Security update for xen SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2016:2507-1 Final 1 1 2016-10-12T09:34:10Z current 2016-10-12T09:34:10Z 2016-10-12T09:34:10Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for xen This update for xen fixes several issues. These security issues were fixed: - CVE-2016-7092: The get_page_from_l3e function in arch/x86/mm.c in Xen allowed local 32-bit PV guest OS administrators to gain host OS privileges via vectors related to L3 recursive pagetables (bsc#995785) - CVE-2016-7093: Xen allowed local HVM guest OS administrators to overwrite hypervisor memory and consequently gain host OS privileges by leveraging mishandling of instruction pointer truncation during emulation (bsc#995789) - CVE-2016-7094: Buffer overflow in Xen allowed local x86 HVM guest OS administrators on guests running with shadow paging to cause a denial of service via a pagetable update (bsc#995792) - CVE-2016-7154: Use-after-free vulnerability in the FIFO event channel code in Xen allowed local guest OS administrators to cause a denial of service (host crash) and possibly execute arbitrary code or obtain sensitive information via an invalid guest frame number (bsc#997731) - CVE-2016-6836: VMWARE VMXNET3 NIC device allowed privileged user inside the guest to leak information. It occured while processing transmit(tx) queue, when it reaches the end of packet (bsc#994761) - CVE-2016-6888: A integer overflow int the VMWARE VMXNET3 NIC device support, during the initialisation of new packets in the device, could have allowed a privileged user inside guest to crash the Qemu instance resulting in DoS (bsc#994772) - CVE-2016-6833: A use-after-free issue in the VMWARE VMXNET3 NIC device support allowed privileged user inside guest to crash the Qemu instance resulting in DoS (bsc#994775) - CVE-2016-6835: Buffer overflow in the VMWARE VMXNET3 NIC device support, causing an OOB read access (bsc#994625) - CVE-2016-6834: A infinite loop during packet fragmentation in the VMWARE VMXNET3 NIC device support allowed privileged user inside guest to crash the Qemu instance resulting in DoS (bsc#994421) - CVE-2016-6258: The PV pagetable code in arch/x86/mm.c in Xen allowed local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries (bsc#988675) These non-security issues were fixed: - bsc#993507: virsh detach-disk failing to detach disk - bsc#991934: Xen hypervisor crash in csched_acct - bsc#992224: During boot of Xen Hypervisor, Failed to get contiguous memory for DMA - bsc#970135: New virtualization project clock test randomly fails on Xen - bsc#994136: Unplug also SCSI disks in qemu-xen-traditional for upstream unplug protocol - bsc#994136: xen_platform: unplug also SCSI disks in qemu-xen - bsc#971949: xl: Support (by ignoring) xl migrate --live. xl migrations are always live - bsc#990970: Add PMU support for Intel E7-8867 v4 (fam=6, model=79) - bsc#966467: Live Migration SLES 11 SP3 to SP4 on AMD The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). sdksp4-xen-12782,slessp4-xen-12782 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2016/suse-su-20162507-1/ Link for SUSE-SU-2016:2507-1 https://lists.suse.com/pipermail/sle-security-updates/2016-October/002325.html E-Mail link for SUSE-SU-2016:2507-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/966467 SUSE Bug 966467 https://bugzilla.suse.com/970135 SUSE Bug 970135 https://bugzilla.suse.com/971949 SUSE Bug 971949 https://bugzilla.suse.com/988675 SUSE Bug 988675 https://bugzilla.suse.com/990970 SUSE Bug 990970 https://bugzilla.suse.com/991934 SUSE Bug 991934 https://bugzilla.suse.com/992224 SUSE Bug 992224 https://bugzilla.suse.com/993507 SUSE Bug 993507 https://bugzilla.suse.com/994136 SUSE Bug 994136 https://bugzilla.suse.com/994421 SUSE Bug 994421 https://bugzilla.suse.com/994625 SUSE Bug 994625 https://bugzilla.suse.com/994761 SUSE Bug 994761 https://bugzilla.suse.com/994772 SUSE Bug 994772 https://bugzilla.suse.com/994775 SUSE Bug 994775 https://bugzilla.suse.com/995785 SUSE Bug 995785 https://bugzilla.suse.com/995789 SUSE Bug 995789 https://bugzilla.suse.com/995792 SUSE Bug 995792 https://bugzilla.suse.com/997731 SUSE Bug 997731 https://www.suse.com/security/cve/CVE-2016-6258/ SUSE CVE CVE-2016-6258 page https://www.suse.com/security/cve/CVE-2016-6833/ SUSE CVE CVE-2016-6833 page https://www.suse.com/security/cve/CVE-2016-6834/ SUSE CVE CVE-2016-6834 page https://www.suse.com/security/cve/CVE-2016-6835/ SUSE CVE CVE-2016-6835 page https://www.suse.com/security/cve/CVE-2016-6836/ SUSE CVE CVE-2016-6836 page https://www.suse.com/security/cve/CVE-2016-6888/ SUSE CVE CVE-2016-6888 page https://www.suse.com/security/cve/CVE-2016-7092/ SUSE CVE CVE-2016-7092 page https://www.suse.com/security/cve/CVE-2016-7093/ SUSE CVE CVE-2016-7093 page https://www.suse.com/security/cve/CVE-2016-7094/ SUSE CVE CVE-2016-7094 page https://www.suse.com/security/cve/CVE-2016-7154/ SUSE CVE CVE-2016-7154 page SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 xen-devel-4.4.4_08-40.2 xen-4.4.4_08-40.2 xen-doc-html-4.4.4_08-40.2 xen-kmp-default-4.4.4_08_3.0.101_80-40.2 xen-kmp-pae-4.4.4_08_3.0.101_80-40.2 xen-libs-4.4.4_08-40.2 xen-libs-32bit-4.4.4_08-40.2 xen-tools-4.4.4_08-40.2 xen-tools-domU-4.4.4_08-40.2 xen-4.4.4_08-40.2 as a component of SUSE Linux Enterprise Server 11 SP4 xen-doc-html-4.4.4_08-40.2 as a component of SUSE Linux Enterprise Server 11 SP4 xen-kmp-default-4.4.4_08_3.0.101_80-40.2 as a component of SUSE Linux Enterprise Server 11 SP4 xen-kmp-pae-4.4.4_08_3.0.101_80-40.2 as a component of SUSE Linux Enterprise Server 11 SP4 xen-libs-4.4.4_08-40.2 as a component of SUSE Linux Enterprise Server 11 SP4 xen-libs-32bit-4.4.4_08-40.2 as a component of SUSE Linux Enterprise Server 11 SP4 xen-tools-4.4.4_08-40.2 as a component of SUSE Linux Enterprise Server 11 SP4 xen-tools-domU-4.4.4_08-40.2 as a component of SUSE Linux Enterprise Server 11 SP4 xen-4.4.4_08-40.2 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 xen-doc-html-4.4.4_08-40.2 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 xen-kmp-default-4.4.4_08_3.0.101_80-40.2 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 xen-kmp-pae-4.4.4_08_3.0.101_80-40.2 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 xen-libs-4.4.4_08-40.2 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 xen-libs-32bit-4.4.4_08-40.2 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 xen-tools-4.4.4_08-40.2 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 xen-tools-domU-4.4.4_08-40.2 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 xen-devel-4.4.4_08-40.2 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 The PV pagetable code in arch/x86/mm.c in Xen 4.7.x and earlier allows local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries. CVE-2016-6258 SUSE Linux Enterprise Server 11 SP4:xen-4.4.4_08-40.2 SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.4_08-40.2 SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2 SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.4_08_3.0.101_80-40.2 SUSE Linux Enterprise Server 11 SP4:xen-libs-32bit-4.4.4_08-40.2 SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_08-40.2 SUSE Linux Enterprise Server 11 SP4:xen-tools-4.4.4_08-40.2 SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_08-40.2 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-4.4.4_08-40.2 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-doc-html-4.4.4_08-40.2 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-pae-4.4.4_08_3.0.101_80-40.2 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-32bit-4.4.4_08-40.2 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_08-40.2 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-4.4.4_08-40.2 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_08-40.2 SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_08-40.2 important 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162507-1/ https://www.suse.com/security/cve/CVE-2016-6258.html CVE-2016-6258 https://bugzilla.suse.com/1072198 SUSE Bug 1072198 https://bugzilla.suse.com/1072223 SUSE Bug 1072223 https://bugzilla.suse.com/988675 SUSE Bug 988675 https://bugzilla.suse.com/988692 SUSE Bug 988692 Use-after-free vulnerability in the vmxnet3_io_bar0_write function in hw/net/vmxnet3.