Security update for xen SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2017:0718-1 Final 1 1 2017-03-17T07:43:02Z current 2017-03-17T07:43:02Z 2017-03-17T07:43:02Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for xen This update for xen fixes several issues. These security issues were fixed: - CVE-2016-10155: The virtual hardware watchdog 'wdt_i6300esb' was vulnerable to a memory leakage issue allowing a privileged user to cause a DoS and/or potentially crash the Qemu process on the host (bsc#1024183) - CVE-2017-2620: In CIRRUS_BLTMODE_MEMSYSSRC mode the bitblit copy routine cirrus_bitblt_cputovideo failed to check the memory region, allowing for an out-of-bounds write that allows for privilege escalation (bsc#1024834) - CVE-2017-2615: An error in the bitblt copy operation could have allowed a malicious guest administrator to cause an out of bounds memory access, possibly leading to information disclosure or privilege escalation (bsc#1023004) - CVE-2014-8106: A heap-based buffer overflow in the Cirrus VGA emulator allowed local guest users to execute arbitrary code via vectors related to blit regions (bsc#907805) - CVE-2016-9911: The USB EHCI Emulation support was vulnerable to a memory leakage issue while processing packet data in 'ehci_init_transfer'. A guest user/process could have used this issue to leak host memory, resulting in DoS for the host (bsc#1014507) - CVE-2016-9921: The Cirrus CLGD 54xx VGA Emulator support was vulnerable to a divide by zero issue while copying VGA data. A privileged user inside guest could have used this flaw to crash the process instance on the host, resulting in DoS (bsc#1015169) - CVE-2016-9922: The Cirrus CLGD 54xx VGA Emulator support was vulnerable to a divide by zero issue while copying VGA data. A privileged user inside guest could have used this flaw to crash the process instance on the host, resulting in DoS (bsc#1015169) - CVE-2016-10013: Xen allowed local 64-bit x86 HVM guest OS users to gain privileges by leveraging mishandling of SYSCALL singlestep during emulation (bsc#1016340). - CVE-2016-9932: CMPXCHG8B emulation on x86 systems allowed local HVM guest OS users to obtain sensitive information from host stack memory via a 'supposedly-ignored' operand size prefix (bsc#1012651). - CVE-2016-9101: A memory leak in hw/net/eepro100.c allowed local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by repeatedly unplugging an i8255x (PRO100) NIC device (bsc#1013668) - CVE-2016-9776: The ColdFire Fast Ethernet Controller emulator support was vulnerable to an infinite loop issue while receiving packets in 'mcf_fec_receive'. A privileged user/process inside guest could have used this issue to crash the Qemu process on the host leading to DoS (bsc#1013657) - A malicious guest could have, by frequently rebooting over extended periods of time, run the host system out of memory, resulting in a Denial of Service (DoS) (bsc#1022871) - CVE-2016-10024: Xen allowed local x86 PV guest OS kernel administrators to cause a denial of service (host hang or crash) by modifying the instruction stream asynchronously while performing certain kernel operations (bsc#1014298) This non-security issue was fixed: - bsc#1002496: Added support for reloading clvm in block-dmmd block-dmmd The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). sleclo50sp3-xen-13030,sleman21-xen-13030,slemap21-xen-13030,sleposp3-xen-13030,slessp3-xen-13030 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2017/suse-su-20170718-1/ Link for SUSE-SU-2017:0718-1 https://lists.suse.com/pipermail/sle-security-updates/2017-March/002705.html E-Mail link for SUSE-SU-2017:0718-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1002496 SUSE Bug 1002496 https://bugzilla.suse.com/1012651 SUSE Bug 1012651 https://bugzilla.suse.com/1013657 SUSE Bug 1013657 https://bugzilla.suse.com/1013668 SUSE Bug 1013668 https://bugzilla.suse.com/1014298 SUSE Bug 1014298 https://bugzilla.suse.com/1014507 SUSE Bug 1014507 https://bugzilla.suse.com/1015169 SUSE Bug 1015169 https://bugzilla.suse.com/1016340 SUSE Bug 1016340 https://bugzilla.suse.com/1022871 SUSE Bug 1022871 https://bugzilla.suse.com/1023004 SUSE Bug 1023004 https://bugzilla.suse.com/1024183 SUSE Bug 1024183 https://bugzilla.suse.com/1024834 SUSE Bug 1024834 https://bugzilla.suse.com/907805 SUSE Bug 907805 https://www.suse.com/security/cve/CVE-2014-8106/ SUSE CVE CVE-2014-8106 page https://www.suse.com/security/cve/CVE-2016-10013/ SUSE CVE CVE-2016-10013 page https://www.suse.com/security/cve/CVE-2016-10024/ SUSE CVE CVE-2016-10024 page https://www.suse.com/security/cve/CVE-2016-10155/ SUSE CVE CVE-2016-10155 page https://www.suse.com/security/cve/CVE-2016-9101/ SUSE CVE CVE-2016-9101 page https://www.suse.com/security/cve/CVE-2016-9776/ SUSE CVE CVE-2016-9776 page https://www.suse.com/security/cve/CVE-2016-9911/ SUSE CVE CVE-2016-9911 page https://www.suse.com/security/cve/CVE-2016-9921/ SUSE CVE CVE-2016-9921 page https://www.suse.com/security/cve/CVE-2016-9922/ SUSE CVE CVE-2016-9922 page https://www.suse.com/security/cve/CVE-2016-9932/ SUSE CVE CVE-2016-9932 page https://www.suse.com/security/cve/CVE-2017-2615/ SUSE CVE CVE-2017-2615 page https://www.suse.com/security/cve/CVE-2017-2620/ SUSE CVE CVE-2017-2620 page SUSE Linux Enterprise Point of Sale 11 SP3 SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Manager 2.1 SUSE Manager Proxy 2.1 SUSE OpenStack Cloud 5 xen-4.2.5_21-35.1 xen-doc-html-4.2.5_21-35.1 xen-doc-pdf-4.2.5_21-35.1 xen-kmp-default-4.2.5_21_3.0.101_0.47.96-35.1 xen-libs-4.2.5_21-35.1 xen-libs-32bit-4.2.5_21-35.1 xen-tools-4.2.5_21-35.1 xen-tools-domU-4.2.5_21-35.1 xen-kmp-pae-4.2.5_21_3.0.101_0.47.96-35.1 xen-kmp-default-4.2.5_21_3.0.101_0.47.96-35.1 as a component of SUSE Linux Enterprise Point of Sale 11 SP3 xen-kmp-pae-4.2.5_21_3.0.101_0.47.96-35.1 as a component of SUSE Linux Enterprise Point of Sale 11 SP3 xen-libs-4.2.5_21-35.1 as a component of SUSE Linux Enterprise Point of Sale 11 SP3 xen-tools-domU-4.2.5_21-35.1 as a component of SUSE Linux Enterprise Point of Sale 11 SP3 xen-4.2.5_21-35.1 as a component of SUSE Linux Enterprise Server 11 SP3-LTSS xen-doc-html-4.2.5_21-35.1 as a component of SUSE Linux Enterprise Server 11 SP3-LTSS xen-doc-pdf-4.2.5_21-35.1 as a component of SUSE Linux Enterprise Server 11 SP3-LTSS xen-kmp-default-4.2.5_21_3.0.101_0.47.96-35.1 as a component of SUSE Linux Enterprise Server 11 SP3-LTSS xen-kmp-pae-4.2.5_21_3.0.101_0.47.96-35.1 as a component of SUSE Linux Enterprise Server 11 SP3-LTSS xen-libs-4.2.5_21-35.1 as a component of SUSE Linux Enterprise Server 11 SP3-LTSS xen-libs-32bit-4.2.5_21-35.1 as a component of SUSE Linux Enterprise Server 11 SP3-LTSS xen-tools-4.2.5_21-35.1 as a component of SUSE Linux Enterprise Server 11 SP3-LTSS xen-tools-domU-4.2.5_21-35.1 as a component of SUSE Linux Enterprise Server 11 SP3-LTSS xen-4.2.5_21-35.1 as a component of SUSE Manager 2.1 xen-doc-html-4.2.5_21-35.1 as a component of SUSE Manager 2.1 xen-doc-pdf-4.2.5_21-35.1 as a component of SUSE Manager 2.1 xen-kmp-default-4.2.5_21_3.0.101_0.47.96-35.1 as a component of SUSE Manager 2.1 xen-libs-4.2.5_21-35.1 as a component of SUSE Manager 2.1 xen-libs-32bit-4.2.5_21-35.1 as a component of SUSE Manager 2.1 xen-tools-4.2.5_21-35.1 as a component of SUSE Manager 2.1 xen-tools-domU-4.2.5_21-35.1 as a component of SUSE Manager 2.1 xen-4.2.5_21-35.1 as a component of SUSE Manager Proxy 2.1 xen-doc-html-4.2.5_21-35.1 as a component of SUSE Manager Proxy 2.1 xen-doc-pdf-4.2.5_21-35.1 as a component of SUSE Manager Proxy 2.1 xen-kmp-default-4.2.5_21_3.0.101_0.47.96-35.1 as a component of SUSE Manager Proxy 2.1 xen-libs-4.2.5_21-35.1 as a component of SUSE Manager Proxy 2.1 xen-libs-32bit-4.2.5_21-35.1 as a component of SUSE Manager Proxy 2.1 xen-tools-4.2.5_21-35.1 as a component of SUSE Manager Proxy 2.1 xen-tools-domU-4.2.5_21-35.1 as a component of SUSE Manager Proxy 2.1 xen-4.2.5_21-35.1 as a component of SUSE OpenStack Cloud 5 xen-doc-html-4.2.5_21-35.1 as a component of SUSE OpenStack Cloud 5 xen-doc-pdf-4.2.5_21-35.1 as a component of SUSE OpenStack Cloud 5 xen-kmp-default-4.2.5_21_3.0.101_0.47.96-35.1 as a component of SUSE OpenStack Cloud 5 xen-libs-4.2.5_21-35.1 as a component of SUSE OpenStack Cloud 5 xen-libs-32bit-4.2.5_21-35.1 as a component of SUSE OpenStack Cloud 5 xen-tools-4.2.5_21-35.1 as a component of SUSE OpenStack Cloud 5 xen-tools-domU-4.2.5_21-35.1 as a component of SUSE OpenStack Cloud 5 Heap-based buffer overflow in the Cirrus VGA emulator (hw/display/cirrus_vga.c) in QEMU before 2.2.0 allows local guest users to execute arbitrary code via vectors related to blit regions. NOTE: this vulnerability exists because an incomplete fix for CVE-2007-1320. CVE-2014-8106 SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.96-35.1 SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.96-35.1 SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-35.1 SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-35.1 SUSE Linux Enterprise Server 11 SP3-LTSS:xen-4.2.5_21-35.1 SUSE Linux Enterprise Server 11 SP3-LTSS:xen-doc-html-4.2.5_21-35.1 SUSE Linux Enterprise Server 11 SP3-LTSS:xen-doc-pdf-4.2.5_21-35.1 SUSE Linux Enterprise Server 11 SP3-LTSS:xen-kmp-default-4.2.5_21_3.0.101_0.47.96-35.1 SUSE Linux Enterprise Server 11 SP3-LTSS:xen-kmp-pae-4.2.5_21_3.0.101_0.47.96-35.1 SUSE Linux Enterprise Server 11 SP3-LTSS:xen-libs-32bit-4.2.5_21-35.1 SUSE Linux Enterprise Server 11 SP3-LTSS:xen-libs-4.2.5_21-35.1 SUSE Linux Enterprise Server 11 SP3-LTSS:xen-tools-4.2.5_21-35.1 SUSE Linux Enterprise Server 11 SP3-LTSS:xen-tools-domU-4.2.5_21-35.1 SUSE Manager 2.1:xen-4.2.5_21-35.1 SUSE Manager 2.1:xen-doc-html-4.2.5_21-35.1 SUSE Manager 2.1:xen-doc-pdf-4.2.5_21-35.1 SUSE Manager 