Security update for Xen

SUSE Security Update: Security update for Xen
Announcement ID: SUSE-SU-2015:1156-1
Rating: important
References: #931625 #931626 #931627 #931628 #932770 #932996
Affected Products:
  • SUSE Linux Enterprise Server 11 SP1 LTSS

  • An update that fixes 6 vulnerabilities is now available.


    Xen was updated to fix six security issues:

    • CVE-2015-4103: Potential unintended writes to host MSI message data field via qemu. (XSA-128, bsc#931625)
    • CVE-2015-4104: PCI MSI mask bits inadvertently exposed to guests. (XSA-129, bsc#931626)
    • CVE-2015-4105: Guest triggerable qemu MSI-X pass-through error messages. (XSA-130, bsc#931627)
    • CVE-2015-4106: Unmediated PCI register access in qemu. (XSA-131, bsc#931628)
    • CVE-2015-3209: heap overflow in qemu pcnet controller allowing guest to host escape. (XSA-135, bsc#932770)
    • CVE-2015-4164: DoS through iret hypercall handler. (XSA-136, bsc#932996)

    Security Issues:

    Special Instructions and Notes:

    Please reboot the system after installing this update.

    Patch Instructions:

    To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product:

    • SUSE Linux Enterprise Server 11 SP1 LTSS:
      zypper in -t patch slessp1-xen-201506=10726

    To bring your system up-to-date, use "zypper patch".

    Package List:

    • SUSE Linux Enterprise Server 11 SP1 LTSS (i586 x86_64):
      • xen-4.0.3_21548_18-0.25.1
      • xen-doc-html-4.0.3_21548_18-0.25.1
      • xen-doc-pdf-4.0.3_21548_18-0.25.1
      • xen-kmp-default-4.0.3_21548_18_2.6.32.59_0.19-0.25.1
      • xen-kmp-trace-4.0.3_21548_18_2.6.32.59_0.19-0.25.1
      • xen-libs-4.0.3_21548_18-0.25.1
      • xen-tools-4.0.3_21548_18-0.25.1
      • xen-tools-domU-4.0.3_21548_18-0.25.1
    • SUSE Linux Enterprise Server 11 SP1 LTSS (i586):
      • xen-kmp-pae-4.0.3_21548_18_2.6.32.59_0.19-0.25.1