Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2016.2401 SUSE Security Update: Security update for xen 13 October 2016 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: xen Publisher: SUSE Operating System: SUSE Impact/Access: Execute Arbitrary Code/Commands -- Existing Account Increased Privileges -- Existing Account Denial of Service -- Existing Account Access Confidential Data -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2016-7154 CVE-2016-7094 CVE-2016-7093 CVE-2016-7092 CVE-2016-6888 CVE-2016-6836 CVE-2016-6835 CVE-2016-6834 CVE-2016-6833 CVE-2016-6258 Reference: ESB-2016.2353 ESB-2016.2117 ESB-2016.2001 - --------------------------BEGIN INCLUDED TEXT-------------------- SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2507-1 Rating: important References: #966467 #970135 #971949 #988675 #990970 #991934 #992224 #993507 #994136 #994421 #994625 #994761 #994772 #994775 #995785 #995789 #995792 #997731 Cross-References: CVE-2016-6258 CVE-2016-6833 CVE-2016-6834 CVE-2016-6835 CVE-2016-6836 CVE-2016-6888 CVE-2016-7092 CVE-2016-7093 CVE-2016-7094 CVE-2016-7154 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves 10 vulnerabilities and has 8 fixes is now available. Description: This update for xen fixes several issues. These security issues were fixed: - CVE-2016-7092: The get_page_from_l3e function in arch/x86/mm.c in Xen allowed local 32-bit PV guest OS administrators to gain host OS privileges via vectors related to L3 recursive pagetables (bsc#995785) - CVE-2016-7093: Xen allowed local HVM guest OS administrators to overwrite hypervisor memory and consequently gain host OS privileges by leveraging mishandling of instruction pointer truncation during emulation (bsc#995789) - CVE-2016-7094: Buffer overflow in Xen allowed local x86 HVM guest OS administrators on guests running with shadow paging to cause a denial of service via a pagetable update (bsc#995792) - CVE-2016-7154: Use-after-free vulnerability in the FIFO event channel code in Xen allowed local guest OS administrators to cause a denial of service (host crash) and possibly execute arbitrary code or obtain sensitive information via an invalid guest frame number (bsc#997731) - CVE-2016-6836: VMWARE VMXNET3 NIC device allowed privileged user inside the guest to leak information. It occured while processing transmit(tx) queue, when it reaches the end of packet (bsc#994761) - CVE-2016-6888: A integer overflow int the VMWARE VMXNET3 NIC device support, during the initialisation of new packets in the device, could have allowed a privileged user inside guest to crash the Qemu instance resulting in DoS (bsc#994772) - CVE-2016-6833: A use-after-free issue in the VMWARE VMXNET3 NIC device support allowed privileged user inside guest to crash the Qemu instance resulting in DoS (bsc#994775) - CVE-2016-6835: Buffer overflow in the VMWARE VMXNET3 NIC device support, causing an OOB read access (bsc#994625) - CVE-2016-6834: A infinite loop during packet fragmentation in the VMWARE VMXNET3 NIC device support allowed privileged user inside guest to crash the Qemu instance resulting in DoS (bsc#994421) - CVE-2016-6258: The PV pagetable code in arch/x86/mm.c in Xen allowed local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries (bsc#988675) These non-security issues were fixed: - bsc#993507: virsh detach-disk failing to detach disk - bsc#991934: Xen hypervisor crash in csched_acct - bsc#992224: During boot of Xen Hypervisor, Failed to get contiguous memory for DMA - bsc#970135: New virtualization project clock test randomly fails on Xen - bsc#994136: Unplug also SCSI disks in qemu-xen-traditional for upstream unplug protocol - bsc#994136: xen_platform: unplug also SCSI disks in qemu-xen - bsc#971949: xl: Support (by ignoring) xl migrate --live. xl migrations are always live - bsc#990970: Add PMU support for Intel E7-8867 v4 (fam=6, model=79) - bsc#966467: Live Migration SLES 11 SP3 to SP4 on AMD Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-xen-12782=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-xen-12782=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-xen-12782=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): xen-devel-4.4.4_08-40.2 - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64): xen-kmp-default-4.4.4_08_3.0.101_80-40.2 xen-libs-4.4.4_08-40.2 xen-tools-domU-4.4.4_08-40.2 - SUSE Linux Enterprise Server 11-SP4 (x86_64): xen-4.4.4_08-40.2 xen-doc-html-4.4.4_08-40.2 xen-libs-32bit-4.4.4_08-40.2 xen-tools-4.4.4_08-40.2 - SUSE Linux Enterprise Server 11-SP4 (i586): xen-kmp-pae-4.4.4_08_3.0.101_80-40.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): xen-debuginfo-4.4.4_08-40.2 xen-debugsource-4.4.4_08-40.2 References: https://www.suse.com/security/cve/CVE-2016-6258.html https://www.suse.com/security/cve/CVE-2016-6833.html https://www.suse.com/security/cve/CVE-2016-6834.html https://www.suse.com/security/cve/CVE-2016-6835.html https://www.suse.com/security/cve/CVE-2016-6836.html https://www.suse.com/security/cve/CVE-2016-6888.html https://www.suse.com/security/cve/CVE-2016-7092.html https://www.suse.com/security/cve/CVE-2016-7093.html https://www.suse.com/security/cve/CVE-2016-7094.html https://www.suse.com/security/cve/CVE-2016-7154.html https://bugzilla.suse.com/966467 https://bugzilla.suse.com/970135 https://bugzilla.suse.com/971949 https://bugzilla.suse.com/988675 https://bugzilla.suse.com/990970 https://bugzilla.suse.com/991934 https://bugzilla.suse.com/992224 https://bugzilla.suse.com/993507 https://bugzilla.suse.com/994136 https://bugzilla.suse.com/994421 https://bugzilla.suse.com/994625 https://bugzilla.suse.com/994761 https://bugzilla.suse.com/994772 https://bugzilla.suse.com/994775 https://bugzilla.suse.com/995785 https://bugzilla.suse.com/995789 https://bugzilla.suse.com/995792 https://bugzilla.suse.com/997731 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBV/8Gt4x+lLeg9Ub1AQhqBA//UynFwPeYMaYOV0GAHkF7Br2LTlrcJ+wC 9uSP/wabJyhXHfuJlD+0rcdwj85BTCaFXmOBVRWHuV1JT3+kl6QfwNLUh9yG1aAi LLhopjABP84Oy/oU3HGJojBd0iUmaYRyntF6ayhTa0R97/Z1NRt8x/ugreBthrkd Y+OVf02PxvTlE29UXzazDawuvuV+ZnPRuWWpP2X8CJYVOQEYvP5uJCk0XRXARDAA JNKdVwRZN5LNTHNqX+aVRw+Xg1VoGKq/LSKZ1yQWjWp02mStggCGOAFjjFsfIPjT MN6T39DdWO3u2HPfwJ7WkrrCjAWkD1FreRuZ0idMlXVNg0GntGBQiT94g6ROvVmh A1rFnGR92uS0IpjfEC50CrroI0nwrIzAM5TBiLl4hp3nUbueDt/BAbttMEmiZqvn nmLk+Fjbnp+jMcIozbTWThS85uRoGiQpmXOcsPjf7Ze4lftnibUu3VA1UloniybK kqtwr7OwB0S2tMjZsEl8wnxJGZhgzDPM6r1Npdsp4N9xzxH1qt2S2kgoEM4gzuEw PoDvBW8a6wbgu+Io6u9nbgX1QJHeA8imow5HYrHQaKf4v+G+V6TE4zIVNtRAk8Ho ibPTyXHy5ekpkleSBl6Tp3ugegKUDrBViJEjm6By/SSdmNtAaVpwiC04YDsGKzEf PXuqPl6Gi0o= =7uKF -----END PGP SIGNATURE-----