Security update for xen

SUSE Security Update: Security update for xen
Announcement ID: SUSE-SU-2016:2507-1
Rating: important
References: #966467 #970135 #971949 #988675 #990970 #991934 #992224 #993507 #994136 #994421 #994625 #994761 #994772 #994775 #995785 #995789 #995792 #997731
Affected Products:
  • SUSE Linux Enterprise Software Development Kit 11-SP4
  • SUSE Linux Enterprise Server 11-SP4
  • SUSE Linux Enterprise Debuginfo 11-SP4

  • An update that solves 10 vulnerabilities and has 8 fixes is now available.

    Description:

    This update for xen fixes several issues.

    These security issues were fixed:
    - CVE-2016-7092: The get_page_from_l3e function in arch/x86/mm.c in Xen
    allowed local 32-bit PV guest OS administrators to gain host OS
    privileges via vectors related to L3 recursive pagetables (bsc#995785)
    - CVE-2016-7093: Xen allowed local HVM guest OS administrators to
    overwrite hypervisor memory and consequently gain host OS privileges by
    leveraging mishandling of instruction pointer truncation during
    emulation (bsc#995789)
    - CVE-2016-7094: Buffer overflow in Xen allowed local x86 HVM guest OS
    administrators on guests running with shadow paging to cause a denial of
    service via a pagetable update (bsc#995792)
    - CVE-2016-7154: Use-after-free vulnerability in the FIFO event channel
    code in Xen allowed local guest OS administrators to cause a denial of
    service (host crash) and possibly execute arbitrary code or obtain
    sensitive information via an invalid guest frame number (bsc#997731)
    - CVE-2016-6836: VMWARE VMXNET3 NIC device allowed privileged user inside
    the guest to leak information. It occured while processing transmit(tx)
    queue, when it reaches the end of packet (bsc#994761)
    - CVE-2016-6888: A integer overflow int the VMWARE VMXNET3 NIC device
    support, during the initialisation of new packets in the device, could
    have allowed a privileged user inside guest to crash the Qemu instance
    resulting in DoS (bsc#994772)
    - CVE-2016-6833: A use-after-free issue in the VMWARE VMXNET3 NIC device
    support allowed privileged user inside guest to crash the Qemu instance
    resulting in DoS (bsc#994775)
    - CVE-2016-6835: Buffer overflow in the VMWARE VMXNET3 NIC device support,
    causing an OOB read access (bsc#994625)
    - CVE-2016-6834: A infinite loop during packet fragmentation in the VMWARE
    VMXNET3 NIC device support allowed privileged user inside guest to crash
    the Qemu instance resulting in DoS (bsc#994421)
    - CVE-2016-6258: The PV pagetable code in arch/x86/mm.c in Xen allowed
    local 32-bit PV guest OS administrators to gain host OS privileges by
    leveraging fast-paths for updating pagetable entries (bsc#988675)

    These non-security issues were fixed:
    - bsc#993507: virsh detach-disk failing to detach disk
    - bsc#991934: Xen hypervisor crash in csched_acct
    - bsc#992224: During boot of Xen Hypervisor, Failed to get contiguous
    memory for DMA
    - bsc#970135: New virtualization project clock test randomly fails on Xen
    - bsc#994136: Unplug also SCSI disks in qemu-xen-traditional for upstream
    unplug protocol
    - bsc#994136: xen_platform: unplug also SCSI disks in qemu-xen
    - bsc#971949: xl: Support (by ignoring) xl migrate --live. xl migrations
    are always live
    - bsc#990970: Add PMU support for Intel E7-8867 v4 (fam=6, model=79)
    - bsc#966467: Live Migration SLES 11 SP3 to SP4 on AMD

    Patch Instructions:

    To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product:

    • SUSE Linux Enterprise Software Development Kit 11-SP4:
      zypper in -t patch sdksp4-xen-12782=1
    • SUSE Linux Enterprise Server 11-SP4:
      zypper in -t patch slessp4-xen-12782=1
    • SUSE Linux Enterprise Debuginfo 11-SP4:
      zypper in -t patch dbgsp4-xen-12782=1

    To bring your system up-to-date, use "zypper patch".

    Package List:

    • SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64):
      • xen-devel-4.4.4_08-40.2
    • SUSE Linux Enterprise Server 11-SP4 (i586 x86_64):
      • xen-kmp-default-4.4.4_08_3.0.101_80-40.2
      • xen-libs-4.4.4_08-40.2
      • xen-tools-domU-4.4.4_08-40.2
    • SUSE Linux Enterprise Server 11-SP4 (x86_64):
      • xen-4.4.4_08-40.2
      • xen-doc-html-4.4.4_08-40.2
      • xen-libs-32bit-4.4.4_08-40.2
      • xen-tools-4.4.4_08-40.2
    • SUSE Linux Enterprise Server 11-SP4 (i586):
      • xen-kmp-pae-4.4.4_08_3.0.101_80-40.2
    • SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64):
      • xen-debuginfo-4.4.4_08-40.2
      • xen-debugsource-4.4.4_08-40.2

    References: