openSUSE Security Update: Security update for xen
______________________________________________________________________________
Announcement ID: openSUSE-SU-2017:0007-1
Rating: important
References: #1000106 #1002496 #1003030 #1003032 #1003870
#1004016 #1005004 #1005005 #1007157 #1007160
#1009100 #1009103 #1009104 #1009107 #1009108
#1009109 #1009111 #1011652 #1012651 #1013657
#1013668 #1014298 #1016340
Cross-References: CVE-2016-10013 CVE-2016-10024 CVE-2016-7777
CVE-2016-7908 CVE-2016-7909 CVE-2016-7995
CVE-2016-8576 CVE-2016-8667 CVE-2016-8669
CVE-2016-8909 CVE-2016-8910 CVE-2016-9101
CVE-2016-9377 CVE-2016-9378 CVE-2016-9379
CVE-2016-9380 CVE-2016-9381 CVE-2016-9382
CVE-2016-9383 CVE-2016-9385 CVE-2016-9386
CVE-2016-9637 CVE-2016-9776 CVE-2016-9932
Affected Products:
openSUSE Leap 42.1
______________________________________________________________________________
An update that fixes 24 vulnerabilities is now available.
Description:
This updates xen to version 4.5.5 to fix the following issues:
– An unprivileged user in a guest could gain guest could escalate
privilege to that of the guest kernel, if it had could invoke the
instruction emulator. Only 64-bit x86 HVM guest were affected. Linux
guest have not been vulnerable. (boo#1016340, CVE-2016-10013)
– An unprivileged user in a 64 bit x86 guest could gain information from
the host, crash the host or gain privilege of the host (boo#1009107,
CVE-2016-9383)
– An unprivileged guest process could (unintentionally or maliciously)
obtain
or ocorrupt sensitive information of other programs in the same guest.
Only x86 HVM guests have been affected. The attacker needs to be able
to trigger the Xen instruction emulator. (boo#1000106, CVE-2016-7777)
– A guest on x86 systems could read small parts of hypervisor stack data
(boo#1012651, CVE-2016-9932)
– A malicious guest kernel could hang or crash the host system
(boo#1014298, CVE-2016-10024)
– The epro100 emulated network device caused a memory leak in the host
when unplugged in the guest. A privileged user in the guest could use
this to cause a DoS on the host or potentially crash the guest process
on the host (boo#1013668, CVE-2016-9101)
– The ColdFire Fast Ethernet Controller was vulnerable to an infinite loop
that could be trigged by a privileged user in the guest, leading to DoS
(boo#1013657, CVE-2016-9776)
– A malicious guest administrator could escalate their privilege to that
of the host. Only affects x86 HVM guests using qemu older version 1.6.0
or using the qemu-xen-traditional. (boo#1011652, CVE-2016-9637)
– An unprivileged guest user could escalate privilege to that of the guest
administrator on x86 HVM guests, especially on Intel CPUs (boo#1009100,
CVE-2016-9386)
– An unprivileged guest user could escalate privilege to that of the guest
administrator (on AMD CPUs) or crash the system (on Intel CPUs) on
32-bit x86 HVM guests. Only guest operating systems that allowed a new
task to start in VM86 mode were affected. (boo#1009103, CVE-2016-9382)
– A malicious guest administrator could crash the host on x86 PV guests
only (boo#1009104, CVE-2016-9385)
– An unprivileged guest user was able to crash the guest. (boo#1009108,
CVE-2016-9377, CVE-2016-9378)
– A malicious guest administrator could get privilege of the host emulator
process on x86 HVM guests. (boo#1009109, CVE-2016-9381)
– A vulnerability in pygrub allowed a malicious guest administrator to
obtain the contents of sensitive host files, or even delete those files
(boo#1009111, CVE-2016-9379, CVE-2016-9380)
– A privileged guest user could cause an infinite loop in the RTL8139
ethernet emulation to consume CPU cycles on the host, causing a DoS
situation (boo#1007157, CVE-2016-8910)
– A privileged guest user could cause an infinite loop in the intel-hda
sound emulation to consume CPU cycles on the host, causing a DoS
situation (boo#1007160, CVE-2016-8909)
– A privileged guest user could cause a crash of the emulator process on
the host by exploiting a divide by zero vulnerability of the JAZZ RC4030
chipset emulation (boo#1005004 CVE-2016-8667)
– A privileged guest user could cause a crash of the emulator process on
the host by exploiting a divide by zero issue of the 16550A UART
emulation (boo#1005005, CVE-2016-8669)
– A privileged guest user could cause a memory leak in the USB EHCI
emulation, causing a DoS situation on the host (boo#1003870,
CVE-2016-7995)
– A privileged guest user could cause an infinite loop in the USB xHCI
emulation, causing a DoS situation on the host (boo#1004016,
CVE-2016-8576)
– A privileged guest user could cause an infinite loop in the ColdFire
Fash Ethernet Controller emulation, causing a DoS situation on the host
(boo#1003030, CVE-2016-7908)
– A privileged guest user could cause an infinite loop in the AMD PC-Net
II emulation, causing a DoS situation on the host (boo#1003032,
CVE-2016-7909)
– Cause a reload of clvm in the block-dmmd script to avoid a blocking
lvchange call (boo#1002496)
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
– openSUSE Leap 42.1:
zypper in -t patch openSUSE-2017-4=1
To bring your system up-to-date, use “zypper patch”.
