Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2016.2353
SUSE Security Update: Security update for xen
10 October 2016
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: xen
Publisher: SUSE
Operating System: SUSE
Impact/Access: Execute Arbitrary Code/Commands -- Existing Account
Increased Privileges -- Existing Account
Denial of Service -- Existing Account
Access Confidential Data -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2016-7094 CVE-2016-7093 CVE-2016-7092
CVE-2016-6888 CVE-2016-6836 CVE-2016-6835
CVE-2016-6834 CVE-2016-6833 CVE-2016-6259
CVE-2016-6258
Reference: ESB-2016.2117
ESB-2016.2001
- --------------------------BEGIN INCLUDED TEXT--------------------
SUSE Security Update: Security update for xen
______________________________________________________________________________
Announcement ID: SUSE-SU-2016:2473-1
Rating: important
References: #953518 #955104 #959330 #959552 #970135 #971949
#988675 #988676 #990500 #990970 #991934 #992224
#993665 #994421 #994625 #994761 #994772 #994775
#995785 #995789 #995792
Cross-References: CVE-2016-6258 CVE-2016-6259 CVE-2016-6833
CVE-2016-6834 CVE-2016-6835 CVE-2016-6836
CVE-2016-6888 CVE-2016-7092 CVE-2016-7093
CVE-2016-7094
Affected Products:
SUSE Linux Enterprise Software Development Kit 12-SP1
SUSE Linux Enterprise Server 12-SP1
SUSE Linux Enterprise Desktop 12-SP1
______________________________________________________________________________
An update that solves 10 vulnerabilities and has 11 fixes
is now available.
Description:
This update for xen fixes several issues.
These security issues were fixed:
- CVE-2016-7092: The get_page_from_l3e function in arch/x86/mm.c in Xen
allowed local 32-bit PV guest OS administrators to gain host OS
privileges via vectors related to L3 recursive pagetables (bsc#995785).
- CVE-2016-7093: Xen allowed local HVM guest OS administrators to
overwrite hypervisor memory and consequently gain host OS privileges by
leveraging mishandling of instruction pointer truncation during
emulation (bsc#995789).
- CVE-2016-7094: Buffer overflow in Xen allowed local x86 HVM guest OS
administrators on guests running with shadow paging to cause a denial of
service via a pagetable update (bsc#995792).
- CVE-2016-6836: Information leakage in vmxnet3_complete_packet
(bsc#994761).
- CVE-2016-6888: Integer overflow in packet initialisation in VMXNET3
device driver. Aprivileged user inside guest c... (bsc#994772).
- CVE-2016-6833: Use after free while writing (bsc#994775).
- CVE-2016-6835: Buffer overflow in vmxnet_tx_pkt_parse_headers() in
vmxnet3 deviceemulation. (bsc#994625).
- CVE-2016-6834: An infinite loop during packet fragmentation (bsc#994421).
- CVE-2016-6258: The PV pagetable code in arch/x86/mm.c in Xen allowed
local 32-bit PV guest OS administrators to gain host OS privileges by
leveraging fast-paths for updating pagetable entries (bsc#988675).
- CVE-2016-6259: Xen did not implement Supervisor Mode Access Prevention
(SMAP) whitelisting in 32-bit exception and event delivery, which
allowed local 32-bit PV guest OS kernels to cause a denial of service
(hypervisor and VM crash) by triggering a safety check (bsc#988676).
These non-security issues were fixed:
- bsc#991934: Hypervisor crash in csched_acct
- bsc#992224: During boot of Xen Hypervisor, failed to get contiguous
memory for DMA
- bsc#955104: Virsh reports error "one or more references were leaked
after disconnect from hypervisor" when "virsh save" failed due to "no
response from client after 6 keepalive messages"
- bsc#959552: Migration of HVM guest leads into libvirt segmentation fault
- bsc#993665: Migration of xen guests finishes in: One or more references
were leaked after disconnect from the hypervisor
- bsc#959330: Guest migrations using virsh results in error "Internal
error: received hangup / error event on socket"
