Security update for xen SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2015:2338-1 Final 1 1 2015-12-22T08:41:00Z current 2015-12-22T08:41:00Z 2015-12-22T08:41:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for xen This update fixes the following security issues: - bsc#955399 - Fix xm migrate --log_progress. Due to logic error progress was not logged when requested. - bsc#956832 - CVE-2015-8345: xen: qemu: net: eepro100: infinite loop in processing command block list - bsc#956592 - xen: virtual PMU is unsupported (XSA-163) - bsc#956408 - CVE-2015-8339, CVE-2015-8340: xen: XENMEM_exchange error handling issues (XSA-159) - bsc#956409 - CVE-2015-8341: xen: libxl leak of pv kernel and initrd on error (XSA-160) - bsc#956411 - CVE-2015-7504: xen: heap buffer overflow vulnerability in pcnet emulator (XSA-162) - bsc#947165 - CVE-2015-7311: xen: libxl fails to honour readonly flag on disks with qemu-xen (xsa-142) - bsc#955399 - Fix xm migrate --live. The options were not passed due to a merge error. As a result the migration was not live, instead the suspended guest was migrated. - bsc#954405 - CVE-2015-8104: Xen: guest to host DoS by triggering an infinite loop in microcode via #DB exception - bsc#954018 - CVE-2015-5307: xen: x86: CPU lockup during fault delivery (XSA-156) - bsc#950704 - CVE-2015-7970: xen: x86: Long latency populate-on-demand operation is not preemptible (XSA-150) - bsc#951845 - CVE-2015-7972: xen: x86: populate-on-demand balloon size inaccuracy can crash guests (XSA-153) - Drop 5604f239-x86-PV-properly-populate-descriptor-tables.patch - bsc#950703 - CVE-2015-7969: xen: leak of main per-domain vcpu pointer array (DoS) (XSA-149) - bsc#950705 - CVE-2015-7969: xen: x86: leak of per-domain profiling-related vcpu pointer array (DoS) (XSA-151) - bsc#950706 - CVE-2015-7971: xen: x86: some pmu and profiling hypercalls log without rate limiting (XSA-152) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). sdksp4-xen-20151203-12277,sledsp4-xen-20151203-12277,slessp4-xen-20151203-12277 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2015/suse-su-20152338-1/ Link for SUSE-SU-2015:2338-1 https://lists.suse.com/pipermail/sle-security-updates/2015-December/001754.html E-Mail link for SUSE-SU-2015:2338-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/947165 SUSE Bug 947165 https://bugzilla.suse.com/950703 SUSE Bug 950703 https://bugzilla.suse.com/950704 SUSE Bug 950704 https://bugzilla.suse.com/950705 SUSE Bug 950705 https://bugzilla.suse.com/950706 SUSE Bug 950706 https://bugzilla.suse.com/951845 SUSE Bug 951845 https://bugzilla.suse.com/954018 SUSE Bug 954018 https://bugzilla.suse.com/954405 SUSE Bug 954405 https://bugzilla.suse.com/955399 SUSE Bug 955399 https://bugzilla.suse.com/956408 SUSE Bug 956408 https://bugzilla.suse.com/956409 SUSE Bug 956409 https://bugzilla.suse.com/956411 SUSE Bug 956411 https://bugzilla.suse.com/956592 SUSE Bug 956592 https://bugzilla.suse.com/956832 SUSE Bug 956832 https://www.suse.com/security/cve/CVE-2015-5307/ SUSE CVE CVE-2015-5307 page https://www.suse.com/security/cve/CVE-2015-7311/ SUSE CVE CVE-2015-7311 page https://www.suse.com/security/cve/CVE-2015-7504/ SUSE CVE CVE-2015-7504 page https://www.suse.com/security/cve/CVE-2015-7835/ SUSE CVE CVE-2015-7835 page https://www.suse.com/security/cve/CVE-2015-7969/ SUSE CVE CVE-2015-7969 page https://www.suse.com/security/cve/CVE-2015-7970/ SUSE CVE CVE-2015-7970 page https://www.suse.com/security/cve/CVE-2015-7971/ SUSE CVE CVE-2015-7971 page https://www.suse.com/security/cve/CVE-2015-7972/ SUSE CVE CVE-2015-7972 page https://www.suse.com/security/cve/CVE-2015-8104/ SUSE CVE CVE-2015-8104 page https://www.suse.com/security/cve/CVE-2015-8339/ SUSE CVE CVE-2015-8339 page https://www.suse.com/security/cve/CVE-2015-8340/ SUSE CVE CVE-2015-8340 page https://www.suse.com/security/cve/CVE-2015-8341/ SUSE CVE CVE-2015-8341 page https://www.suse.com/security/cve/CVE-2015-8345/ SUSE CVE CVE-2015-8345 page SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 xen-devel-4.4.3_06-29.1 xen-4.4.3_06-29.1 xen-doc-html-4.4.3_06-29.1 xen-kmp-default-4.4.3_06_3.0.101_65-29.1 xen-kmp-pae-4.4.3_06_3.0.101_65-29.1 xen-libs-4.4.3_06-29.1 xen-libs-32bit-4.4.3_06-29.1 xen-tools-4.4.3_06-29.1 xen-tools-domU-4.4.3_06-29.1 xen-4.4.3_06-29.1 as a component of SUSE Linux Enterprise Desktop 11 SP4 