SUSE Bug 944463 https://bugzilla.suse.com/950367 SUSE Bug 950367 The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c. CVE-2015-5307 openSUSE Leap 42.1:xen-4.5.2_01-6.1 openSUSE Leap 42.1:xen-devel-4.5.2_01-6.1 openSUSE Leap 42.1:xen-doc-html-4.5.2_01-6.1 openSUSE Leap 42.1:xen-kmp-default-4.5.2_01_k4.1.12_1-6.1 openSUSE Leap 42.1:xen-libs-32bit-4.5.2_01-6.1 openSUSE Leap 42.1:xen-libs-4.5.2_01-6.1 openSUSE Leap 42.1:xen-tools-4.5.2_01-6.1 openSUSE Leap 42.1:xen-tools-domU-4.5.2_01-6.1 moderate 4.7 AV:L/AC:M/Au:N/C:N/I:N/A:C Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-12/msg00052.html https://www.suse.com/security/cve/CVE-2015-5307.html CVE-2015-5307 https://bugzilla.suse.com/953527 SUSE Bug 953527 https://bugzilla.suse.com/954018 SUSE Bug 954018 https://bugzilla.suse.com/954404 SUSE Bug 954404 https://bugzilla.suse.com/954405 SUSE Bug 954405 https://bugzilla.suse.com/962977 SUSE Bug 962977 The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecified vectors. CVE-2015-6815 openSUSE Leap 42.1:xen-4.5.2_01-6.1 openSUSE Leap 42.1:xen-devel-4.5.2_01-6.1 openSUSE Leap 42.1:xen-doc-html-4.5.2_01-6.1 openSUSE Leap 42.1:xen-kmp-default-4.5.2_01_k4.1.12_1-6.1 openSUSE Leap 42.1:xen-libs-32bit-4.5.2_01-6.1 openSUSE Leap 42.1:xen-libs-4.5.2_01-6.1 openSUSE Leap 42.1:xen-tools-4.5.2_01-6.1 openSUSE Leap 42.1:xen-tools-domU-4.5.2_01-6.1 low Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-12/msg00052.html https://www.suse.com/security/cve/CVE-2015-6815.html CVE-2015-6815 https://bugzilla.suse.com/944697 SUSE Bug 944697 https://bugzilla.suse.com/950367 SUSE Bug 950367 libxl in Xen 4.1.x through 4.6.x does not properly handle the readonly flag on disks when using the qemu-xen device model, which allows local guest users to write to a read-only disk image. CVE-2015-7311 openSUSE Leap 42.1:xen-4.5.2_01-6.1 openSUSE Leap 42.1:xen-devel-4.5.2_01-6.1 openSUSE Leap 42.1:xen-doc-html-4.5.2_01-6.1 openSUSE Leap 42.1:xen-kmp-default-4.5.2_01_k4.1.12_1-6.1 openSUSE Leap 42.1:xen-libs-32bit-4.5.2_01-6.1 openSUSE Leap 42.1:xen-libs-4.5.2_01-6.1 openSUSE Leap 42.1:xen-tools-4.5.2_01-6.1 openSUSE Leap 42.1:xen-tools-domU-4.5.2_01-6.1 low Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-12/msg00052.html https://www.suse.com/security/cve/CVE-2015-7311.html CVE-2015-7311 https://bugzilla.suse.com/947165 SUSE Bug 947165 https://bugzilla.suse.com/950367 SUSE Bug 950367 The mod_l2_entry function in arch/x86/mm.c in Xen 3.4 through 4.6.x does not properly validate level 2 page table entries, which allows local PV guest administrators to gain privileges via a crafted superpage mapping. CVE-2015-7835 openSUSE Leap 42.1:xen-4.5.2_01-6.1 openSUSE Leap 42.1:xen-devel-4.5.2_01-6.1 openSUSE Leap 42.1:xen-doc-html-4.5.2_01-6.1 openSUSE Leap 42.1:xen-kmp-default-4.5.2_01_k4.1.12_1-6.1 openSUSE Leap 42.1:xen-libs-32bit-4.5.2_01-6.1 openSUSE Leap 42.1:xen-libs-4.5.2_01-6.1 openSUSE Leap 42.1:xen-tools-4.5.2_01-6.1 openSUSE Leap 42.1:xen-tools-domU-4.5.2_01-6.1 important Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-12/msg00052.html https://www.suse.com/security/cve/CVE-2015-7835.html CVE-2015-7835 https://bugzilla.suse.com/940929 SUSE Bug 940929 https://bugzilla.suse.com/947159 SUSE Bug 947159 https://bugzilla.suse.com/950367 SUSE Bug 950367 The p2m_pod_emergency_sweep function in arch/x86/mm/p2m-pod.c in Xen 3.4.x, 3.5.x, and 3.6.x is not preemptible, which allows local x86 HVM guest administrators to cause a denial of service (CPU consumption and possibly reboot) via crafted memory contents that triggers a "time-consuming linear scan," related to Populate-on-Demand. CVE-2015-7970 openSUSE Leap 42.1:xen-4.5.2_01-6.1 openSUSE Leap 42.1:xen-devel-4.5.2_01-6.1 openSUSE Leap 42.1:xen-doc-html-4.5.2_01-6.1 openSUSE Leap 42.1:xen-kmp-default-4.5.2_01_k4.1.12_1-6.1 openSUSE Leap 42.1:xen-libs-32bit-4.5.2_01-6.1 openSUSE Leap 42.1:xen-libs-4.5.2_01-6.1 openSUSE Leap 42.1:xen-tools-4.5.2_01-6.1 openSUSE Leap 42.1:xen-tools-domU-4.5.2_01-6.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-12/msg00052.html https://www.suse.com/security/cve/CVE-2015-7970.html CVE-2015-7970 https://bugzilla.suse.com/950704 SUSE Bug 950704 The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c. CVE-2015-8104 openSUSE Leap 42.1:xen-4.5.2_01-6.1 openSUSE Leap 42.1:xen-devel-4.5.2_01-6.1 openSUSE Leap 42.1:xen-doc-html-4.5.2_01-6.1 openSUSE Leap 42.1:xen-kmp-default-4.5.2_01_k4.1.12_1-6.1 openSUSE Leap 42.1:xen-libs-32bit-4.5.2_01-6.1 openSUSE Leap 42.1:xen-libs-4.5.2_01-6.1 openSUSE Leap 42.1:xen-tools-4.5.2_01-6.1 openSUSE Leap 42.1:xen-tools-domU-4.5.2_01-6.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-12/msg00052.html https://www.suse.com/security/cve/CVE-2015-8104.html CVE-2015-8104 https://bugzilla.suse.com/953527 SUSE Bug 953527 https://bugzilla.suse.com/954018 SUSE Bug 954018 https://bugzilla.suse.com/954404 SUSE Bug 954404 https://bugzilla.suse.com/954405 SUSE Bug 954405 https://bugzilla.suse.com/962977 SUSE Bug 962977