Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2016.2401
SUSE Security Update: Security update for xen
13 October 2016
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: xen
Publisher: SUSE
Operating System: SUSE
Impact/Access: Execute Arbitrary Code/Commands -- Existing Account
Increased Privileges -- Existing Account
Denial of Service -- Existing Account
Access Confidential Data -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2016-7154 CVE-2016-7094 CVE-2016-7093
CVE-2016-7092 CVE-2016-6888 CVE-2016-6836
CVE-2016-6835 CVE-2016-6834 CVE-2016-6833
CVE-2016-6258
Reference: ESB-2016.2353
ESB-2016.2117
ESB-2016.2001
- --------------------------BEGIN INCLUDED TEXT--------------------
SUSE Security Update: Security update for xen
______________________________________________________________________________
Announcement ID: SUSE-SU-2016:2507-1
Rating: important
References: #966467 #970135 #971949 #988675 #990970 #991934
#992224 #993507 #994136 #994421 #994625 #994761
#994772 #994775 #995785 #995789 #995792 #997731
Cross-References: CVE-2016-6258 CVE-2016-6833 CVE-2016-6834
CVE-2016-6835 CVE-2016-6836 CVE-2016-6888
CVE-2016-7092 CVE-2016-7093 CVE-2016-7094
CVE-2016-7154
Affected Products:
SUSE Linux Enterprise Software Development Kit 11-SP4
SUSE Linux Enterprise Server 11-SP4
SUSE Linux Enterprise Debuginfo 11-SP4
______________________________________________________________________________
An update that solves 10 vulnerabilities and has 8 fixes is
now available.
Description:
This update for xen fixes several issues.
These security issues were fixed:
- CVE-2016-7092: The get_page_from_l3e function in arch/x86/mm.c in Xen
allowed local 32-bit PV guest OS administrators to gain host OS
privileges via vectors related to L3 recursive pagetables (bsc#995785)
- CVE-2016-7093: Xen allowed local HVM guest OS administrators to
overwrite hypervisor memory and consequently gain host OS privileges by
leveraging mishandling of instruction pointer truncation during
emulation (bsc#995789)
- CVE-2016-7094: Buffer overflow in Xen allowed local x86 HVM guest OS
administrators on guests running with shadow paging to cause a denial of
service via a pagetable update (bsc#995792)
- CVE-2016-7154: Use-after-free vulnerability in the FIFO event channel
code in Xen allowed local guest OS administrators to cause a denial of
service (host crash) and possibly execute arbitrary code or obtain
sensitive information via an invalid guest frame number (bsc#997731)
- CVE-2016-6836: VMWARE VMXNET3 NIC device allowed privileged user inside
the guest to leak information. It occured while processing transmit(tx)
queue, when it reaches the end of packet (bsc#994761)
- CVE-2016-6888: A integer overflow int the VMWARE VMXNET3 NIC device
support, during the initialisation of new packets in the device, could
have allowed a privileged user inside guest to crash the Qemu instance
resulting in DoS (bsc#994772)
- CVE-2016-6833: A use-after-free issue in the VMWARE VMXNET3 NIC device
support allowed privileged user inside guest to crash the Qemu instance
resulting in DoS (bsc#994775)
- CVE-2016-6835: Buffer overflow in the VMWARE VMXNET3 NIC device support,
causing an OOB read access (bsc#994625)
- CVE-2016-6834: A infinite loop during packet fragmentation in the VMWARE
VMXNET3 NIC device support allowed privileged user inside guest to crash
the Qemu instance resulting in DoS (bsc#994421)
- CVE-2016-6258: The PV pagetable code in arch/x86/mm.c in Xen allowed
local 32-bit PV guest OS administrators to gain host OS privileges by