xen-doc-html-4.4.3_06-29.1 as a component of SUSE Linux Enterprise Desktop 11 SP4 xen-kmp-default-4.4.3_06_3.0.101_65-29.1 as a component of SUSE Linux Enterprise Desktop 11 SP4 xen-kmp-pae-4.4.3_06_3.0.101_65-29.1 as a component of SUSE Linux Enterprise Desktop 11 SP4 xen-libs-4.4.3_06-29.1 as a component of SUSE Linux Enterprise Desktop 11 SP4 xen-libs-32bit-4.4.3_06-29.1 as a component of SUSE Linux Enterprise Desktop 11 SP4 xen-tools-4.4.3_06-29.1 as a component of SUSE Linux Enterprise Desktop 11 SP4 xen-tools-domU-4.4.3_06-29.1 as a component of SUSE Linux Enterprise Desktop 11 SP4 xen-4.4.3_06-29.1 as a component of SUSE Linux Enterprise Server 11 SP4 xen-doc-html-4.4.3_06-29.1 as a component of SUSE Linux Enterprise Server 11 SP4 xen-kmp-default-4.4.3_06_3.0.101_65-29.1 as a component of SUSE Linux Enterprise Server 11 SP4 xen-kmp-pae-4.4.3_06_3.0.101_65-29.1 as a component of SUSE Linux Enterprise Server 11 SP4 xen-libs-4.4.3_06-29.1 as a component of SUSE Linux Enterprise Server 11 SP4 xen-libs-32bit-4.4.3_06-29.1 as a component of SUSE Linux Enterprise Server 11 SP4 xen-tools-4.4.3_06-29.1 as a component of SUSE Linux Enterprise Server 11 SP4 xen-tools-domU-4.4.3_06-29.1 as a component of SUSE Linux Enterprise Server 11 SP4 xen-4.4.3_06-29.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 xen-doc-html-4.4.3_06-29.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 xen-kmp-default-4.4.3_06_3.0.101_65-29.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 xen-kmp-pae-4.4.3_06_3.0.101_65-29.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 xen-libs-4.4.3_06-29.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 xen-libs-32bit-4.4.3_06-29.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 xen-tools-4.4.3_06-29.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 xen-tools-domU-4.4.3_06-29.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 xen-devel-4.4.3_06-29.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c. CVE-2015-5307 SUSE Linux Enterprise Desktop 11 SP4:xen-4.4.3_06-29.1 SUSE Linux Enterprise Desktop 11 SP4:xen-doc-html-4.4.3_06-29.1 SUSE Linux Enterprise Desktop 11 SP4:xen-kmp-default-4.4.3_06_3.0.101_65-29.1 SUSE Linux Enterprise Desktop 11 SP4:xen-kmp-pae-4.4.3_06_3.0.101_65-29.1 SUSE Linux Enterprise Desktop 11 SP4:xen-libs-32bit-4.4.3_06-29.1 SUSE Linux Enterprise Desktop 11 SP4:xen-libs-4.4.3_06-29.1 SUSE Linux Enterprise Desktop 11 SP4:xen-tools-4.4.3_06-29.1 SUSE Linux Enterprise Desktop 11 SP4:xen-tools-domU-4.4.3_06-29.1 SUSE Linux Enterprise Server 11 SP4:xen-4.4.3_06-29.1 SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.3_06-29.1 SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.3_06_3.0.101_65-29.1 SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.3_06_3.0.101_65-29.1 SUSE Linux Enterprise Server 11 SP4:xen-libs-32bit-4.4.3_06-29.1 SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.3_06-29.1 SUSE Linux Enterprise Server 11 SP4:xen-tools-4.4.3_06-29.1 SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.3_06-29.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-4.4.3_06-29.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-doc-html-4.4.3_06-29.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.3_06_3.0.101_65-29.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-pae-4.4.3_06_3.0.101_65-29.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-32bit-4.4.3_06-29.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.3_06-29.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-4.4.3_06-29.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.3_06-29.1 SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.3_06-29.1 moderate 4.7 AV:L/AC:M/Au:N/C:N/I:N/A:C 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20152338-1/ https://www.suse.com/security/cve/CVE-2015-5307.html CVE-2015-5307 https://bugzilla.suse.com/953527 SUSE Bug 953527 https://bugzilla.suse.com/954018 SUSE Bug 954018 https://bugzilla.suse.com/954404 SUSE Bug 954404 https://bugzilla.suse.com/954405 SUSE Bug 954405 https://bugzilla.suse.com/962977 SUSE Bug 962977 libxl in Xen 4.1.x through 4.6.x does not properly handle the readonly flag on disks when using the qemu-xen device model, which allows local guest users to write to a read-only disk image. CVE-2015-7311 SUSE Linux Enterprise Desktop 11 SP4:xen-4.4.3_06-29.1 SUSE Linux Enterprise Desktop 11 