Jump to content
Compatible Support Forums
Sign in to follow this  
Followers 0
news

[security-announce] openSUSE-SU-2017:0007-1: important: Security update for xen

By news, in Upcoming News

Recommended Posts

news    28

news
Posted

openSUSE Security Update: Security update for xen

______________________________________________________________________________

 

Announcement ID: openSUSE-SU-2017:0007-1

Rating: important

References: #1000106 #1002496 #1003030 #1003032 #1003870

#1004016 #1005004 #1005005 #1007157 #1007160

#1009100 #1009103 #1009104 #1009107 #1009108

#1009109 #1009111 #1011652 #1012651 #1013657

#1013668 #1014298 #1016340

Cross-References: CVE-2016-10013 CVE-2016-10024 CVE-2016-7777

CVE-2016-7908 CVE-2016-7909 CVE-2016-7995

CVE-2016-8576 CVE-2016-8667 CVE-2016-8669

CVE-2016-8909 CVE-2016-8910 CVE-2016-9101

CVE-2016-9377 CVE-2016-9378 CVE-2016-9379

CVE-2016-9380 CVE-2016-9381 CVE-2016-9382

CVE-2016-9383 CVE-2016-9385 CVE-2016-9386

CVE-2016-9637 CVE-2016-9776 CVE-2016-9932

 

Affected Products:

openSUSE Leap 42.1

______________________________________________________________________________

 

An update that fixes 24 vulnerabilities is now available.

 

Description:

 

 

This updates xen to version 4.5.5 to fix the following issues:

 

- An unprivileged user in a guest could gain guest could escalate

privilege to that of the guest kernel, if it had could invoke the

instruction emulator. Only 64-bit x86 HVM guest were affected. Linux

guest have not been vulnerable. (boo#1016340, CVE-2016-10013)

- An unprivileged user in a 64 bit x86 guest could gain information from

the host, crash the host or gain privilege of the host (boo#1009107,

CVE-2016-9383)

- An unprivileged guest process could (unintentionally or maliciously)

obtain

or ocorrupt sensitive information of other programs in the same guest.

Only x86 HVM guests have been affected. The attacker needs to be able

to trigger the Xen instruction emulator. (boo#1000106, CVE-2016-7777)

- A guest on x86 systems could read small parts of hypervisor stack data

(boo#1012651, CVE-2016-9932)

- A malicious guest kernel could hang or crash the host system

(boo#1014298, CVE-2016-10024)

- The epro100 emulated network device caused a memory leak in the host

when unplugged in the guest. A privileged user in the guest could use

this to cause a DoS on the host or potentially crash the guest process

on the host (boo#1013668, CVE-2016-9101)

- The ColdFire Fast Ethernet Controller was vulnerable to an infinite loop

that could be trigged by a privileged user in the guest, leading to DoS

(boo#1013657, CVE-2016-9776)

- A malicious guest administrator could escalate their privilege to that

of the host. Only affects x86 HVM guests using qemu older version 1.6.0

or using the qemu-xen-traditional. (boo#1011652, CVE-2016-9637)

- An unprivileged guest user could escalate privilege to that of the guest

administrator on x86 HVM guests, especially on Intel CPUs (boo#1009100,

CVE-2016-9386)

- An unprivileged guest user could escalate privilege to that of the guest

administrator (on AMD CPUs) or crash the system (on Intel CPUs) on

32-bit x86 HVM guests. Only guest operating systems that allowed a new

task to start in VM86 mode were affected. (boo#1009103, CVE-2016-9382)

- A malicious guest administrator could crash the host on x86 PV guests

only (boo#1009104, CVE-2016-9385)

- An unprivileged guest user was able to crash the guest. (boo#1009108,

CVE-2016-9377, CVE-2016-9378)

- A malicious guest administrator could get privilege of the host emulator

process on x86 HVM guests. (boo#1009109, CVE-2016-9381)

- A vulnerability in pygrub allowed a malicious guest administrator to

obtain the contents of sensitive host files, or even delete those files

(boo#1009111, CVE-2016-9379, CVE-2016-9380)

- A privileged guest user could cause an infinite loop in the RTL8139

ethernet emulation to consume CPU cycles on the host, causing a DoS

situation (boo#1007157, CVE-2016-8910)

- A privileged guest user could cause an infinite loop in the intel-hda

sound emulation to consume CPU cycles on the host, causing a DoS

situation (boo#1007160, CVE-2016-8909)

- A privileged guest user could cause a crash of the emulator process on

the host by exploiting a divide by zero vulnerability of the JAZZ RC4030

chipset emulation (boo#1005004 CVE-2016-8667)

