Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2016.2353 SUSE Security Update: Security update for xen 10 October 2016 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: xen Publisher: SUSE Operating System: SUSE Impact/Access: Execute Arbitrary Code/Commands -- Existing Account Increased Privileges -- Existing Account Denial of Service -- Existing Account Access Confidential Data -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2016-7094 CVE-2016-7093 CVE-2016-7092 CVE-2016-6888 CVE-2016-6836 CVE-2016-6835 CVE-2016-6834 CVE-2016-6833 CVE-2016-6259 CVE-2016-6258 Reference: ESB-2016.2117 ESB-2016.2001 - --------------------------BEGIN INCLUDED TEXT-------------------- SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2473-1 Rating: important References: #953518 #955104 #959330 #959552 #970135 #971949 #988675 #988676 #990500 #990970 #991934 #992224 #993665 #994421 #994625 #994761 #994772 #994775 #995785 #995789 #995792 Cross-References: CVE-2016-6258 CVE-2016-6259 CVE-2016-6833 CVE-2016-6834 CVE-2016-6835 CVE-2016-6836 CVE-2016-6888 CVE-2016-7092 CVE-2016-7093 CVE-2016-7094 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that solves 10 vulnerabilities and has 11 fixes is now available. Description: This update for xen fixes several issues. These security issues were fixed: - CVE-2016-7092: The get_page_from_l3e function in arch/x86/mm.c in Xen allowed local 32-bit PV guest OS administrators to gain host OS privileges via vectors related to L3 recursive pagetables (bsc#995785). - CVE-2016-7093: Xen allowed local HVM guest OS administrators to overwrite hypervisor memory and consequently gain host OS privileges by leveraging mishandling of instruction pointer truncation during emulation (bsc#995789). - CVE-2016-7094: Buffer overflow in Xen allowed local x86 HVM guest OS administrators on guests running with shadow paging to cause a denial of service via a pagetable update (bsc#995792). - CVE-2016-6836: Information leakage in vmxnet3_complete_packet (bsc#994761). - CVE-2016-6888: Integer overflow in packet initialisation in VMXNET3 device driver. Aprivileged user inside guest c... (bsc#994772). - CVE-2016-6833: Use after free while writing (bsc#994775). - CVE-2016-6835: Buffer overflow in vmxnet_tx_pkt_parse_headers() in vmxnet3 deviceemulation. (bsc#994625). - CVE-2016-6834: An infinite loop during packet fragmentation (bsc#994421). - CVE-2016-6258: The PV pagetable code in arch/x86/mm.c in Xen allowed local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries (bsc#988675). - CVE-2016-6259: Xen did not implement Supervisor Mode Access Prevention (SMAP) whitelisting in 32-bit exception and event delivery, which allowed local 32-bit PV guest OS kernels to cause a denial of service (hypervisor and VM crash) by triggering a safety check (bsc#988676). These non-security issues were fixed: - bsc#991934: Hypervisor crash in csched_acct - bsc#992224: During boot of Xen Hypervisor, failed to get contiguous memory for DMA - bsc#955104: Virsh reports error "one or more references were leaked after disconnect from hypervisor" when "virsh save" failed due to "no response from client after 6 keepalive messages" - bsc#959552: Migration of HVM guest leads into libvirt segmentation fault - bsc#993665: Migration of xen guests finishes in: One or more references were leaked after disconnect from the hypervisor - bsc#959330: Guest migrations using virsh results in error "Internal error: received hangup / error event on socket" - bsc#990500: VM virsh migration fails with keepalive error: ":virKeepAliveTimerInternal:143 : No response from client" - bsc#953518: Unplug also SCSI disks in qemu-xen-traditional for upstream unplug protocol - bsc#953518: xen_platform: unplug also SCSI disks in qemu-xen - bsc#971949: xl: Support (by ignoring) xl migrate --live. xl migrations are always live - bsc#970135: New virtualization project clock test randomly fails on Xen - bsc#990970: Add PMU support for Intel E7-8867 v4 (fam=6, model=79) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1444=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1444=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1444=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (x86_64): xen-debugsource-4.5.3_10-20.1 xen-devel-4.5.3_10-20.1 - SUSE Linux Enterprise Server 12-SP1 (x86_64): xen-4.5.3_10-20.1 xen-debugsource-4.5.3_10-20.1 xen-doc-html-4.5.3_10-20.1 xen-kmp-default-4.5.3_10_k3.12.62_60.62-20.1 xen-kmp-default-debuginfo-4.5.3_10_k3.12.62_60.62-20.1 xen-libs-32bit-4.5.3_10-20.1 xen-libs-4.5.3_10-20.1 xen-libs-debuginfo-32bit-4.5.3_10-20.1 xen-libs-debuginfo-4.5.3_10-20.1 xen-tools-4.5.3_10-20.1 xen-tools-debuginfo-4.5.3_10-20.1 xen-tools-domU-4.5.3_10-20.1 xen-tools-domU-debuginfo-4.5.3_10-20.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): xen-4.5.3_10-20.1 xen-debugsource-4.5.3_10-20.1 xen-kmp-default-4.5.3_10_k3.12.62_60.62-20.1 xen-kmp-default-debuginfo-4.5.3_10_k3.12.62_60.62-20.1 xen-libs-32bit-4.5.3_10-20.1 xen-libs-4.5.3_10-20.1 xen-libs-debuginfo-32bit-4.5.3_10-20.1 xen-libs-debuginfo-4.5.3_10-20.1 References: https://www.suse.com/security/cve/CVE-2016-6258.html https://www.suse.com/security/cve/CVE-2016-6259.html https://www.suse.com/security/cve/CVE-2016-6833.html https://www.suse.com/security/cve/CVE-2016-6834.html https://www.suse.com/security/cve/CVE-2016-6835.html https://www.suse.com/security/cve/CVE-2016-6836.html https://www.suse.com/security/cve/CVE-2016-6888.html https://www.suse.com/security/cve/CVE-2016-7092.html https://www.suse.com/security/cve/CVE-2016-7093.html https://www.suse.com/security/cve/CVE-2016-7094.html https://bugzilla.suse.com/953518 https://bugzilla.suse.com/955104 https://bugzilla.suse.com/959330 https://bugzilla.suse.com/959552 https://bugzilla.suse.com/970135 https://bugzilla.suse.com/971949 https://bugzilla.suse.com/988675 https://bugzilla.suse.com/988676 https://bugzilla.suse.com/990500 https://bugzilla.suse.com/990970 https://bugzilla.suse.com/991934 https://bugzilla.suse.com/992224 https://bugzilla.suse.com/993665 https://bugzilla.suse.com/994421 https://bugzilla.suse.com/994625 https://bugzilla.suse.com/994761 https://bugzilla.suse.com/994772 https://bugzilla.suse.com/994775 https://bugzilla.suse.com/995785 https://bugzilla.suse.com/995789 https://bugzilla.suse.com/995792 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBV/sStox+lLeg9Ub1AQh23RAAhPZfQUjc8B2y2T1Nxa5Y4H0JrfBuBQ2K XjewPc8l+zm6SfLt6WuejPnVXhbiuKENX9x/uuiQ2OrXhMEcHEG+YtWTq0evy5fP 8Vs0Iw55jzEBSZsQ7lZGlFeNiqo8pQ8il+kBLA+oD7dwe0mrYgh11r7jh2ODMzYS J4wUjjouKDKb4cBMwjgHm8bI24zSuuogkqUJ2D5t5yE6QEaTpsNwFm8/nXH80T8v 9HGIRlMkRfy8/X4xn48mA/2lRYnEc7CBNWGsF4kYc6GnMjoUKBz7tQUJejNamhC9 IKwgyG0+u293R+0octcBycLynCeZGEA+IMHs+yHbwkGPHDdAwrzFs9TjziIOSDT3 /NRXDvYymy2ViMVzjEjl7uIq7HmpLEbB3Z8VHFQ4t9RmuJ2EEN9pcfhj0hEoFi9L n+D1eS4CVS5qZMDOlyqjIjFVrBxpQg+xgqjIZNpeOWkeow8HBgXoZtr16ukNRf1S EncR4rHmMb1oDwBNCQPs2xUbYIgBayscdkXvJ0Pav0Mr+X3EagFz4WuWY7OIWNgO zs+W6lj1iaAc+PNBDnXgTiHxQPPJT2qSERfbJBMP3LAEigpasHR6Q8d9a7uZvVhp QSWHvGP5oFOJ8Zm3jBqkREsvwxJnbbO4a8euwQD91Uz4URxpkfVWQXV9P2BtFF5f qIKHOwGKxFc= =veny -----END PGP SIGNATURE-----