SP4:xen-doc-html-4.4.3_06-29.1 SUSE Linux Enterprise Desktop 11 SP4:xen-kmp-default-4.4.3_06_3.0.101_65-29.1 SUSE Linux Enterprise Desktop 11 SP4:xen-kmp-pae-4.4.3_06_3.0.101_65-29.1 SUSE Linux Enterprise Desktop 11 SP4:xen-libs-32bit-4.4.3_06-29.1 SUSE Linux Enterprise Desktop 11 SP4:xen-libs-4.4.3_06-29.1 SUSE Linux Enterprise Desktop 11 SP4:xen-tools-4.4.3_06-29.1 SUSE Linux Enterprise Desktop 11 SP4:xen-tools-domU-4.4.3_06-29.1 SUSE Linux Enterprise Server 11 SP4:xen-4.4.3_06-29.1 SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.3_06-29.1 SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.3_06_3.0.101_65-29.1 SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.3_06_3.0.101_65-29.1 SUSE Linux Enterprise Server 11 SP4:xen-libs-32bit-4.4.3_06-29.1 SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.3_06-29.1 SUSE Linux Enterprise Server 11 SP4:xen-tools-4.4.3_06-29.1 SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.3_06-29.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-4.4.3_06-29.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-doc-html-4.4.3_06-29.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.3_06_3.0.101_65-29.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-pae-4.4.3_06_3.0.101_65-29.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-32bit-4.4.3_06-29.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.3_06-29.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-4.4.3_06-29.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.3_06-29.1 SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.3_06-29.1 low 3.6 AV:L/AC:L/Au:N/C:N/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20152338-1/ https://www.suse.com/security/cve/CVE-2015-7311.html CVE-2015-7311 https://bugzilla.suse.com/947165 SUSE Bug 947165 https://bugzilla.suse.com/950367 SUSE Bug 950367 Heap-based buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU allows guest OS administrators to cause a denial of service (instance crash) or possibly execute arbitrary code via a series of packets in loopback mode. CVE-2015-7504 SUSE Linux Enterprise Desktop 11 SP4:xen-4.4.3_06-29.1 SUSE Linux Enterprise Desktop 11 SP4:xen-doc-html-4.4.3_06-29.1 SUSE Linux Enterprise Desktop 11 SP4:xen-kmp-default-4.4.3_06_3.0.101_65-29.1 SUSE Linux Enterprise Desktop 11 SP4:xen-kmp-pae-4.4.3_06_3.0.101_65-29.1 SUSE Linux Enterprise Desktop 11 SP4:xen-libs-32bit-4.4.3_06-29.1 SUSE Linux Enterprise Desktop 11 SP4:xen-libs-4.4.3_06-29.1 SUSE Linux Enterprise Desktop 11 SP4:xen-tools-4.4.3_06-29.1 SUSE Linux Enterprise Desktop 11 SP4:xen-tools-domU-4.4.3_06-29.1 SUSE Linux Enterprise Server 11 SP4:xen-4.4.3_06-29.1 SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.3_06-29.1 SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.3_06_3.0.101_65-29.1 SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.3_06_3.0.101_65-29.1 SUSE Linux Enterprise Server 11 SP4:xen-libs-32bit-4.4.3_06-29.1 SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.3_06-29.1 SUSE Linux Enterprise Server 11 SP4:xen-tools-4.4.3_06-29.1 SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.3_06-29.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-4.4.3_06-29.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-doc-html-4.4.3_06-29.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.3_06_3.0.101_65-29.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-pae-4.4.3_06_3.0.101_65-29.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-32bit-4.4.3_06-29.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.3_06-29.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-4.4.3_06-29.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.3_06-29.1 SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.3_06-29.1 important 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20152338-1/ https://www.suse.com/security/cve/CVE-2015-7504.html CVE-2015-7504 https://bugzilla.suse.com/956411 SUSE Bug 956411 The mod_l2_entry function in arch/x86/mm.c in Xen 3.4 through 4.6.x does not properly validate level 2 page table entries, which allows local PV guest administrators to gain privileges via a crafted superpage mapping. CVE-2015-7835 SUSE Linux Enterprise Desktop 11 SP4:xen-4.4.3_06-29.1 SUSE Linux Enterprise Desktop 11 SP4:xen-doc-html-4.4.3_06-29.1 SUSE Linux Enterprise Desktop 11 SP4:xen-kmp-default-4.4.3_06_3.0.101_65-29.1 