2.1:xen-kmp-default-4.2.5_21_3.0.101_0.47.96-35.1 SUSE Manager 2.1:xen-libs-32bit-4.2.5_21-35.1 SUSE Manager 2.1:xen-libs-4.2.5_21-35.1 SUSE Manager 2.1:xen-tools-4.2.5_21-35.1 SUSE Manager 2.1:xen-tools-domU-4.2.5_21-35.1 SUSE Manager Proxy 2.1:xen-4.2.5_21-35.1 SUSE Manager Proxy 2.1:xen-doc-html-4.2.5_21-35.1 SUSE Manager Proxy 2.1:xen-doc-pdf-4.2.5_21-35.1 SUSE Manager Proxy 2.1:xen-kmp-default-4.2.5_21_3.0.101_0.47.96-35.1 SUSE Manager Proxy 2.1:xen-libs-32bit-4.2.5_21-35.1 SUSE Manager Proxy 2.1:xen-libs-4.2.5_21-35.1 SUSE Manager Proxy 2.1:xen-tools-4.2.5_21-35.1 SUSE Manager Proxy 2.1:xen-tools-domU-4.2.5_21-35.1 SUSE OpenStack Cloud 5:xen-4.2.5_21-35.1 SUSE OpenStack Cloud 5:xen-doc-html-4.2.5_21-35.1 SUSE OpenStack Cloud 5:xen-doc-pdf-4.2.5_21-35.1 SUSE OpenStack Cloud 5:xen-kmp-default-4.2.5_21_3.0.101_0.47.96-35.1 SUSE OpenStack Cloud 5:xen-libs-32bit-4.2.5_21-35.1 SUSE OpenStack Cloud 5:xen-libs-4.2.5_21-35.1 SUSE OpenStack Cloud 5:xen-tools-4.2.5_21-35.1 SUSE OpenStack Cloud 5:xen-tools-domU-4.2.5_21-35.1 moderate 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20170718-1/ https://www.suse.com/security/cve/CVE-2014-8106.html CVE-2014-8106 https://bugzilla.suse.com/1023004 SUSE Bug 1023004 https://bugzilla.suse.com/1178658 SUSE Bug 1178658 https://bugzilla.suse.com/907805 SUSE Bug 907805 Xen through 4.8.x allows local 64-bit x86 HVM guest OS users to gain privileges by leveraging mishandling of SYSCALL singlestep during emulation. CVE-2016-10013 SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.96-35.1 SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.96-35.1 SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-35.1 SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-35.1 SUSE Linux Enterprise Server 11 SP3-LTSS:xen-4.2.5_21-35.1 SUSE Linux Enterprise Server 11 SP3-LTSS:xen-doc-html-4.2.5_21-35.1 SUSE Linux Enterprise Server 11 SP3-LTSS:xen-doc-pdf-4.2.5_21-35.1 SUSE Linux Enterprise Server 11 SP3-LTSS:xen-kmp-default-4.2.5_21_3.0.101_0.47.96-35.1 SUSE Linux Enterprise Server 11 SP3-LTSS:xen-kmp-pae-4.2.5_21_3.0.101_0.47.96-35.1 SUSE Linux Enterprise Server 11 SP3-LTSS:xen-libs-32bit-4.2.5_21-35.1 SUSE Linux Enterprise Server 11 SP3-LTSS:xen-libs-4.2.5_21-35.1 SUSE Linux Enterprise Server 11 SP3-LTSS:xen-tools-4.2.5_21-35.1 SUSE Linux Enterprise Server 11 SP3-LTSS:xen-tools-domU-4.2.5_21-35.1 SUSE Manager 2.1:xen-4.2.5_21-35.1 SUSE Manager 2.1:xen-doc-html-4.2.5_21-35.1 SUSE Manager 2.1:xen-doc-pdf-4.2.5_21-35.1 SUSE Manager 2.1:xen-kmp-default-4.2.5_21_3.0.101_0.47.96-35.1 SUSE Manager 2.1:xen-libs-32bit-4.2.5_21-35.1 SUSE Manager 2.1:xen-libs-4.2.5_21-35.1 SUSE Manager 2.1:xen-tools-4.2.5_21-35.1 SUSE Manager 2.1:xen-tools-domU-4.2.5_21-35.1 SUSE Manager Proxy 2.1:xen-4.2.5_21-35.1 SUSE Manager Proxy 2.1:xen-doc-html-4.2.5_21-35.1 SUSE Manager Proxy 2.1:xen-doc-pdf-4.2.5_21-35.1 SUSE Manager Proxy 2.1:xen-kmp-default-4.2.5_21_3.0.101_0.47.96-35.1 SUSE Manager Proxy 2.1:xen-libs-32bit-4.2.5_21-35.1 SUSE Manager Proxy 2.1:xen-libs-4.2.5_21-35.1 SUSE Manager Proxy 2.1:xen-tools-4.2.5_21-35.1 SUSE Manager Proxy 2.1:xen-tools-domU-4.2.5_21-35.1 SUSE OpenStack Cloud 5:xen-4.2.5_21-35.1 SUSE OpenStack Cloud 5:xen-doc-html-4.2.5_21-35.1 SUSE OpenStack Cloud 5:xen-doc-pdf-4.2.5_21-35.1 SUSE OpenStack Cloud 5:xen-kmp-default-4.2.5_21_3.0.101_0.47.96-35.1 SUSE OpenStack Cloud 5:xen-libs-32bit-4.2.5_21-35.1 SUSE OpenStack Cloud 5:xen-libs-4.2.5_21-35.1 SUSE OpenStack Cloud 5:xen-tools-4.2.5_21-35.1 SUSE OpenStack Cloud 5:xen-tools-domU-4.2.5_21-35.1 moderate 6.6 AV:L/AC:M/Au:S/C:C/I:C/A:C 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20170718-1/ https://www.suse.com/security/cve/CVE-2016-10013.html CVE-2016-10013 https://bugzilla.suse.com/1016340 SUSE Bug 1016340 Xen through 4.8.x allows local x86 PV guest OS kernel administrators to cause a denial of service (host hang or crash) by modifying the instruction stream asynchronously while performing certain kernel operations. CVE-2016-10024 SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.96-35.1 SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.96-35.1 SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-35.1 SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-35.1 SUSE Linux Enterprise Server 11 SP3-LTSS:xen-4.2.5_21-35.1 SUSE Linux Enterprise Server 11 SP3-LTSS:xen-doc-html-4.2.5_21-35.1 SUSE Linux Enterprise Server 11 SP3-LTSS:xen-doc-pdf-4.2.5_21-35.1 SUSE Linux Enterprise Server 11 SP3-LTSS:xen-kmp-default-4.2.5_21_3.0.101_0.47.96-35.1 SUSE Linux Enterprise Server 11 SP3-LTSS:xen-kmp-pae-4.2.5_21_3.0.101_0.47.96-35.1 SUSE Linux Enterprise Server 11 SP3-LTSS:xen-libs-32bit-4.2.5_21-35.1 SUSE Linux Enterprise Server 11 SP3-LTSS:xen-libs-4.2.5_21-35.1 SUSE Linux Enterprise Server 11 SP3-LTSS:xen-tools-4.2.5_21-35.1 SUSE Linux Enterprise Server 11 SP3-LTSS:xen-tools-domU-4.2.5_21-35.1 SUSE Manager 2.1:xen-4.2.5_21-35.1 SUSE