Security update for xen

Announcement ID:	SUSE-SU-2015:1894-1
Rating:	important
References:	bsc#877642 bsc#901488 bsc#907514 bsc#910258 bsc#918984 bsc#923967 bsc#932267 bsc#944463 bsc#944697 bsc#945167 bsc#947165 bsc#949138 bsc#949549 bsc#950367 bsc#950703 bsc#950705 bsc#950706
Cross-References:	CVE-2014-0222 CVE-2015-4037 CVE-2015-5239 CVE-2015-6815 CVE-2015-7311 CVE-2015-7835 CVE-2015-7969 CVE-2015-7971
CVSS scores:	CVE-2015-5239 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2015-6815 ( NVD ): 3.5 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Affected Products:	SLES for SAP Applications 11-SP4 SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4

An update that solves eight vulnerabilities and has nine security fixes can now be installed.

Description:

xen was updated to version 4.4.3 to fix nine security issues.

These security issues were fixed: - CVE-2015-4037: The slirp_smb function in net/slirp.c created temporary files with predictable names, which allowed local users to cause a denial of service (instantiation failure) by creating /tmp/qemu-smb.- files before the program (bsc#932267). - CVE-2014-0222: Integer overflow in the qcow_open function allowed remote attackers to cause a denial of service (crash) via a large L2 table in a QCOW version 1 image (bsc#877642). - CVE-2015-7835: Uncontrolled creation of large page mappings by PV guests (bsc#950367). - CVE-2015-7311: libxl in Xen did not properly handle the readonly flag on disks when using the qemu-xen device model, which allowed local guest users to write to a read-only disk image (bsc#947165). - CVE-2015-5239: Integer overflow in vnc_client_read() and protocol_client_msg() (bsc#944463). - CVE-2015-6815: With e1000 NIC emulation support it was possible to enter an infinite loop (bsc#944697). - CVE-2015-7969: Leak of main per-domain vcpu pointer array leading to denial of service (bsc#950703). - CVE-2015-7969: Leak of per-domain profiling- related vcpu pointer array leading to denial of service (bsc#950705). - CVE-2015-7971: Some pmu and profiling hypercalls log without rate limiting (bsc#950706).

These non-security issues were fixed: - bsc#907514: Bus fatal error: SLES 12 sudden reboot has been observed - bsc#910258: SLES12 Xen host crashes with FATAL NMI after shutdown of guest with VT-d NIC - bsc#918984: Bus fatal error: SLES11-SP4 sudden reboot has been observed - bsc#923967: Partner-L3: Bus fatal error: SLES11-SP3 sudden reboot has been observed - bnc#901488: Intel ixgbe driver assigns rx/tx queues per core resulting in irq problems on servers with a large amount of CPU cores - bsc#945167: Running command: xl pci-assignable-add 03:10.1 secondly show errors - bsc#949138: Setting vcpu affinity under Xen causes libvirtd abort - bsc#949549: xm create hangs when maxmen value is enclosed in quotes

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Desktop 11 SP4
  zypper in -t patch sledsp4-xen-12184=1
• SUSE Linux Enterprise Software Development Kit 11 SP4
  zypper in -t patch sdksp4-xen-12184=1
• SUSE Linux Enterprise Server 11 SP4
  zypper in -t patch slessp4-xen-12184=1
• SLES for SAP Applications 11-SP4
  zypper in -t patch slessp4-xen-12184=1

Package List:

• SUSE Linux Enterprise Desktop 11 SP4 (x86_64 i586)
  • xen-kmp-default-4.4.3_02_3.0.101_65-26.2
  • xen-libs-4.4.3_02-26.2
  • xen-tools-domU-4.4.3_02-26.2
• SUSE Linux Enterprise Desktop 11 SP4 (i586)
  • xen-kmp-pae-4.4.3_02_3.0.101_65-26.2
• SUSE Linux Enterprise Desktop 11 SP4 (x86_64)
  • xen-libs-32bit-4.4.3_02-26.2
  • xen-tools-4.4.3_02-26.2
  • xen-4.4.3_02-26.2
  • xen-doc-html-4.4.3_02-26.2
• SUSE Linux Enterprise Software Development Kit 11 SP4 (x86_64 i586)
  • xen-devel-4.4.3_02-26.2
• SUSE Linux Enterprise Server 11 SP4 (x86_64 i586)
  • xen-kmp-default-4.4.3_02_3.0.101_65-26.2
  • xen-libs-4.4.3_02-26.2
  • xen-tools-domU-4.4.3_02-26.2
• SUSE Linux Enterprise Server 11 SP4 (i586)
  • xen-kmp-pae-4.4.3_02_3.0.101_65-26.2
• SUSE Linux Enterprise Server 11 SP4 (x86_64)
  • xen-libs-32bit-4.4.3_02-26.2
  • xen-tools-4.4.3_02-26.2
  • xen-4.4.3_02-26.2
  • xen-doc-html-4.4.3_02-26.2
• SLES for SAP Applications 11-SP4 (x86_64)
  • xen-kmp-default-4.4.3_02_3.0.101_65-26.2
  • xen-libs-4.4.3_02-26.2
  • xen-tools-4.4.3_02-26.2
  • xen-4.4.3_02-26.2
  • xen-libs-32bit-4.4.3_02-26.2
  • xen-doc-html-4.4.3_02-26.2
  • xen-tools-domU-4.4.3_02-26.2

References:

• https://www.suse.com/security/cve/CVE-2014-0222.html
• https://www.suse.com/security/cve/CVE-2015-4037.html
• https://www.suse.com/security/cve/CVE-2015-5239.html
• https://www.suse.com/security/cve/CVE-2015-6815.html
• https://www.suse.com/security/cve/CVE-2015-7311.html
• https://www.suse.com/security/cve/CVE-2015-7835.html
• https://www.suse.com/security/cve/CVE-2015-7969.html
• https://www.suse.com/security/cve/CVE-2015-7971.html
• https://bugzilla.suse.com/show_bug.cgi?id=877642
• https://bugzilla.suse.com/show_bug.cgi?id=901488
• https://bugzilla.suse.com/show_bug.cgi?id=907514
• https://bugzilla.suse.com/show_bug.cgi?id=910258
• https://bugzilla.suse.com/show_bug.cgi?id=918984
• https://bugzilla.suse.com/show_bug.cgi?id=923967
• https://bugzilla.suse.com/show_bug.cgi?id=932267
• https://bugzilla.suse.com/show_bug.cgi?id=944463
• https://bugzilla.suse.com/show_bug.cgi?id=944697
• https://bugzilla.suse.com/show_bug.cgi?id=945167
• https://bugzilla.suse.com/show_bug.cgi?id=947165
• https://bugzilla.suse.com/show_bug.cgi?id=949138
• https://bugzilla.suse.com/show_bug.cgi?id=949549
• https://bugzilla.suse.com/show_bug.cgi?id=950367
• https://bugzilla.suse.com/show_bug.cgi?id=950703
• https://bugzilla.suse.com/show_bug.cgi?id=950705
• https://bugzilla.suse.com/show_bug.cgi?id=950706