- A privileged guest user could cause a crash of the emulator process on

the host by exploiting a divide by zero issue of the 16550A UART

emulation (boo#1005005, CVE-2016-8669)

- A privileged guest user could cause a memory leak in the USB EHCI

emulation, causing a DoS situation on the host (boo#1003870,

CVE-2016-7995)

- A privileged guest user could cause an infinite loop in the USB xHCI

emulation, causing a DoS situation on the host (boo#1004016,

CVE-2016-8576)

- A privileged guest user could cause an infinite loop in the ColdFire

Fash Ethernet Controller emulation, causing a DoS situation on the host

(boo#1003030, CVE-2016-7908)

- A privileged guest user could cause an infinite loop in the AMD PC-Net

II emulation, causing a DoS situation on the host (boo#1003032,

CVE-2016-7909)

- Cause a reload of clvm in the block-dmmd script to avoid a blocking

lvchange call (boo#1002496)

 

 

Patch Instructions:

 

To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

 

- openSUSE Leap 42.1:

 

zypper in -t patch openSUSE-2017-4=1

 

To bring your system up-to-date, use "zypper patch".

 

 

Package List:

 

- openSUSE Leap 42.1 (i586 x86_64):

 

xen-debugsource-4.5.5_06-18.1

xen-devel-4.5.5_06-18.1

xen-libs-4.5.5_06-18.1

xen-libs-debuginfo-4.5.5_06-18.1

xen-tools-domU-4.5.5_06-18.1

xen-tools-domU-debuginfo-4.5.5_06-18.1

 

- openSUSE Leap 42.1 (x86_64):

 

xen-4.5.5_06-18.1

xen-doc-html-4.5.5_06-18.1

xen-kmp-default-4.5.5_06_k4.1.36_41-18.1

xen-kmp-default-debuginfo-4.5.5_06_k4.1.36_41-18.1

xen-libs-32bit-4.5.5_06-18.1

xen-libs-debuginfo-32bit-4.5.5_06-18.1

xen-tools-4.5.5_06-18.1

xen-tools-debuginfo-4.5.5_06-18.1

 

 

References:

 

https://www.suse.com/security/cve/CVE-2016-10013.html

https://www.suse.com/security/cve/CVE-2016-10024.html

https://www.suse.com/security/cve/CVE-2016-7777.html

https://www.suse.com/security/cve/CVE-2016-7908.html

https://www.suse.com/security/cve/CVE-2016-7909.html

https://www.suse.com/security/cve/CVE-2016-7995.html

https://www.suse.com/security/cve/CVE-2016-8576.html

https://www.suse.com/security/cve/CVE-2016-8667.html

https://www.suse.com/security/cve/CVE-2016-8669.html

https://www.suse.com/security/cve/CVE-2016-8909.html

https://www.suse.com/security/cve/CVE-2016-8910.html

https://www.suse.com/security/cve/CVE-2016-9101.html

https://www.suse.com/security/cve/CVE-2016-9377.html

https://www.suse.com/security/cve/CVE-2016-9378.html

https://www.suse.com/security/cve/CVE-2016-9379.html

https://www.suse.com/security/cve/CVE-2016-9380.html

https://www.suse.com/security/cve/CVE-2016-9381.html

https://www.suse.com/security/cve/CVE-2016-9382.html

https://www.suse.com/security/cve/CVE-2016-9383.html

https://www.suse.com/security/cve/CVE-2016-9385.html

https://www.suse.com/security/cve/CVE-2016-9386.html

https://www.suse.com/security/cve/CVE-2016-9637.html

https://www.suse.com/security/cve/CVE-2016-9776.html

https://www.suse.com/security/cve/CVE-2016-9932.html

https://bugzilla.suse.com/1000106

https://bugzilla.suse.com/1002496

https://bugzilla.suse.com/1003030

https://bugzilla.suse.com/1003032

https://bugzilla.suse.com/1003870

https://bugzilla.suse.com/1004016

https://bugzilla.suse.com/1005004

https://bugzilla.suse.com/1005005

https://bugzilla.suse.com/1007157

https://bugzilla.suse.com/1007160

https://bugzilla.suse.com/1009100

https://bugzilla.suse.com/1009103

https://bugzilla.suse.com/1009104

https://bugzilla.suse.com/1009107

https://bugzilla.suse.com/1009108

https://bugzilla.suse.com/1009109

https://bugzilla.suse.com/1009111

https://bugzilla.suse.com/1011652

https://bugzilla.suse.com/1012651

https://bugzilla.suse.com/1013657

https://bugzilla.suse.com/1013668

https://bugzilla.suse.com/1014298

https://bugzilla.suse.com/1016340

 

--

To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org

For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org

 

 

 

Share this post

Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  
Followers 0
Go To Topic Listing Upcoming News
×