Package List:
– openSUSE Leap 42.1 (i586 x86_64):
xen-debugsource-4.5.5_06-18.1
xen-devel-4.5.5_06-18.1
xen-libs-4.5.5_06-18.1
xen-libs-debuginfo-4.5.5_06-18.1
xen-tools-domU-4.5.5_06-18.1
xen-tools-domU-debuginfo-4.5.5_06-18.1
– openSUSE Leap 42.1 (x86_64):
xen-4.5.5_06-18.1
xen-doc-html-4.5.5_06-18.1
xen-kmp-default-4.5.5_06_k4.1.36_41-18.1
xen-kmp-default-debuginfo-4.5.5_06_k4.1.36_41-18.1
xen-libs-32bit-4.5.5_06-18.1
xen-libs-debuginfo-32bit-4.5.5_06-18.1
xen-tools-4.5.5_06-18.1
xen-tools-debuginfo-4.5.5_06-18.1
References:
https://www.suse.com/security/cve/CVE-2016-10013.html
https://www.suse.com/security/cve/CVE-2016-10024.html
https://www.suse.com/security/cve/CVE-2016-7777.html
https://www.suse.com/security/cve/CVE-2016-7908.html
https://www.suse.com/security/cve/CVE-2016-7909.html
https://www.suse.com/security/cve/CVE-2016-7995.html
https://www.suse.com/security/cve/CVE-2016-8576.html
https://www.suse.com/security/cve/CVE-2016-8667.html
https://www.suse.com/security/cve/CVE-2016-8669.html
https://www.suse.com/security/cve/CVE-2016-8909.html
https://www.suse.com/security/cve/CVE-2016-8910.html
https://www.suse.com/security/cve/CVE-2016-9101.html
https://www.suse.com/security/cve/CVE-2016-9377.html
https://www.suse.com/security/cve/CVE-2016-9378.html
https://www.suse.com/security/cve/CVE-2016-9379.html
https://www.suse.com/security/cve/CVE-2016-9380.html
https://www.suse.com/security/cve/CVE-2016-9381.html
https://www.suse.com/security/cve/CVE-2016-9382.html
https://www.suse.com/security/cve/CVE-2016-9383.html
https://www.suse.com/security/cve/CVE-2016-9385.html
https://www.suse.com/security/cve/CVE-2016-9386.html
https://www.suse.com/security/cve/CVE-2016-9637.html
https://www.suse.com/security/cve/CVE-2016-9776.html
https://www.suse.com/security/cve/CVE-2016-9932.html
https://bugzilla.suse.com/1000106
https://bugzilla.suse.com/1002496
https://bugzilla.suse.com/1003030
https://bugzilla.suse.com/1003032
https://bugzilla.suse.com/1003870
https://bugzilla.suse.com/1004016
https://bugzilla.suse.com/1005004
https://bugzilla.suse.com/1005005
https://bugzilla.suse.com/1007157
https://bugzilla.suse.com/1007160
https://bugzilla.suse.com/1009100
https://bugzilla.suse.com/1009103
https://bugzilla.suse.com/1009104
https://bugzilla.suse.com/1009107
https://bugzilla.suse.com/1009108
https://bugzilla.suse.com/1009109
https://bugzilla.suse.com/1009111
https://bugzilla.suse.com/1011652
https://bugzilla.suse.com/1012651
https://bugzilla.suse.com/1013657
https://bugzilla.suse.com/1013668
https://bugzilla.suse.com/1014298
https://bugzilla.suse.com/1016340
—
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org
openSUSE Security Update: Security update for xen
______________________________________________________________________________
Announcement ID: openSUSE-SU-2017:0008-1
Rating: important
References: #1000106 #1000195 #1002496 #1003030 #1003032
#1004016 #1005004 #1005005 #1007157 #1007160
#1009100 #1009103 #1009104 #1009107 #1009109
#1009111 #1011652 #1012651 #1014298 #1016340
#953518
Cross-References: CVE-2016-10013 CVE-2016-10024 CVE-2016-7777
CVE-2016-7908 CVE-2016-7909 CVE-2016-8576
CVE-2016-8667 CVE-2016-8669 CVE-2016-8909
CVE-2016-8910 CVE-2016-9379 CVE-2016-9380
CVE-2016-9381 CVE-2016-9382 CVE-2016-9383
CVE-2016-9385 CVE-2016-9386 CVE-2016-9637
CVE-2016-9932
Affected Products:
openSUSE 13.2
______________________________________________________________________________
An update that solves 19 vulnerabilities and has two fixes
is now available.
Description:
This updates xen to version 4.4.4_06 to fix the following issues:
– An unprivileged user in a guest could gain guest could escalate