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (QEMU instance crash) by leveraging failure to check if the device is active. CVE-2016-6833 SUSE Linux Enterprise Server 11 SP4:xen-4.4.4_08-40.2 SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.4_08-40.2 SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2 SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.4_08_3.0.101_80-40.2 SUSE Linux Enterprise Server 11 SP4:xen-libs-32bit-4.4.4_08-40.2 SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_08-40.2 SUSE Linux Enterprise Server 11 SP4:xen-tools-4.4.4_08-40.2 SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_08-40.2 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-4.4.4_08-40.2 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-doc-html-4.4.4_08-40.2 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-pae-4.4.4_08_3.0.101_80-40.2 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-32bit-4.4.4_08-40.2 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_08-40.2 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-4.4.4_08-40.2 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_08-40.2 SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_08-40.2 moderate 4.1 AV:L/AC:M/Au:S/C:P/I:P/A:P 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162507-1/ https://www.suse.com/security/cve/CVE-2016-6833.html CVE-2016-6833 https://bugzilla.suse.com/994774 SUSE Bug 994774 https://bugzilla.suse.com/994775 SUSE Bug 994775 The net_tx_pkt_do_sw_fragmentation function in hw/net/net_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a zero length for the current fragment length. CVE-2016-6834 SUSE Linux Enterprise Server 11 SP4:xen-4.4.4_08-40.2 SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.4_08-40.2 SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2 SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.4_08_3.0.101_80-40.2 SUSE Linux Enterprise Server 11 SP4:xen-libs-32bit-4.4.4_08-40.2 SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_08-40.2 SUSE Linux Enterprise Server 11 SP4:xen-tools-4.4.4_08-40.2 SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_08-40.2 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-4.4.4_08-40.2 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-doc-html-4.4.4_08-40.2 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-pae-4.4.4_08_3.0.101_80-40.2 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-32bit-4.4.4_08-40.2 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_08-40.2 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-4.4.4_08-40.2 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_08-40.2 SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_08-40.2 low 1.5 AV:L/AC:M/Au:S/C:N/I:N/A:P 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162507-1/ https://www.suse.com/security/cve/CVE-2016-6834.html CVE-2016-6834 https://bugzilla.suse.com/994418 SUSE Bug 994418 https://bugzilla.suse.com/994421 SUSE Bug 994421 The vmxnet_tx_pkt_parse_headers function in hw/net/vmxnet_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (buffer over-read) by leveraging failure to check IP header length. CVE-2016-6835 SUSE Linux Enterprise Server 11 SP4:xen-4.4.4_08-40.2 SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.4_08-40.2 SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2 SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.4_08_3.0.101_80-40.2 SUSE Linux Enterprise Server 11 SP4:xen-libs-32bit-4.4.4_08-40.2 SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_08-40.2 SUSE Linux Enterprise Server 11 SP4:xen-tools-4.4.4_08-40.2 SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_08-40.2 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-4.4.4_08-40.2 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-doc-html-4.4.4_08-40.2 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-pae-4.4.4_08_3.0.101_80-40.2 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-32bit-4.4.4_08-40.2 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_08-40.2 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-4.4.4_08-40.2 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_08-40.2 SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_08-40.2 low 1.9 AV:L/AC:M/Au:N/C:N/I:N/A:P 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162507-1/ https://www.suse.com/security/cve/CVE-2016-6835.html CVE-2016-6835 https://bugzilla.suse.com/994605 SUSE Bug 994605 https://bugzilla.suse.com/994625 SUSE Bug 994625 The vmxnet3_complete_packet function in hw/net/vmxnet3.c in QEMU (aka Quick Emulator) allows local guest OS administrators to obtain sensitive host memory information by leveraging failure to initialize the txcq_descr object. CVE-2016-6836 SUSE Linux Enterprise Server 11 SP4:xen-4.4.4_08-40.2 SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.4_08-40.2 SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2 SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.4_08_3.0.101_80-40.2 SUSE Linux Enterprise Server 11 SP4:xen-libs-32bit-4.4.4_08-40.2 SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_08-40.2 SUSE Linux Enterprise Server 11 SP4:xen-tools-4.4.4_08-40.2 SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_08-40.2 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-4.4.4_08-40.2 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-doc-html-4.4.4_08-40.2 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-pae-4.4.4_08_3.0.101_80-40.2 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-32bit-4.4.4_08-40.2 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_08-40.2 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-4.4.4_08-40.2 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_08-40.2 SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_08-40.2 low 1.5 AV:L/AC:M/Au:S/C:N/I:N/A:P 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162507-1/ https://www.suse.com/security/cve/CVE-2016-6836.html CVE-2016-6836 https://bugzilla.suse.com/994760 SUSE Bug 994760 https://bugzilla.suse.com/994761 SUSE Bug 994761 Integer overflow in the net_tx_pkt_init function in hw/net/net_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (QEMU process crash) via the maximum fragmentation count, which triggers an unchecked multiplication and NULL pointer dereference. CVE-2016-6888 SUSE Linux Enterprise Server 11 SP4:xen-4.4.4_08-40.2 SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.4_08-40.2 SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2 SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.4_08_3.0.101_80-40.2 SUSE Linux Enterprise Server 11 SP4:xen-libs-32bit-4.4.4_08-40.2 SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_08-40.2 SUSE Linux Enterprise Server 11 SP4:xen-tools-4.4.4_08-40.2 SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_08-40.2 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-4.4.4_08-40.2 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-doc-html-4.4.4_08-40.2 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-pae-4.4.4_08_3.0.101_80-40.2 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-32bit-4.4.4_08-40.2 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_08-40.2 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-4.4.4_08-40.2 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_08-40.2 SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_08-40.2 low 1.5 AV:L/AC:M/Au:S/C:N/I:N/A:P 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162507-1/ https://www.suse.com/security/cve/CVE-2016-6888.html CVE-2016-6888 https://bugzilla.suse.com/994771 SUSE Bug 994771 https://bugzilla.suse.com/994772 SUSE Bug 994772 The get_page_from_l3e function in arch/x86/mm.c in Xen allows local 32-bit PV guest OS administrators to gain host OS privileges via vectors related to L3 recursive pagetables. CVE-2016-7092 SUSE Linux Enterprise Server 11 SP4:xen-4.4.4_08-40.2 SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.4_08-40.2 SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2 SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.4_08_3.0.101_80-40.2 SUSE Linux Enterprise Server 11 SP4:xen-libs-32bit-4.4.4_08-40.2 SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_08-40.2 SUSE Linux Enterprise Server 11 SP4:xen-tools-4.4.4_08-40.2 SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_08-40.2 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-4.4.4_08-40.2 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-doc-html-4.4.4_08-40.2 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-pae-4.4.4_08_3.0.101_80-40.2 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-32bit-4.4.4_08-40.2 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_08-40.2 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-4.4.4_08-40.2 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_08-40.2 SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_08-40.2 important 6.8 AV:L/AC:L/Au:S/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162507-1/ https://www.suse.com/security/cve/CVE-2016-7092.html CVE-2016-7092 https://bugzilla.suse.com/995785 SUSE Bug 995785 Xen 4.5.3, 4.6.3, and 4.7.x allow local HVM guest OS administrators to overwrite hypervisor memory and consequently gain host OS privileges