SUSE Linux Enterprise Desktop 11 SP4:xen-kmp-pae-4.4.3_06_3.0.101_65-29.1 SUSE Linux Enterprise Desktop 11 SP4:xen-libs-32bit-4.4.3_06-29.1 SUSE Linux Enterprise Desktop 11 SP4:xen-libs-4.4.3_06-29.1 SUSE Linux Enterprise Desktop 11 SP4:xen-tools-4.4.3_06-29.1 SUSE Linux Enterprise Desktop 11 SP4:xen-tools-domU-4.4.3_06-29.1 SUSE Linux Enterprise Server 11 SP4:xen-4.4.3_06-29.1 SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.3_06-29.1 SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.3_06_3.0.101_65-29.1 SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.3_06_3.0.101_65-29.1 SUSE Linux Enterprise Server 11 SP4:xen-libs-32bit-4.4.3_06-29.1 SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.3_06-29.1 SUSE Linux Enterprise Server 11 SP4:xen-tools-4.4.3_06-29.1 SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.3_06-29.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-4.4.3_06-29.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-doc-html-4.4.3_06-29.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.3_06_3.0.101_65-29.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-pae-4.4.3_06_3.0.101_65-29.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-32bit-4.4.3_06-29.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.3_06-29.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-4.4.3_06-29.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.3_06-29.1 SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.3_06-29.1 important 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20152338-1/ https://www.suse.com/security/cve/CVE-2015-7835.html CVE-2015-7835 https://bugzilla.suse.com/940929 SUSE Bug 940929 https://bugzilla.suse.com/947159 SUSE Bug 947159 https://bugzilla.suse.com/950367 SUSE Bug 950367 Multiple memory leaks in Xen 4.0 through 4.6.x allow local guest administrators or domains with certain permission to cause a denial of service (memory consumption) via a large number of "teardowns" of domains with the vcpu pointer array allocated using the (1) XEN_DOMCTL_max_vcpus hypercall or the xenoprofile state vcpu pointer array allocated using the (2) XENOPROF_get_buffer or (3) XENOPROF_set_passive hypercall. CVE-2015-7969 SUSE Linux Enterprise Desktop 11 SP4:xen-4.4.3_06-29.1 SUSE Linux Enterprise Desktop 11 SP4:xen-doc-html-4.4.3_06-29.1 SUSE Linux Enterprise Desktop 11 SP4:xen-kmp-default-4.4.3_06_3.0.101_65-29.1 SUSE Linux Enterprise Desktop 11 SP4:xen-kmp-pae-4.4.3_06_3.0.101_65-29.1 SUSE Linux Enterprise Desktop 11 SP4:xen-libs-32bit-4.4.3_06-29.1 SUSE Linux Enterprise Desktop 11 SP4:xen-libs-4.4.3_06-29.1 SUSE Linux Enterprise Desktop 11 SP4:xen-tools-4.4.3_06-29.1 SUSE Linux Enterprise Desktop 11 SP4:xen-tools-domU-4.4.3_06-29.1 SUSE Linux Enterprise Server 11 SP4:xen-4.4.3_06-29.1 SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.3_06-29.1 SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.3_06_3.0.101_65-29.1 SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.3_06_3.0.101_65-29.1 SUSE Linux Enterprise Server 11 SP4:xen-libs-32bit-4.4.3_06-29.1 SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.3_06-29.1 SUSE Linux Enterprise Server 11 SP4:xen-tools-4.4.3_06-29.1 SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.3_06-29.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-4.4.3_06-29.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-doc-html-4.4.3_06-29.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.3_06_3.0.101_65-29.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-pae-4.4.3_06_3.0.101_65-29.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-32bit-4.4.3_06-29.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.3_06-29.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-4.4.3_06-29.