privilege to that of the guest kernel, if it had could invoke the
instruction emulator. Only 64-bit x86 HVM guest were affected. Linux
guest have not been vulnerable. (boo#1016340, CVE-2016-10013)
– An unprivileged user in a 64 bit x86 guest could gain information from
the host, crash the host or gain privilege of the host (boo#1009107,
CVE-2016-9383)
– An unprivileged guest process could (unintentionally or maliciously)
obtain
or ocorrupt sensitive information of other programs in the same guest.
Only x86 HVM guests have been affected. The attacker needs to be able
to trigger the Xen instruction emulator. (boo#1000106, CVE-2016-7777)
– A guest on x86 systems could read small parts of hypervisor stack data
(boo#1012651, CVE-2016-9932)
– A malicious guest kernel could hang or crash the host system
(boo#1014298, CVE-2016-10024)
– A malicious guest administrator could escalate their privilege to that
of the host. Only affects x86 HVM guests using qemu older version 1.6.0
or using the qemu-xen-traditional. (boo#1011652, CVE-2016-9637)
– An unprivileged guest user could escalate privilege to that of the guest
administrator on x86 HVM guests, especially on Intel CPUs (boo#1009100,
CVE-2016-9386)
– An unprivileged guest user could escalate privilege to that of the guest
administrator (on AMD CPUs) or crash the system (on Intel CPUs) on
32-bit x86 HVM guests. Only guest operating systems that allowed a new
task to start in VM86 mode were affected. (boo#1009103, CVE-2016-9382)
– A malicious guest administrator could crash the host on x86 PV guests
only (boo#1009104, CVE-2016-9385)
– A malicious guest administrator could get privilege of the host emulator
process on x86 HVM guests. (boo#1009109, CVE-2016-9381)
– A vulnerability in pygrub allowed a malicious guest administrator to
obtain the contents of sensitive host files, or even delete those files
(boo#1009111, CVE-2016-9379, CVE-2016-9380)
– A privileged guest user could cause an infinite loop in the RTL8139
ethernet emulation to consume CPU cycles on the host, causing a DoS
situation (boo#1007157, CVE-2016-8910)
– A privileged guest user could cause an infinite loop in the intel-hda
sound emulation to consume CPU cycles on the host, causing a DoS
situation (boo#1007160, CVE-2016-8909)
– A privileged guest user could cause a crash of the emulator process on
the host by exploiting a divide by zero vulnerability of the JAZZ RC4030
chipset emulation (boo#1005004 CVE-2016-8667)
– A privileged guest user could cause a crash of the emulator process on
the host by exploiting a divide by zero issue of the 16550A UART
emulation (boo#1005005, CVE-2016-8669)
– A privileged guest user could cause an infinite loop in the USB xHCI
emulation, causing a DoS situation on the host (boo#1004016,
CVE-2016-8576)
– A privileged guest user could cause an infinite loop in the ColdFire
Fash Ethernet Controller emulation, causing a DoS situation on the host
(boo#1003030, CVE-2016-7908)
– A privileged guest user could cause an infinite loop in the AMD PC-Net
II emulation, causing a DoS situation on the host (boo#1003032,
CVE-2016-7909)
– Cause a reload of clvm in the block-dmmd script to avoid a blocking
lvchange call (boo#1002496)
– Also unplug SCSI disks in qemu-xen-traditional for upstream unplug
protocol. Before a single SCSI storage devices added to HVM guests could
appear multiple times in the guest. (boo#953518)
– Fix a kernel panic / black screen when trying to boot a XEN kernel on
some UEFI firmwares (boo#1000195)
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
– openSUSE 13.2:
zypper in -t patch openSUSE-2017-5=1
To bring your system up-to-date, use “zypper patch”.