by leveraging mishandling of instruction pointer truncation during emulation. CVE-2016-7093 SUSE Linux Enterprise Server 11 SP4:xen-4.4.4_08-40.2 SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.4_08-40.2 SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2 SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.4_08_3.0.101_80-40.2 SUSE Linux Enterprise Server 11 SP4:xen-libs-32bit-4.4.4_08-40.2 SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_08-40.2 SUSE Linux Enterprise Server 11 SP4:xen-tools-4.4.4_08-40.2 SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_08-40.2 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-4.4.4_08-40.2 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-doc-html-4.4.4_08-40.2 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-pae-4.4.4_08_3.0.101_80-40.2 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-32bit-4.4.4_08-40.2 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_08-40.2 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-4.4.4_08-40.2 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_08-40.2 SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_08-40.2 important 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162507-1/ https://www.suse.com/security/cve/CVE-2016-7093.html CVE-2016-7093 https://bugzilla.suse.com/995789 SUSE Bug 995789 Buffer overflow in Xen 4.7.x and earlier allows local x86 HVM guest OS administrators on guests running with shadow paging to cause a denial of service via a pagetable update. CVE-2016-7094 SUSE Linux Enterprise Server 11 SP4:xen-4.4.4_08-40.2 SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.4_08-40.2 SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2 SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.4_08_3.0.101_80-40.2 SUSE Linux Enterprise Server 11 SP4:xen-libs-32bit-4.4.4_08-40.2 SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_08-40.2 SUSE Linux Enterprise Server 11 SP4:xen-tools-4.4.4_08-40.2 SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_08-40.2 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-4.4.4_08-40.2 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-doc-html-4.4.4_08-40.2 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-pae-4.4.4_08_3.0.101_80-40.2 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-32bit-4.4.4_08-40.2 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_08-40.2 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-4.4.4_08-40.2 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_08-40.2 SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_08-40.2 moderate 4.4 AV:L/AC:M/Au:S/C:N/I:N/A:C 1.5 AV:L/AC:M/Au:S/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162507-1/ https://www.suse.com/security/cve/CVE-2016-7094.html CVE-2016-7094 https://bugzilla.suse.com/995792 SUSE Bug 995792 Use-after-free vulnerability in the FIFO event channel code in Xen 4.4.x allows local guest OS administrators to cause a denial of service (host crash) and possibly execute arbitrary code or obtain sensitive information via an invalid guest frame number. CVE-2016-7154 SUSE Linux Enterprise Server 11 SP4:xen-4.4.4_08-40.2 SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.4_08-40.2 SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2 SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.4_08_3.0.101_80-40.2 SUSE Linux Enterprise Server 11 SP4:xen-libs-32bit-4.4.4_08-40.2 SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_08-40.2 SUSE Linux Enterprise Server 11 SP4:xen-tools-4.4.4_08-40.2 SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_08-40.2 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-4.4.4_08-40.2 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-doc-html-4.4.4_08-40.2 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-pae-4.4.4_08_3.0.101_80-40.2 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-32bit-4.4.4_08-40.2 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_08-40.2 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-4.4.4_08-40.2 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_08-40.2 SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_08-40.2 important 6.9 AV:A/AC:M/Au:N/C:P/I:P/A:C 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162507-1/ https://www.suse.com/security/cve/CVE-2016-7154.html CVE-2016-7154 https://bugzilla.suse.com/997731 SUSE Bug 997731