Jump to content
Compatible Support Forums
Sign in to follow this  
Followers 0
news

[security-announce] SUSE-SU-2016:1445-1: important: Security update for Xen

By news, in Upcoming News

Recommended Posts

news    28

news
Posted

SUSE Security Update: Security update for Xen

______________________________________________________________________________

 

Announcement ID: SUSE-SU-2016:1445-1

Rating: important

References: #960726 #962627 #964925 #964947 #965315 #965317

#967101 #969351

Cross-References: CVE-2014-0222 CVE-2014-7815 CVE-2015-5278

CVE-2015-8743 CVE-2016-2270 CVE-2016-2271

CVE-2016-2391 CVE-2016-2841

Affected Products:

SUSE Linux Enterprise Server 10 SP4 LTSS

______________________________________________________________________________

 

An update that fixes 8 vulnerabilities is now available.

 

Description:

 

 

Xen was updated to fix the following security issues:

 

* CVE-2016-2841: net: ne2000: infinite loop in ne2000_receive

(bsc#969351)

* CVE-2016-2391: usb: multiple eof_timers in ohci module leads to null

pointer dereference (bsc#967101)

* CVE-2016-2270: x86: inconsistent cachability flags on guest mappings

(XSA-154) (bsc#965315)

* CVE-2016-2271: VMX: guest user mode may crash guest with

non-canonical RIP (XSA-170) (bsc#965317)

* CVE-2015-5278: Infinite loop in ne2000_receive() function

(bsc#964947)

* CVE-2014-0222: qcow1: validate L2 table size to avoid integer

overflows (bsc#964925)

* CVE-2014-7815: vnc: insufficient bits_per_pixel from the client

sanitization (bsc#962627)

* CVE-2015-8743: ne2000: OOB memory access in ioport r/w functions

(bsc#960726)

 

Security Issues:

 

* CVE-2016-2841

 

* CVE-2016-2391

 

* CVE-2016-2270

 

* CVE-2016-2271

 

* CVE-2015-5278

 

* CVE-2014-0222

 

* CVE-2014-7815

 

* CVE-2015-8743

 

 

 

Special Instructions and Notes:

 

Please reboot the system after installing this update.

 

 

Package List:

 

- SUSE Linux Enterprise Server 10 SP4 LTSS (i586 x86_64):

 

xen-3.2.3_17040_46-0.25.1

xen-devel-3.2.3_17040_46-0.25.1

xen-doc-html-3.2.3_17040_46-0.25.1

xen-doc-pdf-3.2.3_17040_46-0.25.1

xen-doc-ps-3.2.3_17040_46-0.25.1

xen-kmp-debug-3.2.3_17040_46_2.6.16.60_0.132.8-0.25.1

xen-kmp-default-3.2.3_17040_46_2.6.16.60_0.132.8-0.25.1

xen-kmp-kdump-3.2.3_17040_46_2.6.16.60_0.132.8-0.25.1

xen-kmp-smp-3.2.3_17040_46_2.6.16.60_0.132.8-0.25.1

xen-libs-3.2.3_17040_46-0.25.1

xen-tools-3.2.3_17040_46-0.25.1

xen-tools-domU-3.2.3_17040_46-0.25.1

xen-tools-ioemu-3.2.3_17040_46-0.25.1

 

- SUSE Linux Enterprise Server 10 SP4 LTSS (x86_64):

 

xen-libs-32bit-3.2.3_17040_46-0.25.1

 

- SUSE Linux Enterprise Server 10 SP4 LTSS (i586):

 

xen-kmp-bigsmp-3.2.3_17040_46_2.6.16.60_0.132.8-0.25.1

xen-kmp-kdumppae-3.2.3_17040_46_2.6.16.60_0.132.8-0.25.1

xen-kmp-vmi-3.2.3_17040_46_2.6.16.60_0.132.8-0.25.1

xen-kmp-vmipae-3.2.3_17040_46_2.6.16.60_0.132.8-0.25.1

 

 

References:

 

https://www.suse.com/security/cve/CVE-2014-0222.html

https://www.suse.com/security/cve/CVE-2014-7815.html

https://www.suse.com/security/cve/CVE-2015-5278.html

https://www.suse.com/security/cve/CVE-2015-8743.html

https://www.suse.com/security/cve/CVE-2016-2270.html

https://www.suse.com/security/cve/CVE-2016-2271.html

https://www.suse.com/security/cve/CVE-2016-2391.html

https://www.suse.com/security/cve/CVE-2016-2841.html

https://bugzilla.suse.com/960726

https://bugzilla.suse.com/962627

https://bugzilla.suse.com/964925

https://bugzilla.suse.com/964947

https://bugzilla.suse.com/965315

https://bugzilla.suse.com/965317

https://bugzilla.suse.com/967101

https://bugzilla.suse.com/969351

https://download.suse.com/patch/finder/?keywords=5674a3bc2ab2548e9b2b0ec9973724d0

 

--

To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org

For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org

 

 

 

Share this post

Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  
Followers 0
Go To Topic Listing Upcoming News
×