Manager 2.1:xen-doc-html-4.2.5_21-35.1 SUSE Manager 2.1:xen-doc-pdf-4.2.5_21-35.1 SUSE Manager 2.1:xen-kmp-default-4.2.5_21_3.0.101_0.47.96-35.1 SUSE Manager 2.1:xen-libs-32bit-4.2.5_21-35.1 SUSE Manager 2.1:xen-libs-4.2.5_21-35.1 SUSE Manager 2.1:xen-tools-4.2.5_21-35.1 SUSE Manager 2.1:xen-tools-domU-4.2.5_21-35.1 SUSE Manager Proxy 2.1:xen-4.2.5_21-35.1 SUSE Manager Proxy 2.1:xen-doc-html-4.2.5_21-35.1 SUSE Manager Proxy 2.1:xen-doc-pdf-4.2.5_21-35.1 SUSE Manager Proxy 2.1:xen-kmp-default-4.2.5_21_3.0.101_0.47.96-35.1 SUSE Manager Proxy 2.1:xen-libs-32bit-4.2.5_21-35.1 SUSE Manager Proxy 2.1:xen-libs-4.2.5_21-35.1 SUSE Manager Proxy 2.1:xen-tools-4.2.5_21-35.1 SUSE Manager Proxy 2.1:xen-tools-domU-4.2.5_21-35.1 SUSE OpenStack Cloud 5:xen-4.2.5_21-35.1 SUSE OpenStack Cloud 5:xen-doc-html-4.2.5_21-35.1 SUSE OpenStack Cloud 5:xen-doc-pdf-4.2.5_21-35.1 SUSE OpenStack Cloud 5:xen-kmp-default-4.2.5_21_3.0.101_0.47.96-35.1 SUSE OpenStack Cloud 5:xen-libs-32bit-4.2.5_21-35.1 SUSE OpenStack Cloud 5:xen-libs-4.2.5_21-35.1 SUSE OpenStack Cloud 5:xen-tools-4.2.5_21-35.1 SUSE OpenStack Cloud 5:xen-tools-domU-4.2.5_21-35.1 moderate 4.4 AV:L/AC:M/Au:S/C:N/I:N/A:C 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20170718-1/ https://www.suse.com/security/cve/CVE-2016-10024.html CVE-2016-10024 https://bugzilla.suse.com/1014298 SUSE Bug 1014298 https://bugzilla.suse.com/1178658 SUSE Bug 1178658 Memory leak in hw/watchdog/wdt_i6300esb.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations. CVE-2016-10155 SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.96-35.1 SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.96-35.1 SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-35.1 SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-35.1 SUSE Linux Enterprise Server 11 SP3-LTSS:xen-4.2.5_21-35.1 SUSE Linux Enterprise Server 11 SP3-LTSS:xen-doc-html-4.2.5_21-35.1 SUSE Linux Enterprise Server 11 SP3-LTSS:xen-doc-pdf-4.2.5_21-35.1 SUSE Linux Enterprise Server 11 SP3-LTSS:xen-kmp-default-4.2.5_21_3.0.101_0.47.96-35.1 SUSE Linux Enterprise Server 11 SP3-LTSS:xen-kmp-pae-4.2.5_21_3.0.101_0.47.96-35.1 SUSE Linux Enterprise Server 11 SP3-LTSS:xen-libs-32bit-4.2.5_21-35.1 SUSE Linux Enterprise Server 11 SP3-LTSS:xen-libs-4.2.5_21-35.1 SUSE Linux Enterprise Server 11 SP3-LTSS:xen-tools-4.2.5_21-35.1 SUSE Linux Enterprise Server 11 SP3-LTSS:xen-tools-domU-4.2.5_21-35.1 SUSE Manager 2.1:xen-4.2.5_21-35.1 SUSE Manager 2.1:xen-doc-html-4.2.5_21-35.1 SUSE Manager 2.1:xen-doc-pdf-4.2.5_21-35.1 SUSE Manager 2.1:xen-kmp-default-4.2.5_21_3.0.101_0.47.96-35.1 SUSE Manager 2.1:xen-libs-32bit-4.2.5_21-35.1 SUSE Manager 2.1:xen-libs-4.2.5_21-35.1 SUSE Manager 2.1:xen-tools-4.2.5_21-35.1 SUSE Manager 2.1:xen-tools-domU-4.2.5_21-35.1 SUSE Manager Proxy 2.1:xen-4.2.5_21-35.1 SUSE Manager Proxy 2.1:xen-doc-html-4.2.5_21-35.1 SUSE Manager Proxy 2.1:xen-doc-pdf-4.2.5_21-35.1 SUSE Manager Proxy 2.1:xen-kmp-default-4.2.5_21_3.0.101_0.47.96-35.1 SUSE Manager Proxy 2.1:xen-libs-32bit-4.2.5_21-35.1 SUSE Manager Proxy 2.1:xen-libs-4.2.5_21-35.1 SUSE Manager Proxy 2.1:xen-tools-4.2.5_21-35.1 SUSE Manager Proxy 2.1:xen-tools-domU-4.2.5_21-35.1 SUSE OpenStack Cloud 5:xen-4.2.5_21-35.1 SUSE OpenStack Cloud 5:xen-doc-html-4.2.5_21-35.1 SUSE OpenStack Cloud 5:xen-doc-pdf-4.2.5_21-35.1 SUSE OpenStack Cloud 5:xen-kmp-default-4.2.5_21_3.0.101_0.47.96-35.1 SUSE OpenStack Cloud 5:xen-libs-32bit-4.2.5_21-35.1 SUSE OpenStack Cloud 5:xen-libs-4.2.5_21-35.1 SUSE OpenStack Cloud 5:xen-tools-4.2.5_21-35.1 SUSE OpenStack Cloud 5:xen-tools-domU-4.2.5_21-35.1 moderate 2.3 AV:A/AC:M/Au:S/C:N/I:N/A:P 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20170718-1/ https://www.suse.com/security/cve/CVE-2016-10155.html CVE-2016-10155 https://bugzilla.suse.com/1021129 SUSE Bug 1021129 https://bugzilla.suse.com/1024183 SUSE Bug 1024183 Memory leak in hw/net/eepro100.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by repeatedly unplugging an i8255x (PRO100) NIC device. CVE-2016-9101 SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.96-35.1 SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.96-35.1 SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-35.1 SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-35.1 SUSE Linux Enterprise Server 11 SP3-LTSS:xen-4.2.5_21-35.1 SUSE Linux Enterprise Server 11 SP3-LTSS:xen-doc-html-4.2.5_21-35.1 SUSE Linux Enterprise Server 11 SP3-LTSS:xen-doc-pdf-4.2.5_21-35.1 SUSE Linux Enterprise Server 11 SP3-LTSS:xen-kmp-default-4.2.5_21_3.0.101_0.47.96-35.1 SUSE Linux Enterprise Server 11 SP3-LTSS:xen-kmp-pae-4.2.5_21_3.0.101_0.47.96-35.1 SUSE Linux Enterprise Server 11 SP3-LTSS:xen-libs-32bit-4.2.5_21-35.1 SUSE Linux Enterprise Server 11 SP3-LTSS:xen-libs-4.2.5_21-35.1 SUSE Linux Enterprise Server 11 SP3-LTSS:xen-tools-4.2.5_21-35.1 SUSE Linux Enterprise Server 11 SP3-LTSS:xen-tools-domU-4.2.5_21-35.1 SUSE Manager 