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.3_06-29.1 SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.3_06-29.1 moderate 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20152338-1/ https://www.suse.com/security/cve/CVE-2015-7969.html CVE-2015-7969 https://bugzilla.suse.com/950703 SUSE Bug 950703 https://bugzilla.suse.com/950705 SUSE Bug 950705 The p2m_pod_emergency_sweep function in arch/x86/mm/p2m-pod.c in Xen 3.4.x, 3.5.x, and 3.6.x is not preemptible, which allows local x86 HVM guest administrators to cause a denial of service (CPU consumption and possibly reboot) via crafted memory contents that triggers a "time-consuming linear scan," related to Populate-on-Demand. CVE-2015-7970 SUSE Linux Enterprise Desktop 11 SP4:xen-4.4.3_06-29.1 SUSE Linux Enterprise Desktop 11 SP4:xen-doc-html-4.4.3_06-29.1 SUSE Linux Enterprise Desktop 11 SP4:xen-kmp-default-4.4.3_06_3.0.101_65-29.1 SUSE Linux Enterprise Desktop 11 SP4:xen-kmp-pae-4.4.3_06_3.0.101_65-29.1 SUSE Linux Enterprise Desktop 11 SP4:xen-libs-32bit-4.4.3_06-29.1 SUSE Linux Enterprise Desktop 11 SP4:xen-libs-4.4.3_06-29.1 SUSE Linux Enterprise Desktop 11 SP4:xen-tools-4.4.3_06-29.1 SUSE Linux Enterprise Desktop 11 SP4:xen-tools-domU-4.4.3_06-29.1 SUSE Linux Enterprise Server 11 SP4:xen-4.4.3_06-29.1 SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.3_06-29.1 SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.3_06_3.0.101_65-29.1 SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.3_06_3.0.101_65-29.1 SUSE Linux Enterprise Server 11 SP4:xen-libs-32bit-4.4.3_06-29.1 SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.3_06-29.1 SUSE Linux Enterprise Server 11 SP4:xen-tools-4.4.3_06-29.1 SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.3_06-29.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-4.4.3_06-29.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-doc-html-4.4.3_06-29.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.3_06_3.0.101_65-29.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-pae-4.4.3_06_3.0.101_65-29.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-32bit-4.4.3_06-29.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.3_06-29.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-4.4.3_06-29.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.3_06-29.1 SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.3_06-29.1 moderate 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20152338-1/ https://www.suse.com/security/cve/CVE-2015-7970.html CVE-2015-7970 https://bugzilla.suse.com/950704 SUSE Bug 950704 Xen 3.2.x through 4.6.x does not limit the number of printk console messages when logging certain pmu and profiling hypercalls, which allows local guests to cause a denial of service via a sequence of crafted (1) HYPERCALL_xenoprof_op hypercalls, which are not properly handled in the do_xenoprof_op function in common/xenoprof.c, or (2) HYPERVISOR_xenpmu_op hypercalls, which are not properly handled in the do_xenpmu_op function in arch/x86/cpu/vpmu.c. CVE-2015-7971 SUSE Linux Enterprise Desktop 11 SP4:xen-4.4.3_06-29.1 SUSE Linux Enterprise Desktop 11 SP4:xen-doc-html-4.4.3_06-29.1 SUSE Linux Enterprise Desktop 11 SP4:xen-kmp-default-4.4.3_06_3.0.101_65-29.1 SUSE Linux Enterprise Desktop 11 SP4:xen-kmp-pae-4.4.3_06_3.0.101_65-29.1 SUSE Linux Enterprise Desktop 11 SP4:xen-libs-32bit-4.4.3_06-29.1 SUSE Linux Enterprise Desktop 11 SP4:xen-libs-4.4.3_06-29.1 SUSE Linux Enterprise Desktop 11 SP4:xen-tools-4.4.3_06-29.1 SUSE Linux Enterprise Desktop 11 SP4:xen-tools-domU-4.4.3_06-29.1 SUSE Linux Enterprise Server 11 SP4:xen-4.4.3_06-29.1 SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.3_06-29.1 SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.3_06_3.0.101_65-29.1 SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.3_06_3.0.101_65-29.1 SUSE Linux Enterprise Server 11 SP4:xen-libs-32bit-4.4.3_06-29.1 SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.3_06-29.1 SUSE Linux Enterprise Server 11 SP4:xen-tools-4.4.3_06-29.1 SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.3_06-29.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-4.4.3_06-29.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-doc-html-4.4.3_06-29.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.3_06_3.0.101_65-29.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-pae-4.4.3_06_3.0.101_65-29.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-32bit-4.4.3_06-29.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.3_06-29.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-4.4.3_06-29.