Package List:
– openSUSE 13.2 (i586 x86_64):
xen-debugsource-4.4.4_06-58.1
xen-devel-4.4.4_06-58.1
xen-libs-4.4.4_06-58.1
xen-libs-debuginfo-4.4.4_06-58.1
xen-tools-domU-4.4.4_06-58.1
xen-tools-domU-debuginfo-4.4.4_06-58.1
– openSUSE 13.2 (x86_64):
xen-4.4.4_06-58.1
xen-doc-html-4.4.4_06-58.1
xen-kmp-default-4.4.4_06_k3.16.7_53-58.1
xen-kmp-default-debuginfo-4.4.4_06_k3.16.7_53-58.1
xen-kmp-desktop-4.4.4_06_k3.16.7_53-58.1
xen-kmp-desktop-debuginfo-4.4.4_06_k3.16.7_53-58.1
xen-libs-32bit-4.4.4_06-58.1
xen-libs-debuginfo-32bit-4.4.4_06-58.1
xen-tools-4.4.4_06-58.1
xen-tools-debuginfo-4.4.4_06-58.1
References:
https://www.suse.com/security/cve/CVE-2016-10013.html
https://www.suse.com/security/cve/CVE-2016-10024.html
https://www.suse.com/security/cve/CVE-2016-7777.html
https://www.suse.com/security/cve/CVE-2016-7908.html
https://www.suse.com/security/cve/CVE-2016-7909.html
https://www.suse.com/security/cve/CVE-2016-8576.html
https://www.suse.com/security/cve/CVE-2016-8667.html
https://www.suse.com/security/cve/CVE-2016-8669.html
https://www.suse.com/security/cve/CVE-2016-8909.html
https://www.suse.com/security/cve/CVE-2016-8910.html
https://www.suse.com/security/cve/CVE-2016-9379.html
https://www.suse.com/security/cve/CVE-2016-9380.html
https://www.suse.com/security/cve/CVE-2016-9381.html
https://www.suse.com/security/cve/CVE-2016-9382.html
https://www.suse.com/security/cve/CVE-2016-9383.html
https://www.suse.com/security/cve/CVE-2016-9385.html
https://www.suse.com/security/cve/CVE-2016-9386.html
https://www.suse.com/security/cve/CVE-2016-9637.html
https://www.suse.com/security/cve/CVE-2016-9932.html
https://bugzilla.suse.com/1000106
https://bugzilla.suse.com/1000195
https://bugzilla.suse.com/1002496
https://bugzilla.suse.com/1003030
https://bugzilla.suse.com/1003032
https://bugzilla.suse.com/1004016
https://bugzilla.suse.com/1005004
https://bugzilla.suse.com/1005005
https://bugzilla.suse.com/1007157
https://bugzilla.suse.com/1007160
https://bugzilla.suse.com/1009100
https://bugzilla.suse.com/1009103
https://bugzilla.suse.com/1009104
https://bugzilla.suse.com/1009107
https://bugzilla.suse.com/1009109
https://bugzilla.suse.com/1009111
https://bugzilla.suse.com/1011652
https://bugzilla.suse.com/1012651
https://bugzilla.suse.com/1014298
https://bugzilla.suse.com/1016340
https://bugzilla.suse.com/953518
—
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org