Jump to content
Compatible Support Forums
Sign in to follow this  
Followers 0
news

[security-announce] SUSE-SU-2016:0658-1: important: Security update for Xen

By news, in Upcoming News

Recommended Posts

news    28

news
Posted

SUSE Security Update: Security update for Xen

______________________________________________________________________________

 

Announcement ID: SUSE-SU-2016:0658-1

Rating: important

References: #877642 #932267 #944463 #950706 #953527 #954405

#956408 #956411 #957988 #958009 #958493 #958523

#962360

Cross-References: CVE-2014-0222 CVE-2015-4037 CVE-2015-5239

CVE-2015-5307 CVE-2015-7504 CVE-2015-7512

CVE-2015-7971 CVE-2015-8104 CVE-2015-8339

CVE-2015-8340 CVE-2015-8504 CVE-2015-8550

CVE-2015-8555

Affected Products:

SUSE Linux Enterprise Server 10 SP4 LTSS

______________________________________________________________________________

 

An update that fixes 13 vulnerabilities is now available.

 

Description:

 

 

Xen was updated to fix the following vulnerabilities:

 

* CVE-2014-0222: Qcow1 L2 table size integer overflows (bsc#877642)

* CVE-2015-4037: Insecure temporary file use in /net/slirp.c

(bsc#932267)

* CVE-2015-5239: Integer overflow in vnc_client_read() and

protocol_client_msg() (bsc#944463)

* CVE-2015-7504: Heap buffer overflow vulnerability in pcnet emulator

(XSA-162, bsc#956411)

* CVE-2015-7971: Some pmu and profiling hypercalls log without rate

limiting (XSA-152, bsc#950706)

* CVE-2015-8104: Guest to host DoS by triggering an infinite loop in

microcode via #DB exception (bsc#954405)

* CVE-2015-5307: Guest to host DOS by intercepting #AC (XSA-156,

bsc#953527)

* CVE-2015-8339: XENMEM_exchange error handling issues (XSA-159,

bsc#956408)

* CVE-2015-8340: XENMEM_exchange error handling issues (XSA-159,

bsc#956408)

* CVE-2015-7512: Buffer overflow in pcnet's non-loopback mode

(bsc#962360)

* CVE-2015-8550: Paravirtualized drivers incautious about shared

memory contents (XSA-155, bsc#957988)

* CVE-2015-8504: Avoid floating point exception in vnc support

(bsc#958493)

* CVE-2015-8555: Information leak in legacy x86 FPU/XMM initialization

(XSA-165, bsc#958009)

* Ioreq handling possibly susceptible to multiple read issue (XSA-166,

bsc#958523)

 

Security Issues:

 

* CVE-2014-0222

 

* CVE-2015-4037

 

* CVE-2015-5239

 

* CVE-2015-7504

 

* CVE-2015-7971

 

* CVE-2015-8104

 

* CVE-2015-5307

 

* CVE-2015-8339

 

* CVE-2015-8340

 

* CVE-2015-7512

 

* CVE-2015-8550

 

* CVE-2015-8504

 

* CVE-2015-8555

 

 

 

Special Instructions and Notes:

 

Please reboot the system after installing this update.

 

 

Package List:

 

- SUSE Linux Enterprise Server 10 SP4 LTSS (i586 x86_64):

 

xen-3.2.3_17040_46-0.23.2

xen-devel-3.2.3_17040_46-0.23.2

xen-doc-html-3.2.3_17040_46-0.23.2

xen-doc-pdf-3.2.3_17040_46-0.23.2

xen-doc-ps-3.2.3_17040_46-0.23.2

xen-kmp-debug-3.2.3_17040_46_2.6.16.60_0.132.6-0.23.2

xen-kmp-default-3.2.3_17040_46_2.6.16.60_0.132.6-0.23.2

xen-kmp-kdump-3.2.3_17040_46_2.6.16.60_0.132.6-0.23.2

xen-kmp-smp-3.2.3_17040_46_2.6.16.60_0.132.6-0.23.2

xen-libs-3.2.3_17040_46-0.23.2

xen-tools-3.2.3_17040_46-0.23.2

xen-tools-domU-3.2.3_17040_46-0.23.2

xen-tools-ioemu-3.2.3_17040_46-0.23.2

 

- SUSE Linux Enterprise Server 10 SP4 LTSS (x86_64):

 

xen-libs-32bit-3.2.3_17040_46-0.23.2

 

- SUSE Linux Enterprise Server 10 SP4 LTSS (i586):

 

xen-kmp-bigsmp-3.2.3_17040_46_2.6.16.60_0.132.6-0.23.2

xen-kmp-kdumppae-3.2.3_17040_46_2.6.16.60_0.132.6-0.23.2

xen-kmp-vmi-3.2.3_17040_46_2.6.16.60_0.132.6-0.23.2

xen-kmp-vmipae-3.2.3_17040_46_2.6.16.60_0.132.6-0.23.2

 

 

References:

 

https://www.suse.com/security/cve/CVE-2014-0222.html

https://www.suse.com/security/cve/CVE-2015-4037.html

https://www.suse.com/security/cve/CVE-2015-5239.html

https://www.suse.com/security/cve/CVE-2015-5307.html

https://www.suse.com/security/cve/CVE-2015-7504.html

https://www.suse.com/security/cve/CVE-2015-7512.html

https://www.suse.com/security/cve/CVE-2015-7971.html

https://www.suse.com/security/cve/CVE-2015-8104.html

https://www.suse.com/security/cve/CVE-2015-8339.html

https://www.suse.com/security/cve/CVE-2015-8340.html

https://www.suse.com/security/cve/CVE-2015-8504.html

https://www.suse.com/security/cve/CVE-2015-8550.html

https://www.suse.com/security/cve/CVE-2015-8555.html

https://bugzilla.suse.com/877642

https://bugzilla.suse.com/932267

https://bugzilla.suse.com/944463

https://bugzilla.suse.com/950706

https://bugzilla.suse.com/953527

https://bugzilla.suse.com/954405

https://bugzilla.suse.com/956408

https://bugzilla.suse.com/956411

https://bugzilla.suse.com/957988

https://bugzilla.suse.com/958009

https://bugzilla.suse.com/958493

https://bugzilla.suse.com/958523

https://bugzilla.suse.com/962360

https://download.suse.com/patch/finder/?keywords=085198b0d3665c1af17df9c5dcb0be80

 

--

To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org

For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org

 

 

 

Share this post

Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  
Followers 0
Go To Topic Listing Upcoming News
×