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.3_06-29.1 SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.3_06-29.1 low 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20152338-1/ https://www.suse.com/security/cve/CVE-2015-7971.html CVE-2015-7971 https://bugzilla.suse.com/950706 SUSE Bug 950706 The (1) libxl_set_memory_target function in tools/libxl/libxl.c and (2) libxl__build_post function in tools/libxl/libxl_dom.c in Xen 3.4.x through 4.6.x do not properly calculate the balloon size when using the populate-on-demand (PoD) system, which allows local HVM guest users to cause a denial of service (guest crash) via unspecified vectors related to "heavy memory pressure." CVE-2015-7972 SUSE Linux Enterprise Desktop 11 SP4:xen-4.4.3_06-29.1 SUSE Linux Enterprise Desktop 11 SP4:xen-doc-html-4.4.3_06-29.1 SUSE Linux Enterprise Desktop 11 SP4:xen-kmp-default-4.4.3_06_3.0.101_65-29.1 SUSE Linux Enterprise Desktop 11 SP4:xen-kmp-pae-4.4.3_06_3.0.101_65-29.1 SUSE Linux Enterprise Desktop 11 SP4:xen-libs-32bit-4.4.3_06-29.1 SUSE Linux Enterprise Desktop 11 SP4:xen-libs-4.4.3_06-29.1 SUSE Linux Enterprise Desktop 11 SP4:xen-tools-4.4.3_06-29.1 SUSE Linux Enterprise Desktop 11 SP4:xen-tools-domU-4.4.3_06-29.1 SUSE Linux Enterprise Server 11 SP4:xen-4.4.3_06-29.1 SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.3_06-29.1 SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.3_06_3.0.101_65-29.1 SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.3_06_3.0.101_65-29.1 SUSE Linux Enterprise Server 11 SP4:xen-libs-32bit-4.4.3_06-29.1 SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.3_06-29.1 SUSE Linux Enterprise Server 11 SP4:xen-tools-4.4.3_06-29.1 SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.3_06-29.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-4.4.3_06-29.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-doc-html-4.4.3_06-29.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.3_06_3.0.101_65-29.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-pae-4.4.3_06_3.0.101_65-29.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-32bit-4.4.3_06-29.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.3_06-29.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-4.4.3_06-29.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.3_06-29.1 SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.3_06-29.1 low 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20152338-1/ https://www.suse.com/security/cve/CVE-2015-7972.html CVE-2015-7972 https://bugzilla.suse.com/950704 SUSE Bug 950704 https://bugzilla.suse.com/951845 SUSE Bug 951845 The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c. CVE-2015-8104 SUSE Linux Enterprise Desktop 11 SP4:xen-4.4.3_06-29.1 SUSE Linux Enterprise Desktop 11 SP4:xen-doc-html-4.4.3_06-29.1 SUSE Linux Enterprise Desktop 11 SP4:xen-kmp-default-4.4.3_06_3.0.101_65-29.1 SUSE Linux Enterprise Desktop 11 SP4:xen-kmp-pae-4.4.3_06_3.0.101_65-29.1 SUSE Linux Enterprise Desktop 11 SP4:xen-libs-32bit-4.4.3_06-29.1 SUSE Linux Enterprise Desktop 11 SP4:xen-libs-4.4.3_06-29.1 SUSE Linux Enterprise Desktop 11 SP4:xen-tools-4.4.3_06-29.1 SUSE Linux Enterprise Desktop 11 SP4:xen-tools-domU-4.4.3_06-29.1 SUSE Linux Enterprise Server 11 SP4:xen-4.4.3_06-29.1 SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.3_06-29.1 SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.3_06_3.0.101_65-29.1 SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.3_06_3.0.101_65-29.1 SUSE Linux Enterprise Server 11 SP4:xen-libs-32bit-4.4.3_06-29.1 SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.3_06-29.1 SUSE Linux Enterprise Server 11 SP4:xen-tools-4.4.3_06-29.1 SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.3_06-29.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-4.4.3_06-29.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-doc-html-4.4.3_06-29.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.3_06_3.0.101_65-29.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-pae-4.4.3_06_3.0.101_65-29.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-32bit-4.4.3_06-29.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.3_06-29.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-4.4.3_06-29.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.3_06-29.1 SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.3_06-29.1 critical 4.7 AV:L/AC:M/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20152338-1/ https://www.suse.com/security/cve/CVE-2015-8104.html CVE-2015-8104 https://bugzilla.suse.com/1215748 SUSE Bug 1215748 https://bugzilla.suse.com/953527 SUSE Bug 953527 https://bugzilla.suse.com/954018 SUSE Bug 954018 https://bugzilla.suse.com/954404 SUSE Bug 954404 https://bugzilla.suse.com/954405 SUSE Bug 954405 https://bugzilla.suse.com/962977 SUSE Bug 962977 The memory_exchange function in common/memory.c in Xen 3.2.x through 4.6.x does not properly hand back pages to a domain, which might allow guest OS administrators to cause a denial of service (host crash) via unspecified vectors related to domain teardown. CVE-2015-8339 SUSE Linux Enterprise Desktop 11 SP4:xen-4.4.3_06-29.1 SUSE Linux Enterprise Desktop 11 SP4:xen-doc-html-4.4.3_06-29.1 SUSE Linux Enterprise Desktop 11 SP4:xen-kmp-default-4.4.3_06_3.0.101_65-29.1 SUSE Linux Enterprise Desktop 11 SP4:xen-kmp-pae-4.4.3_06_3.0.101_65-29.1 SUSE Linux Enterprise Desktop 11 SP4:xen-libs-32bit-4.4.3_06-29.1 SUSE Linux Enterprise Desktop 11 SP4:xen-libs-4.4.3_06-29.1 SUSE Linux Enterprise Desktop 11 SP4:xen-tools-4.4.3_06-29.1 SUSE Linux Enterprise Desktop 11 SP4:xen-tools-domU-4.4.3_06-29.1 SUSE Linux Enterprise Server 11 SP4:xen-4.4.3_06-29.1 SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.3_06-29.1 SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.3_06_3.0.101_65-29.1 SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.3_06_3.0.101_65-29.1 SUSE Linux Enterprise Server 11 SP4:xen-libs-32bit-4.4.3_06-29.1 SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.3_06-29.1 SUSE Linux Enterprise Server 11 SP4:xen-tools-4.4.3_06-29.1 SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.3_06-29.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-4.4.3_06-29.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-doc-html-4.4.3_06-29.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.3_06_3.0.101_65-29.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-pae-4.4.3_06_3.0.101_65-29.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-32bit-4.4.3_06-29.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.3_06-29.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-4.4.3_06-29.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.3_06-29.1 SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.3_06-29.1 moderate 4.7 AV:L/AC:M/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20152338-1/ https://www.suse.com/security/cve/CVE-2015-8339.html CVE-2015-8339 https://bugzilla.suse.com/956408 SUSE Bug 956408 The memory_exchange function in common/memory.c in Xen 3.2.x through 4.6.x does not properly release locks, which might allow guest OS administrators to cause a denial of service (deadlock or host crash) via unspecified vectors, related to XENMEM_exchange error handling. CVE-2015-8340 SUSE Linux Enterprise Desktop 11 SP4:xen-4.4.3_06-29.1 SUSE Linux Enterprise Desktop 11 SP4:xen-doc-html-4.4.3_06-29.1 SUSE Linux Enterprise Desktop 11 SP4:xen-kmp-default-4.4.3_06_3.0.101_65-29.1 SUSE Linux Enterprise Desktop 11 SP4:xen-kmp-pae-4.4.3_06_3.0.101_65-29.1 SUSE Linux Enterprise Desktop 11 SP4:xen-libs-32bit-4.4.3_06-29.1 SUSE Linux Enterprise Desktop 11 SP4:xen-libs-4.4.3_06-29.1 SUSE Linux Enterprise Desktop 11 SP4:xen-tools-4.4.3_06-29.1 SUSE Linux Enterprise Desktop 11 SP4:xen-tools-domU-4.4.3_06-29.1 SUSE Linux Enterprise Server 11 SP4:xen-4.4.3_06-29.1 SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.3_06-29.1 SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.3_06_3.0.101_65-29.1 SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.3_06_3.0.101_65-29.1 SUSE Linux Enterprise Server 11 SP4:xen-libs-32bit-4.4.3_06-29.1 SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.3_06-29.1 SUSE Linux Enterprise Server 11 SP4:xen-tools-4.4.3_06-29.1 SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.3_06-29.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-4.4.3_06-29.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-doc-html-4.4.3_06-29.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.3_06_3.0.101_65-29.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-pae-4.4.3_06_3.0.101_65-29.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-32bit-4.4.3_06-29.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.3_06-29.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-4.4.3_06-29.