Security update for xen

Announcement ID:	SUSE-SU-2015:1853-1
Rating:	important
References:	bsc#877642 bsc#907514 bsc#910258 bsc#918984 bsc#923967 bsc#932267 bsc#941074 bsc#944463 bsc#944697 bsc#947165 bsc#950367 bsc#950703 bsc#950705 bsc#950706
Cross-References:	CVE-2014-0222 CVE-2015-4037 CVE-2015-5239 CVE-2015-6815 CVE-2015-7311 CVE-2015-7835 CVE-2015-7969 CVE-2015-7971
CVSS scores:	CVE-2015-5239 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2015-6815 ( NVD ): 3.5 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Affected Products:	SLES for SAP Applications 11-SP3 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3

An update that solves eight vulnerabilities and has six security fixes can now be installed.

Description:

xen was updated to fix nine security issues.

These security issues were fixed: - CVE-2015-4037: The slirp_smb function in net/slirp.c created temporary files with predictable names, which allowed local users to cause a denial of service (instantiation failure) by creating /tmp/qemu-smb.- files before the program (bsc#932267). - CVE-2014-0222: Integer overflow in the qcow_open function allowed remote attackers to cause a denial of service (crash) via a large L2 table in a QCOW version 1 image (bsc#877642). - CVE-2015-7835: Uncontrolled creation of large page mappings by PV guests (bsc#950367). - CVE-2015-7311: libxl in Xen did not properly handle the readonly flag on disks when using the qemu-xen device model, which allowed local guest users to write to a read-only disk image (bsc#947165). - CVE-2015-5239: Integer overflow in vnc_client_read() and protocol_client_msg() (bsc#944463). - CVE-2015-6815: With e1000 NIC emulation support it was possible to enter an infinite loop (bsc#944697). - CVE-2015-7969: Leak of main per-domain vcpu pointer array leading to denial of service (bsc#950703). - CVE-2015-7969: Leak of per-domain profiling- related vcpu pointer array leading to denial of service (bsc#950705). - CVE-2015-7971: Some pmu and profiling hypercalls log without rate limiting (bsc#950706).

These non-security issues were fixed: - bsc#907514: Bus fatal error: SLES 12 sudden reboot has been observed - bsc#910258: SLES12 Xen host crashes with FATAL NMI after shutdown of guest with VT-d NIC - bsc#918984: Bus fatal error: SLES11-SP4 sudden reboot has been observed - bsc#923967: Partner-L3: Bus fatal error: SLES11-SP3 sudden reboot has been observed - bsc#941074: Device 51728 could not be connected. Hotplug scripts not working

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Desktop 11 SP3
  zypper in -t patch sledsp3-xen-12174=1
• SUSE Linux Enterprise Software Development Kit 11 SP3
  zypper in -t patch sdksp3-xen-12174=1
• SUSE Linux Enterprise Server 11 SP3
  zypper in -t patch slessp3-xen-12174=1
• SLES for SAP Applications 11-SP3
  zypper in -t patch slessp3-xen-12174=1

Package List:

• SUSE Linux Enterprise Desktop 11 SP3 (x86_64 i586)
  • xen-libs-4.2.5_14-18.2
  • xen-kmp-default-4.2.5_14_3.0.101_0.47.67-18.2
  • xen-tools-domU-4.2.5_14-18.2
• SUSE Linux Enterprise Desktop 11 SP3 (i586)
  • xen-kmp-pae-4.2.5_14_3.0.101_0.47.67-18.2
• SUSE Linux Enterprise Desktop 11 SP3 (x86_64)
  • xen-libs-32bit-4.2.5_14-18.2
  • xen-4.2.5_14-18.2
  • xen-doc-pdf-4.2.5_14-18.2
  • xen-tools-4.2.5_14-18.2
  • xen-doc-html-4.2.5_14-18.2
• SUSE Linux Enterprise Software Development Kit 11 SP3 (x86_64 i586)
  • xen-devel-4.2.5_14-18.2
• SUSE Linux Enterprise Server 11 SP3 (x86_64 i586)
  • xen-libs-4.2.5_14-18.2
  • xen-kmp-default-4.2.5_14_3.0.101_0.47.67-18.2
  • xen-tools-domU-4.2.5_14-18.2
• SUSE Linux Enterprise Server 11 SP3 (i586)
  • xen-kmp-pae-4.2.5_14_3.0.101_0.47.67-18.2
• SUSE Linux Enterprise Server 11 SP3 (x86_64)
  • xen-libs-32bit-4.2.5_14-18.2
  • xen-4.2.5_14-18.2
  • xen-doc-pdf-4.2.5_14-18.2
  • xen-tools-4.2.5_14-18.2
  • xen-doc-html-4.2.5_14-18.2
• SLES for SAP Applications 11-SP3 (x86_64)
  • xen-libs-32bit-4.2.5_14-18.2
  • xen-4.2.5_14-18.2
  • xen-kmp-default-4.2.5_14_3.0.101_0.47.67-18.2
  • xen-doc-pdf-4.2.5_14-18.2
  • xen-tools-4.2.5_14-18.2
  • xen-libs-4.2.5_14-18.2
  • xen-tools-domU-4.2.5_14-18.2
  • xen-doc-html-4.2.5_14-18.2

References:

• https://www.suse.com/security/cve/CVE-2014-0222.html
• https://www.suse.com/security/cve/CVE-2015-4037.html
• https://www.suse.com/security/cve/CVE-2015-5239.html
• https://www.suse.com/security/cve/CVE-2015-6815.html
• https://www.suse.com/security/cve/CVE-2015-7311.html
• https://www.suse.com/security/cve/CVE-2015-7835.html
• https://www.suse.com/security/cve/CVE-2015-7969.html
• https://www.suse.com/security/cve/CVE-2015-7971.html
• https://bugzilla.suse.com/show_bug.cgi?id=877642
• https://bugzilla.suse.com/show_bug.cgi?id=907514
• https://bugzilla.suse.com/show_bug.cgi?id=910258
• https://bugzilla.suse.com/show_bug.cgi?id=918984
• https://bugzilla.suse.com/show_bug.cgi?id=923967
• https://bugzilla.suse.com/show_bug.cgi?id=932267
• https://bugzilla.suse.com/show_bug.cgi?id=941074
• https://bugzilla.suse.com/show_bug.cgi?id=944463
• https://bugzilla.suse.com/show_bug.cgi?id=944697
• https://bugzilla.suse.com/show_bug.cgi?id=947165
• https://bugzilla.suse.com/show_bug.cgi?id=950367
• https://bugzilla.suse.com/show_bug.cgi?id=950703
• https://bugzilla.suse.com/show_bug.cgi?id=950705
• https://bugzilla.suse.com/show_bug.cgi?id=950706