2.1:xen-4.2.5_21-35.1 SUSE Manager 2.1:xen-doc-html-4.2.5_21-35.1 SUSE Manager 2.1:xen-doc-pdf-4.2.5_21-35.1 SUSE Manager 2.1:xen-kmp-default-4.2.5_21_3.0.101_0.47.96-35.1 SUSE Manager 2.1:xen-libs-32bit-4.2.5_21-35.1 SUSE Manager 2.1:xen-libs-4.2.5_21-35.1 SUSE Manager 2.1:xen-tools-4.2.5_21-35.1 SUSE Manager 2.1:xen-tools-domU-4.2.5_21-35.1 SUSE Manager Proxy 2.1:xen-4.2.5_21-35.1 SUSE Manager Proxy 2.1:xen-doc-html-4.2.5_21-35.1 SUSE Manager Proxy 2.1:xen-doc-pdf-4.2.5_21-35.1 SUSE Manager Proxy 2.1:xen-kmp-default-4.2.5_21_3.0.101_0.47.96-35.1 SUSE Manager Proxy 2.1:xen-libs-32bit-4.2.5_21-35.1 SUSE Manager Proxy 2.1:xen-libs-4.2.5_21-35.1 SUSE Manager Proxy 2.1:xen-tools-4.2.5_21-35.1 SUSE Manager Proxy 2.1:xen-tools-domU-4.2.5_21-35.1 SUSE OpenStack Cloud 5:xen-4.2.5_21-35.1 SUSE OpenStack Cloud 5:xen-doc-html-4.2.5_21-35.1 SUSE OpenStack Cloud 5:xen-doc-pdf-4.2.5_21-35.1 SUSE OpenStack Cloud 5:xen-kmp-default-4.2.5_21_3.0.101_0.47.96-35.1 SUSE OpenStack Cloud 5:xen-libs-32bit-4.2.5_21-35.1 SUSE OpenStack Cloud 5:xen-libs-4.2.5_21-35.1 SUSE OpenStack Cloud 5:xen-tools-4.2.5_21-35.1 SUSE OpenStack Cloud 5:xen-tools-domU-4.2.5_21-35.1 low 1.5 AV:L/AC:M/Au:S/C:N/I:N/A:P 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20170718-1/ https://www.suse.com/security/cve/CVE-2016-9101.html CVE-2016-9101 https://bugzilla.suse.com/1007391 SUSE Bug 1007391 https://bugzilla.suse.com/1013668 SUSE Bug 1013668 https://bugzilla.suse.com/1024181 SUSE Bug 1024181 QEMU (aka Quick Emulator) built with the ColdFire Fast Ethernet Controller emulator support is vulnerable to an infinite loop issue. It could occur while receiving packets in 'mcf_fec_receive'. A privileged user/process inside guest could use this issue to crash the QEMU process on the host leading to DoS. CVE-2016-9776 SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.96-35.1 SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.96-35.1 SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-35.1 SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-35.1 SUSE Linux Enterprise Server 11 SP3-LTSS:xen-4.2.5_21-35.1 SUSE Linux Enterprise Server 11 SP3-LTSS:xen-doc-html-4.2.5_21-35.1 SUSE Linux Enterprise Server 11 SP3-LTSS:xen-doc-pdf-4.2.5_21-35.1 SUSE Linux Enterprise Server 11 SP3-LTSS:xen-kmp-default-4.2.5_21_3.0.101_0.47.96-35.1 SUSE Linux Enterprise Server 11 SP3-LTSS:xen-kmp-pae-4.2.5_21_3.0.101_0.47.96-35.1 SUSE Linux Enterprise Server 11 SP3-LTSS:xen-libs-32bit-4.2.5_21-35.1 SUSE Linux Enterprise Server 11 SP3-LTSS:xen-libs-4.2.5_21-35.1 SUSE Linux Enterprise Server 11 SP3-LTSS:xen-tools-4.2.5_21-35.1 SUSE Linux Enterprise Server 11 SP3-LTSS:xen-tools-domU-4.2.5_21-35.1 SUSE Manager 2.1:xen-4.2.5_21-35.1 SUSE Manager 2.1:xen-doc-html-4.2.5_21-35.1 SUSE Manager 2.1:xen-doc-pdf-4.2.5_21-35.1 SUSE Manager 2.1:xen-kmp-default-4.2.5_21_3.0.101_0.47.96-35.1 SUSE Manager 2.1:xen-libs-32bit-4.2.5_21-35.1 SUSE Manager 2.1:xen-libs-4.2.5_21-35.1 SUSE Manager 2.1:xen-tools-4.2.5_21-35.1 SUSE Manager 2.1:xen-tools-domU-4.2.5_21-35.1 SUSE Manager Proxy 2.1:xen-4.2.5_21-35.1 SUSE Manager Proxy 2.1:xen-doc-html-4.2.5_21-35.1 SUSE Manager Proxy 2.1:xen-doc-pdf-4.2.5_21-35.1 SUSE Manager Proxy 2.1:xen-kmp-default-4.2.5_21_3.0.101_0.47.96-35.1 SUSE Manager Proxy 2.1:xen-libs-32bit-4.2.5_21-35.1 SUSE Manager Proxy 2.1:xen-libs-4.2.5_21-35.1 SUSE Manager Proxy 2.1:xen-tools-4.2.5_21-35.1 SUSE Manager Proxy 2.1:xen-tools-domU-4.2.5_21-35.1 SUSE OpenStack Cloud 5:xen-4.2.5_21-35.1 SUSE OpenStack Cloud 5:xen-doc-html-4.2.5_21-35.1 SUSE OpenStack Cloud 5:xen-doc-pdf-4.2.5_21-35.1 SUSE OpenStack Cloud 5:xen-kmp-default-4.2.5_21_3.0.101_0.47.96-35.1 SUSE OpenStack Cloud 5:xen-libs-32bit-4.2.5_21-35.1 SUSE OpenStack Cloud 5:xen-libs-4.2.5_21-35.1 SUSE OpenStack Cloud 5:xen-tools-4.2.5_21-35.1 SUSE OpenStack Cloud 5:xen-tools-domU-4.2.5_21-35.1 low 1.5 AV:L/AC:M/Au:S/C:N/I:N/A:P 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20170718-1/ https://www.suse.com/security/cve/CVE-2016-9776.html CVE-2016-9776 https://bugzilla.suse.com/1013285 SUSE Bug 1013285 https://bugzilla.suse.com/1013657 SUSE Bug 1013657 https://bugzilla.suse.com/1024182 SUSE Bug 1024182 https://bugzilla.suse.com/1178658 SUSE Bug 1178658 Quick Emulator (Qemu) built with the USB EHCI Emulation support is vulnerable to a memory leakage issue. It could occur while processing packet data in 'ehci_init_transfer'. A guest user/process could use this issue to leak host memory, resulting in DoS for a host. CVE-2016-9911 SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.96-35.1 SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.96-35.1 SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-35.1 SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-35.1 SUSE Linux Enterprise Server 11 SP3-LTSS:xen-4.2.5_21-35.1 SUSE Linux Enterprise Server 11 SP3-LTSS:xen-doc-html-4.2.5_21-35.1 SUSE Linux Enterprise Server 11 SP3-LTSS:xen-doc-pdf-4.2.5_21-35.1 SUSE Linux Enterprise Server 11 SP3-LTSS:xen-kmp-default-4.2.5_21_3.0.101_0.47.96-35.1 SUSE Linux Enterprise Server 11 SP3-LTSS:xen-kmp-pae-4.2.5_21_3.0.101_0.47.96-35.1 SUSE Linux Enterprise Server 11 SP3-LTSS:xen-libs-32bit-4.2.5_21-35.1 SUSE Linux Enterprise Server 11 SP3-LTSS:xen-libs-4.2.5_21-35.1 SUSE Linux Enterprise Server 11 SP3-LTSS:xen-tools-4.2.5_21-35.1 SUSE Linux Enterprise Server 11 SP3-LTSS:xen-tools-domU-4.2.5_21-35.1 SUSE Manager 2.1:xen-4.2.5_21-35.1 SUSE Manager 2.1:xen-doc-html-4.2.5_21-35.1 SUSE Manager 2.1:xen-doc-pdf-4.2.5_21-35.1 SUSE Manager 2.1:xen-kmp-default-4.2.5_21_3.0.101_0.47.96-35.1 SUSE Manager 2.1:xen-libs-32bit-4.2.5_21-35.1 SUSE Manager 2.1:xen-libs-4.2.5_21-35.1 SUSE Manager 2.1:xen-tools-4.2.5_21-35.1 SUSE Manager 2.1:xen-tools-domU-4.2.5_21-35.1 SUSE Manager Proxy 2.1:xen-4.2.5_21-35.1 SUSE Manager Proxy 2.1:xen-doc-html-4.2.5_21-35.1 SUSE Manager Proxy 2.1:xen-doc-pdf-4.2.5_21-35.1 SUSE Manager Proxy 2.1:xen-kmp-default-4.2.5_21_3.0.101_0.47.96-35.1 SUSE Manager Proxy 2.1:xen-libs-32bit-4.2.5_21-35.1 SUSE Manager Proxy 2.1:xen-libs-4.2.5_21-35.1 SUSE Manager Proxy 2.1:xen-tools-4.2.5_21-35.1 SUSE Manager Proxy 2.1:xen-tools-domU-4.2.5_21-35.1 SUSE OpenStack Cloud 5:xen-4.2.5_21-35.1 SUSE OpenStack Cloud 5:xen-doc-html-4.2.5_21-35.1 SUSE OpenStack Cloud 5:xen-doc-pdf-4.2.5_21-35.1 SUSE OpenStack Cloud 5:xen-kmp-default-4.2.5_21_3.0.101_0.47.96-35.1 SUSE OpenStack Cloud 5:xen-libs-32bit-4.2.5_21-35.1 SUSE OpenStack Cloud 5:xen-libs-4.2.5_21-35.1 SUSE OpenStack Cloud 5:xen-tools-4.2.5_21-35.1 SUSE OpenStack Cloud 5:xen-tools-domU-4.2.5_21-35.1 low 1.5 AV:L/AC:M/Au:S/C:N/I:N/A:P 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20170718-1/ https://www.suse.com/security/cve/CVE-2016-9911.html CVE-2016-9911 https://bugzilla.suse.com/1014111 SUSE Bug 1014111 https://bugzilla.suse.com/1014507 SUSE Bug 1014507 Quick emulator (Qemu) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to a divide by zero issue. It could occur while copying VGA data when cirrus graphics mode was set to be VGA. A privileged user inside guest could use this flaw to crash the Qemu process instance on the host, resulting in DoS. CVE-2016-9921 SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.96-35.1 SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.96-35.1 SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-35.1 SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-35.1 SUSE Linux Enterprise Server 11 SP3-LTSS:xen-4.2.5_21-35.1 SUSE Linux Enterprise Server 11 SP3-LTSS:xen-doc-html-4.2.5_21-35.1 SUSE Linux Enterprise Server 11 SP3-LTSS:xen-doc-pdf-4.2.5_21-35.1 SUSE Linux Enterprise Server 11 SP3-LTSS:xen-kmp-default-4.2.5_21_3.0.101_0.47.96-35.1 SUSE Linux Enterprise Server 11 SP3-LTSS:xen-kmp-pae-4.2.5_21_3.0.101_0.47.96-35.1 SUSE Linux Enterprise Server 11 SP3-LTSS:xen-libs-32bit-4.2.5_21-35.1 SUSE Linux Enterprise Server 11 SP3-LTSS:xen-libs-4.2.5_21-35.1 SUSE Linux Enterprise Server 11 SP3-LTSS:xen-tools-4.2.5_21-35.1 SUSE Linux Enterprise Server 11 SP3-LTSS:xen-tools-domU-4.2.5_21-35.1 SUSE Manager 2.1:xen-4.2.5_21-35.1 SUSE Manager 2.1:xen-doc-html-4.2.5_21-35.1 SUSE Manager 2.1:xen-doc-pdf-4.2.5_21-35.1 SUSE Manager 2.1:xen-kmp-default-4.2.5_21_3.0.101_0.47.96-35.1 SUSE Manager 2.1:xen-libs-32bit-4.2.5_21-35.1 SUSE Manager 2.1:xen-libs-4.2.5_21-35.1 SUSE Manager 2.1:xen-tools-4.2.5_21-35.1 SUSE Manager 2.1:xen-tools-domU-4.2.5_21-35.1 SUSE Manager Proxy 2.1:xen-4.2.5_21-35.1 SUSE Manager Proxy 2.1:xen-doc-html-4.2.5_21-35.1 SUSE Manager Proxy 2.1:xen-doc-pdf-4.2.5_21-35.1 SUSE Manager Proxy 2.1:xen-kmp-default-4.2.5_21_3.0.101_0.47.96-35.1 SUSE Manager Proxy 2.1:xen-libs-32bit-4.2.5_21-35.1 SUSE Manager Proxy 2.1:xen-libs-4.2.5_21-35.1 SUSE Manager Proxy 2.1:xen-tools-4.2.5_21-35.1 SUSE Manager Proxy 2.1:xen-tools-domU-4.2.5_21-35.1 SUSE OpenStack Cloud 5:xen-4.2.5_21-35.1 SUSE OpenStack Cloud 5:xen-doc-html-4.2.5_21-35.1 SUSE OpenStack Cloud 5:xen-doc-pdf-4.2.5_21-35.1 SUSE OpenStack Cloud 5:xen-kmp-default-4.2.5_21_3.0.101_0.47.96-35.1 SUSE OpenStack Cloud 5:xen-libs-32bit-4.2.5_21-35.1 SUSE OpenStack Cloud 5:xen-libs-4.2.5_21-35.1 SUSE OpenStack Cloud 5:xen-tools-4.2.5_21-35.1 SUSE OpenStack Cloud 5:xen-tools-domU-4.2.5_21-35.1 moderate 1.9 AV:L/AC:M/Au:N/C:N/I:N/A:P 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20170718-1/ https://www.suse.com/security/cve/CVE-2016-9921.html CVE-2016-9921 https://bugzilla.suse.com/1014702 SUSE Bug 1014702 https://bugzilla.suse.com/1015169 SUSE Bug 1015169 https://bugzilla.suse.com/1178658 SUSE Bug 1178658 The cirrus_do_copy function in hw/display/cirrus_vga.c in QEMU (aka Quick Emulator), when cirrus graphics mode is VGA, allows local guest OS privileged users to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving blit pitch values. CVE-2016-9922 SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.96-35.1 SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.96-35.1 SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-35.1 SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-35.1 SUSE Linux Enterprise Server 11 SP3-LTSS:xen-4.2.5_21-35.1 SUSE Linux Enterprise Server 11 SP3-LTSS:xen-doc-html-4.2.5_21-35.1 SUSE Linux Enterprise Server 11 SP3-LTSS:xen-doc-pdf-4.2.5_21-35.1 SUSE Linux Enterprise Server 11 SP3-LTSS:xen-kmp-default-4.2.5_21_3.0.101_0.47.96-35.1 SUSE Linux Enterprise Server 11 SP3-LTSS:xen-kmp-pae-4.2.5_21_3.0.101_0.47.96-35.1 SUSE Linux Enterprise Server 11 SP3-LTSS:xen-libs-32bit-4.2.5_21-35.1 SUSE Linux Enterprise Server 11 SP3-LTSS:xen-libs-4.2.5_21-35.1 SUSE Linux Enterprise Server 11 SP3-LTSS:xen-tools-4.2.5_21-35.1 SUSE Linux Enterprise Server 11 SP3-LTSS:xen-tools-domU-4.2.5_21-35.1 SUSE Manager 2.1:xen-4.2.5_21-35.1 SUSE Manager 2.1:xen-doc-html-4.2.5_21-35.1 SUSE Manager 2.1:xen-doc-pdf-4.2.5_21-35.1 SUSE Manager 2.1:xen-kmp-default-4.2.5_21_3.0.101_0.47.96-35.1 SUSE Manager 2.1:xen-libs-32bit-4.2.5_21-35.1 SUSE Manager 2.1:xen-libs-4.2.5_21-35.1 SUSE Manager 2.1:xen-tools-4.2.5_21-35.1 SUSE Manager 2.1:xen-tools-domU-4.2.5_21-35.1 SUSE Manager Proxy 2.1:xen-4.2.5_21-35.1 SUSE Manager Proxy 2.1:xen-doc-html-4.2.5_21-35.1 SUSE Manager Proxy 2.1:xen-doc-pdf-4.2.5_21-35.1 SUSE Manager Proxy 2.1:xen-kmp-default-4.2.5_21_3.0.101_0.47.96-35.1 SUSE Manager Proxy 2.1:xen-libs-32bit-4.2.5_21-35.1 SUSE Manager Proxy 2.1:xen-libs-4.2.5_21-35.1 SUSE Manager Proxy 2.1:xen-tools-4.2.5_21-35.1 SUSE Manager Proxy 2.1:xen-tools-domU-4.2.5_21-35.1 SUSE OpenStack Cloud 5:xen-4.2.5_21-35.1 SUSE OpenStack Cloud 5:xen-doc-html-4.2.5_21-35.1 SUSE OpenStack Cloud 5:xen-doc-pdf-4.2.5_21-35.1 SUSE OpenStack Cloud 5:xen-kmp-default-4.2.5_21_3.0.101_0.47.96-35.1 SUSE OpenStack Cloud 5:xen-libs-32bit-4.2.5_21-35.1 SUSE OpenStack Cloud 5:xen-libs-4.2.5_21-35.1 SUSE OpenStack Cloud 5:xen-tools-4.2.5_21-35.1 SUSE OpenStack Cloud 5:xen-tools-domU-4.2.5_21-35.1 moderate 1.5 AV:L/AC:M/Au:S/C:N/I:N/A:P 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20170718-1/ https://www.suse.com/security/cve/CVE-2016-9922.html CVE-2016-9922 https://bugzilla.suse.com/1014702 SUSE Bug 1014702 https://bugzilla.suse.com/1015169 SUSE Bug 1015169 https://bugzilla.suse.com/1178658 SUSE Bug 1178658 CMPXCHG8B emulation in Xen 3.3.x through 4.7.x on x86 systems allows local HVM guest OS users to obtain sensitive information from host stack memory via a "supposedly-ignored" operand size prefix. CVE-2016-9932 SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.96-35.1 SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.96-35.1 SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-35.1 SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-35.1 SUSE Linux Enterprise Server 11 SP3-LTSS:xen-4.2.5_21-35.1 SUSE Linux Enterprise Server 11 SP3-LTSS:xen-doc-html-4.2.5_21-35.1 SUSE Linux Enterprise Server 11 SP3-LTSS:xen-doc-pdf-4.2.5_21-35.1 SUSE Linux Enterprise Server 11 SP3-LTSS:xen-kmp-default-4.2.5_21_3.0.101_0.47.96-35.1 SUSE Linux Enterprise Server 11 SP3-LTSS:xen-kmp-pae-4.2.5_21_3.0.101_0.47.96-35.1 SUSE Linux Enterprise Server 11 SP3-LTSS:xen-libs-32bit-4.2.5_21-35.1 SUSE Linux Enterprise Server 11 SP3-LTSS:xen-libs-4.2.5_21-35.1 SUSE Linux Enterprise Server 11 SP3-LTSS:xen-tools-4.2.5_21-35.1 SUSE Linux Enterprise Server 11 SP3-LTSS:xen-tools-domU-4.2.5_21-35.1 SUSE Manager 2.1:xen-4.2.5_21-35.1 SUSE Manager 2.1:xen-doc-html-4.2.5_21-35.1 SUSE Manager 2.1:xen-doc-pdf-4.2.5_21-35.1 SUSE Manager 2.1:xen-kmp-default-4.2.5_21_3.0.101_0.47.96-35.1 SUSE Manager 2.1:xen-libs-32bit-4.2.5_21-35.1 SUSE Manager 2.1:xen-libs-4.2.5_21-35.1 SUSE Manager 2.1:xen-tools-4.2.5_21-35.1 SUSE Manager 2.1:xen-tools-domU-4.2.5_21-35.1 SUSE Manager Proxy 2.1:xen-4.2.5_21-35.1 SUSE Manager Proxy 2.1:xen-doc-html-4.2.5_21-35.1 SUSE Manager Proxy 2.1:xen-doc-pdf-4.2.5_21-35.1 SUSE Manager Proxy 2.1:xen-kmp-default-4.2.5_21_3.0.101_0.47.96-35.1 SUSE Manager Proxy 2.1:xen-libs-32bit-4.2.5_21-35.1 SUSE Manager Proxy 2.1:xen-libs-4.2.5_21-35.1 SUSE Manager Proxy 2.1:xen-tools-4.2.5_21-35.1 SUSE Manager Proxy 2.1:xen-tools-domU-4.2.5_21-35.1 SUSE OpenStack Cloud 5:xen-4.2.5_21-35.1 SUSE OpenStack Cloud 5:xen-doc-html-4.2.5_21-35.1 SUSE OpenStack Cloud 5:xen-doc-pdf-4.2.5_21-35.1 SUSE OpenStack Cloud 5:xen-kmp-default-4.2.5_21_3.0.101_0.47.96-35.1 SUSE OpenStack Cloud 5:xen-libs-32bit-4.2.5_21-35.1 SUSE OpenStack Cloud 5:xen-libs-4.2.5_21-35.1 SUSE OpenStack Cloud 5:xen-tools-4.2.5_21-35.1 SUSE OpenStack Cloud 5:xen-tools-domU-4.2.5_21-35.1 low 1 AV:L/AC:H/Au:S/C:P/I:N/A:N 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20170718-1/ https://www.suse.com/security/cve/CVE-2016-9932.html CVE-2016-9932 https://bugzilla.suse.com/1012651 SUSE Bug 1012651 https://bugzilla.suse.com/1016340 SUSE Bug 1016340 Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU process on the host. CVE-2017-2615 SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.96-35.1 SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.96-35.1 SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-35.1 SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-35.1 SUSE Linux Enterprise Server 11 SP3-LTSS:xen-4.2.5_21-35.1 SUSE Linux Enterprise Server 11 SP3-LTSS:xen-doc-html-4.2.5_21-35.1 SUSE Linux Enterprise Server 11 SP3-LTSS:xen-doc-pdf-4.2.5_21-35.1 SUSE Linux Enterprise Server 11 SP3-LTSS:xen-kmp-default-4.2.5_21_3.0.101_0.47.96-35.1 SUSE Linux Enterprise Server 11 SP3-LTSS:xen-kmp-pae-4.2.5_21_3.0.101_0.47.96-35.1 SUSE Linux Enterprise Server 11 SP3-LTSS:xen-libs-32bit-4.2.5_21-35.1 SUSE Linux Enterprise Server 11 SP3-LTSS:xen-libs-4.2.5_21-35.1 SUSE Linux Enterprise Server 11 SP3-LTSS:xen-tools-4.2.5_21-35.1 SUSE Linux Enterprise Server 11 SP3-LTSS:xen-tools-domU-4.2.5_21-35.1 SUSE Manager 2.1:xen-4.2.5_21-35.1 SUSE Manager 2.1:xen-doc-html-4.2.5_21-35.1 SUSE Manager 2.1:xen-doc-pdf-4.2.5_21-35.1 SUSE Manager 2.1:xen-kmp-default-4.2.5_21_3.0.101_0.47.96-35.1 SUSE Manager 2.1:xen-libs-32bit-4.2.5_21-35.1 SUSE Manager 2.1:xen-libs-4.2.5_21-35.1 SUSE Manager 2.1:xen-tools-4.2.5_21-35.1 SUSE Manager 2.1:xen-tools-domU-4.2.5_21-35.1 SUSE Manager Proxy 2.1:xen-4.2.5_21-35.1 SUSE Manager Proxy 2.1:xen-doc-html-4.2.5_21-35.1 SUSE Manager Proxy 2.1:xen-doc-pdf-4.2.5_21-35.1 SUSE Manager Proxy 2.1:xen-kmp-default-4.2.5_21_3.0.101_0.47.96-35.1 SUSE Manager Proxy 2.1:xen-libs-32bit-4.2.5_21-35.1 SUSE Manager Proxy 2.1:xen-libs-4.2.5_21-35.1 SUSE Manager Proxy 2.1:xen-tools-4.2.5_21-35.1 SUSE Manager Proxy 2.1:xen-tools-domU-4.2.5_21-35.1 SUSE OpenStack Cloud 5:xen-4.2.5_21-35.1 SUSE OpenStack Cloud 5:xen-doc-html-4.2.5_21-35.1 SUSE OpenStack Cloud 5:xen-doc-pdf-4.2.5_21-35.1 SUSE OpenStack Cloud 5:xen-kmp-default-4.2.5_21_3.0.101_0.47.96-35.1 SUSE OpenStack Cloud 5:xen-libs-32bit-4.2.5_21-35.1 SUSE OpenStack Cloud 5:xen-libs-4.2.5_21-35.1 SUSE OpenStack Cloud 5:xen-tools-4.2.5_21-35.1 SUSE OpenStack Cloud 5:xen-tools-domU-4.2.5_21-35.1 moderate 4.9 AV:A/AC:M/Au:S/C:P/I:P/A:P 9 AV:N/AC:L/Au:S/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20170718-1/ https://www.suse.com/security/cve/CVE-2017-2615.html CVE-2017-2615 https://bugzilla.suse.com/1023004 SUSE Bug 1023004 https://bugzilla.suse.com/1178658 SUSE Bug 1178658 Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process. CVE-2017-2620 SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.96-35.1 SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.96-35.1 SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-35.1 SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-35.1 SUSE Linux Enterprise Server 11 SP3-LTSS:xen-4.2.5_21-35.1 SUSE Linux Enterprise Server 11 SP3-LTSS:xen-doc-html-4.2.5_21-35.1 SUSE Linux Enterprise Server 11 SP3-LTSS:xen-doc-pdf-4.2.5_21-35.1 SUSE Linux Enterprise Server 11 SP3-LTSS:xen-kmp-default-4.2.5_21_3.0.101_0.47.96-35.1 SUSE Linux Enterprise Server 11 SP3-LTSS:xen-kmp-pae-4.2.5_21_3.0.101_0.47.96-35.1 SUSE Linux Enterprise Server 11 SP3-LTSS:xen-libs-32bit-4.2.5_21-35.1 SUSE Linux Enterprise Server 11 SP3-LTSS:xen-libs-4.2.5_21-35.1 SUSE Linux Enterprise Server 11 SP3-LTSS:xen-tools-4.2.5_21-35.1 SUSE Linux Enterprise Server 11 SP3-LTSS:xen-tools-domU-4.2.5_21-35.1 SUSE Manager 2.1:xen-4.2.5_21-35.1 SUSE Manager 2.1:xen-doc-html-4.2.5_21-35.1 SUSE Manager 2.1:xen-doc-pdf-4.2.5_21-35.1 SUSE Manager 2.1:xen-kmp-default-4.2.5_21_3.0.101_0.47.96-35.1 SUSE Manager 2.1:xen-libs-32bit-4.2.5_21-35.1 SUSE Manager 2.1:xen-libs-4.2.5_21-35.1 SUSE Manager 2.1:xen-tools-4.2.5_21-35.1 SUSE Manager 2.1:xen-tools-domU-4.2.5_21-35.1 SUSE Manager Proxy 2.1:xen-4.2.5_21-35.1 SUSE Manager Proxy 2.1:xen-doc-html-4.2.5_21-35.1 SUSE Manager Proxy 2.1:xen-doc-pdf-4.2.5_21-35.1 SUSE Manager Proxy 2.1:xen-kmp-default-4.2.5_21_3.0.101_0.47.96-35.1 SUSE Manager Proxy 2.1:xen-libs-32bit-4.2.5_21-35.1 SUSE Manager Proxy 2.1:xen-libs-4.2.5_21-35.1 SUSE Manager Proxy 2.1:xen-tools-4.2.5_21-35.1 SUSE Manager Proxy 2.1:xen-tools-domU-4.2.5_21-35.1 SUSE OpenStack Cloud 5:xen-4.2.5_21-35.1 SUSE OpenStack Cloud 5:xen-doc-html-4.2.5_21-35.1 SUSE OpenStack Cloud 5:xen-doc-pdf-4.2.5_21-35.1 SUSE OpenStack Cloud 5:xen-kmp-default-4.2.5_21_3.0.101_0.47.96-35.1 SUSE OpenStack Cloud 5:xen-libs-32bit-4.2.5_21-35.1 SUSE OpenStack Cloud 5:xen-libs-4.2.5_21-35.1 SUSE OpenStack Cloud 5:xen-tools-4.2.5_21-35.1 SUSE OpenStack Cloud 5:xen-tools-domU-4.2.5_21-35.1 moderate 4.9 AV:A/AC:M/Au:S/C:P/I:P/A:P 9 AV:N/AC:L/Au:S/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20170718-1/ https://www.suse.com/security/cve/CVE-2017-2620.html CVE-2017-2620 https://bugzilla.suse.com/1024834 SUSE Bug 1024834 https://bugzilla.suse.com/1024972 SUSE Bug 1024972 https://bugzilla.suse.com/1178658 SUSE Bug 1178658