- bsc#990500: VM virsh migration fails with keepalive error:
":virKeepAliveTimerInternal:143 : No response from client"
- bsc#953518: Unplug also SCSI disks in qemu-xen-traditional for upstream
unplug protocol
- bsc#953518: xen_platform: unplug also SCSI disks in qemu-xen
- bsc#971949: xl: Support (by ignoring) xl migrate --live. xl migrations
are always live
- bsc#970135: New virtualization project clock test randomly fails on Xen
- bsc#990970: Add PMU support for Intel E7-8867 v4 (fam=6, model=79)
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 12-SP1:
zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1444=1
- SUSE Linux Enterprise Server 12-SP1:
zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1444=1
- SUSE Linux Enterprise Desktop 12-SP1:
zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1444=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Software Development Kit 12-SP1 (x86_64):
xen-debugsource-4.5.3_10-20.1
xen-devel-4.5.3_10-20.1
- SUSE Linux Enterprise Server 12-SP1 (x86_64):
xen-4.5.3_10-20.1
xen-debugsource-4.5.3_10-20.1
xen-doc-html-4.5.3_10-20.1
xen-kmp-default-4.5.3_10_k3.12.62_60.62-20.1
xen-kmp-default-debuginfo-4.5.3_10_k3.12.62_60.62-20.1
xen-libs-32bit-4.5.3_10-20.1
xen-libs-4.5.3_10-20.1
xen-libs-debuginfo-32bit-4.5.3_10-20.1
xen-libs-debuginfo-4.5.3_10-20.1
xen-tools-4.5.3_10-20.1
xen-tools-debuginfo-4.5.3_10-20.1
xen-tools-domU-4.5.3_10-20.1
xen-tools-domU-debuginfo-4.5.3_10-20.1
- SUSE Linux Enterprise Desktop 12-SP1 (x86_64):
xen-4.5.3_10-20.1
xen-debugsource-4.5.3_10-20.1
xen-kmp-default-4.5.3_10_k3.12.62_60.62-20.1
xen-kmp-default-debuginfo-4.5.3_10_k3.12.62_60.62-20.1
xen-libs-32bit-4.5.3_10-20.1
xen-libs-4.5.3_10-20.1
xen-libs-debuginfo-32bit-4.5.3_10-20.1
xen-libs-debuginfo-4.5.3_10-20.1
References:
https://www.suse.com/security/cve/CVE-2016-6258.html
https://www.suse.com/security/cve/CVE-2016-6259.html
https://www.suse.com/security/cve/CVE-2016-6833.html
https://www.suse.com/security/cve/CVE-2016-6834.html
https://www.suse.com/security/cve/CVE-2016-6835.html
https://www.suse.com/security/cve/CVE-2016-6836.html
https://www.suse.com/security/cve/CVE-2016-6888.html
https://www.suse.com/security/cve/CVE-2016-7092.html
https://www.suse.com/security/cve/CVE-2016-7093.html
https://www.suse.com/security/cve/CVE-2016-7094.html
https://bugzilla.suse.com/953518
https://bugzilla.suse.com/955104
https://bugzilla.suse.com/959330
https://bugzilla.suse.com/959552
https://bugzilla.suse.com/970135
https://bugzilla.suse.com/971949
https://bugzilla.suse.com/988675
https://bugzilla.suse.com/988676
https://bugzilla.suse.com/990500
https://bugzilla.suse.com/990970
https://bugzilla.suse.com/991934
https://bugzilla.suse.com/992224
https://bugzilla.suse.com/993665
https://bugzilla.suse.com/994421
https://bugzilla.suse.com/994625
https://bugzilla.suse.com/994761
https://bugzilla.suse.com/994772
https://bugzilla.suse.com/994775
https://bugzilla.suse.com/995785
https://bugzilla.suse.com/995789
https://bugzilla.suse.com/995792
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBV/sStox+lLeg9Ub1AQh23RAAhPZfQUjc8B2y2T1Nxa5Y4H0JrfBuBQ2K
XjewPc8l+zm6SfLt6WuejPnVXhbiuKENX9x/uuiQ2OrXhMEcHEG+YtWTq0evy5fP
8Vs0Iw55jzEBSZsQ7lZGlFeNiqo8pQ8il+kBLA+oD7dwe0mrYgh11r7jh2ODMzYS
J4wUjjouKDKb4cBMwjgHm8bI24zSuuogkqUJ2D5t5yE6QEaTpsNwFm8/nXH80T8v
9HGIRlMkRfy8/X4xn48mA/2lRYnEc7CBNWGsF4kYc6GnMjoUKBz7tQUJejNamhC9
IKwgyG0+u293R+0octcBycLynCeZGEA+IMHs+yHbwkGPHDdAwrzFs9TjziIOSDT3
/NRXDvYymy2ViMVzjEjl7uIq7HmpLEbB3Z8VHFQ4t9RmuJ2EEN9pcfhj0hEoFi9L
n+D1eS4CVS5qZMDOlyqjIjFVrBxpQg+xgqjIZNpeOWkeow8HBgXoZtr16ukNRf1S
EncR4rHmMb1oDwBNCQPs2xUbYIgBayscdkXvJ0Pav0Mr+X3EagFz4WuWY7OIWNgO
zs+W6lj1iaAc+PNBDnXgTiHxQPPJT2qSERfbJBMP3LAEigpasHR6Q8d9a7uZvVhp
QSWHvGP5oFOJ8Zm3jBqkREsvwxJnbbO4a8euwQD91Uz4URxpkfVWQXV9P2BtFF5f
qIKHOwGKxFc=
=veny
-----END PGP SIGNATURE-----