leveraging fast-paths for updating pagetable entries (bsc#988675)
These non-security issues were fixed:
- bsc#993507: virsh detach-disk failing to detach disk
- bsc#991934: Xen hypervisor crash in csched_acct
- bsc#992224: During boot of Xen Hypervisor, Failed to get contiguous
memory for DMA
- bsc#970135: New virtualization project clock test randomly fails on Xen
- bsc#994136: Unplug also SCSI disks in qemu-xen-traditional for upstream
unplug protocol
- bsc#994136: xen_platform: unplug also SCSI disks in qemu-xen
- bsc#971949: xl: Support (by ignoring) xl migrate --live. xl migrations
are always live
- bsc#990970: Add PMU support for Intel E7-8867 v4 (fam=6, model=79)
- bsc#966467: Live Migration SLES 11 SP3 to SP4 on AMD
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 11-SP4:
zypper in -t patch sdksp4-xen-12782=1
- SUSE Linux Enterprise Server 11-SP4:
zypper in -t patch slessp4-xen-12782=1
- SUSE Linux Enterprise Debuginfo 11-SP4:
zypper in -t patch dbgsp4-xen-12782=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64):
xen-devel-4.4.4_08-40.2
- SUSE Linux Enterprise Server 11-SP4 (i586 x86_64):
xen-kmp-default-4.4.4_08_3.0.101_80-40.2
xen-libs-4.4.4_08-40.2
xen-tools-domU-4.4.4_08-40.2
- SUSE Linux Enterprise Server 11-SP4 (x86_64):
xen-4.4.4_08-40.2
xen-doc-html-4.4.4_08-40.2
xen-libs-32bit-4.4.4_08-40.2
xen-tools-4.4.4_08-40.2
- SUSE Linux Enterprise Server 11-SP4 (i586):
xen-kmp-pae-4.4.4_08_3.0.101_80-40.2
- SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64):
xen-debuginfo-4.4.4_08-40.2
xen-debugsource-4.4.4_08-40.2
References:
https://www.suse.com/security/cve/CVE-2016-6258.html
https://www.suse.com/security/cve/CVE-2016-6833.html
https://www.suse.com/security/cve/CVE-2016-6834.html
https://www.suse.com/security/cve/CVE-2016-6835.html
https://www.suse.com/security/cve/CVE-2016-6836.html
https://www.suse.com/security/cve/CVE-2016-6888.html
https://www.suse.com/security/cve/CVE-2016-7092.html
https://www.suse.com/security/cve/CVE-2016-7093.html
https://www.suse.com/security/cve/CVE-2016-7094.html
https://www.suse.com/security/cve/CVE-2016-7154.html
https://bugzilla.suse.com/966467
https://bugzilla.suse.com/970135
https://bugzilla.suse.com/971949
https://bugzilla.suse.com/988675
https://bugzilla.suse.com/990970
https://bugzilla.suse.com/991934
https://bugzilla.suse.com/992224
https://bugzilla.suse.com/993507
https://bugzilla.suse.com/994136
https://bugzilla.suse.com/994421
https://bugzilla.suse.com/994625
https://bugzilla.suse.com/994761
https://bugzilla.suse.com/994772
https://bugzilla.suse.com/994775
https://bugzilla.suse.com/995785
https://bugzilla.suse.com/995789
https://bugzilla.suse.com/995792
https://bugzilla.suse.com/997731
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBV/8Gt4x+lLeg9Ub1AQhqBA//UynFwPeYMaYOV0GAHkF7Br2LTlrcJ+wC
9uSP/wabJyhXHfuJlD+0rcdwj85BTCaFXmOBVRWHuV1JT3+kl6QfwNLUh9yG1aAi
LLhopjABP84Oy/oU3HGJojBd0iUmaYRyntF6ayhTa0R97/Z1NRt8x/ugreBthrkd
Y+OVf02PxvTlE29UXzazDawuvuV+ZnPRuWWpP2X8CJYVOQEYvP5uJCk0XRXARDAA
JNKdVwRZN5LNTHNqX+aVRw+Xg1VoGKq/LSKZ1yQWjWp02mStggCGOAFjjFsfIPjT
MN6T39DdWO3u2HPfwJ7WkrrCjAWkD1FreRuZ0idMlXVNg0GntGBQiT94g6ROvVmh
A1rFnGR92uS0IpjfEC50CrroI0nwrIzAM5TBiLl4hp3nUbueDt/BAbttMEmiZqvn
nmLk+Fjbnp+jMcIozbTWThS85uRoGiQpmXOcsPjf7Ze4lftnibUu3VA1UloniybK
kqtwr7OwB0S2tMjZsEl8wnxJGZhgzDPM6r1Npdsp4N9xzxH1qt2S2kgoEM4gzuEw
PoDvBW8a6wbgu+Io6u9nbgX1QJHeA8imow5HYrHQaKf4v+G+V6TE4zIVNtRAk8Ho
ibPTyXHy5ekpkleSBl6Tp3ugegKUDrBViJEjm6By/SSdmNtAaVpwiC04YDsGKzEf
PXuqPl6Gi0o=
=7uKF
-----END PGP SIGNATURE-----