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.3_06-29.1 SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.3_06-29.1 moderate 4.7 AV:L/AC:M/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20152338-1/ https://www.suse.com/security/cve/CVE-2015-8340.html CVE-2015-8340 https://bugzilla.suse.com/956408 SUSE Bug 956408 The libxl toolstack library in Xen 4.1.x through 4.6.x does not properly release mappings of files used as kernels and initial ramdisks when managing multiple domains in the same process, which allows attackers to cause a denial of service (memory and disk consumption) by starting domains. CVE-2015-8341 SUSE Linux Enterprise Desktop 11 SP4:xen-4.4.3_06-29.1 SUSE Linux Enterprise Desktop 11 SP4:xen-doc-html-4.4.3_06-29.1 SUSE Linux Enterprise Desktop 11 SP4:xen-kmp-default-4.4.3_06_3.0.101_65-29.1 SUSE Linux Enterprise Desktop 11 SP4:xen-kmp-pae-4.4.3_06_3.0.101_65-29.1 SUSE Linux Enterprise Desktop 11 SP4:xen-libs-32bit-4.4.3_06-29.1 SUSE Linux Enterprise Desktop 11 SP4:xen-libs-4.4.3_06-29.1 SUSE Linux Enterprise Desktop 11 SP4:xen-tools-4.4.3_06-29.1 SUSE Linux Enterprise Desktop 11 SP4:xen-tools-domU-4.4.3_06-29.1 SUSE Linux Enterprise Server 11 SP4:xen-4.4.3_06-29.1 SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.3_06-29.1 SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.3_06_3.0.101_65-29.1 SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.3_06_3.0.101_65-29.1 SUSE Linux Enterprise Server 11 SP4:xen-libs-32bit-4.4.3_06-29.1 SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.3_06-29.1 SUSE Linux Enterprise Server 11 SP4:xen-tools-4.4.3_06-29.1 SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.3_06-29.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-4.4.3_06-29.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-doc-html-4.4.3_06-29.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.3_06_3.0.101_65-29.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-pae-4.4.3_06_3.0.101_65-29.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-32bit-4.4.3_06-29.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.3_06-29.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-4.4.3_06-29.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.3_06-29.1 SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.3_06-29.1 moderate 5.5 AV:A/AC:L/Au:S/C:N/I:N/A:C 7.8 AV:N/AC:L/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20152338-1/ https://www.suse.com/security/cve/CVE-2015-8341.html CVE-2015-8341 https://bugzilla.suse.com/956409 SUSE Bug 956409 The eepro100 emulator in QEMU qemu-kvm blank allows local guest users to cause a denial of service (application crash and infinite loop) via vectors involving the command block list. CVE-2015-8345 SUSE Linux Enterprise Desktop 11 SP4:xen-4.4.3_06-29.1 SUSE Linux Enterprise Desktop 11 SP4:xen-doc-html-4.4.3_06-29.1 SUSE Linux Enterprise Desktop 11 SP4:xen-kmp-default-4.4.3_06_3.0.101_65-29.1 SUSE Linux Enterprise Desktop 11 SP4:xen-kmp-pae-4.4.3_06_3.0.101_65-29.1 SUSE Linux Enterprise Desktop 11 SP4:xen-libs-32bit-4.4.3_06-29.1 SUSE Linux Enterprise Desktop 11 SP4:xen-libs-4.4.3_06-29.1 SUSE Linux Enterprise Desktop 11 SP4:xen-tools-4.4.3_06-29.1 SUSE Linux Enterprise Desktop 11 SP4:xen-tools-domU-4.4.3_06-29.1 SUSE Linux Enterprise Server 11 SP4:xen-4.4.3_06-29.1 SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.3_06-29.1 SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.3_06_3.0.101_65-29.1 SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.3_06_3.0.101_65-29.1 SUSE Linux Enterprise Server 11 SP4:xen-libs-32bit-4.4.3_06-29.1 SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.3_06-29.1 SUSE Linux Enterprise Server 11 SP4:xen-tools-4.4.3_06-29.1 SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.3_06-29.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-4.4.3_06-29.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-doc-html-4.4.3_06-29.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.3_06_3.0.101_65-29.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-pae-4.4.3_06_3.0.101_65-29.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-32bit-4.4.3_06-29.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.3_06-29.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-4.4.3_06-29.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.3_06-29.1 SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.3_06-29.1 moderate 5.2 AV:A/AC:M/Au:S/C:N/I:N/A:C 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20152338-1/ https://www.suse.com/security/cve/CVE-2015-8345.html CVE-2015-8345 https://bugzilla.suse.com/956829 SUSE Bug 956829 https://bugzilla.suse.com/956832 SUSE Bug 956832