Security update for Xen SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2015:1157-1 Final 1 1 2015-06-05T12:47:22Z current 2015-06-05T12:47:22Z 2015-06-05T12:47:22Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for Xen Xen was updated to fix six security issues: * CVE-2015-4103: Potential unintended writes to host MSI message data field via qemu. (XSA-128, bsc#931625) * CVE-2015-4104: PCI MSI mask bits inadvertently exposed to guests. (XSA-129, bsc#931626) * CVE-2015-4105: Guest triggerable qemu MSI-X pass-through error messages. (XSA-130, bsc#931627) * CVE-2015-4106: Unmediated PCI register access in qemu. (XSA-131, bsc#931628) * CVE-2015-3209: Heap overflow in qemu pcnet controller allowing guest to host escape. (XSA-135, bsc#932770) * CVE-2015-4164: DoS through iret hypercall handler. (XSA-136, bsc#932996) Security Issues: * CVE-2015-4103 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4103> * CVE-2015-4104 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4104> * CVE-2015-4105 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4105> * CVE-2015-4106 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4106> * CVE-2015-4163 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4163> * CVE-2015-4164 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4164> * CVE-2015-3209 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3209> The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). slessp2-xen-201506 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2015/suse-su-20151157-1/ Link for SUSE-SU-2015:1157-1 https://lists.opensuse.org/opensuse-security-announce/2015-06/msg00030.html E-Mail link for SUSE-SU-2015:1157-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/931625 SUSE Bug 931625 https://bugzilla.suse.com/931626 SUSE Bug 931626 https://bugzilla.suse.com/931627 SUSE Bug 931627 https://bugzilla.suse.com/931628 SUSE Bug 931628 https://bugzilla.suse.com/932770 SUSE Bug 932770 https://bugzilla.suse.com/932996 SUSE Bug 932996 https://www.suse.com/security/cve/CVE-2015-3209/ SUSE CVE CVE-2015-3209 page https://www.suse.com/security/cve/CVE-2015-4103/ SUSE CVE CVE-2015-4103 page https://www.suse.com/security/cve/CVE-2015-4104/ SUSE CVE CVE-2015-4104 page https://www.suse.com/security/cve/CVE-2015-4105/ SUSE CVE CVE-2015-4105 page https://www.suse.com/security/cve/CVE-2015-4106/ SUSE CVE CVE-2015-4106 page https://www.suse.com/security/cve/CVE-2015-4163/ SUSE CVE CVE-2015-4163 page https://www.suse.com/security/cve/CVE-2015-4164/ SUSE CVE CVE-2015-4164 page SUSE Linux Enterprise Server 11 SP2-LTSS xen-4.1.6_08-0.13.1 xen-devel-4.1.6_08-0.13.1 xen-doc-html-4.1.6_08-0.13.1 xen-doc-pdf-4.1.6_08-0.13.1 xen-kmp-default-4.1.6_08_3.0.101_0.7.29-0.13.1 xen-kmp-pae-4.1.6_08_3.0.101_0.7.29-0.13.1 xen-kmp-trace-4.1.6_08_3.0.101_0.7.29-0.13.1 xen-libs-4.1.6_08-0.13.1 xen-libs-32bit-4.1.6_08-0.13.1 xen-tools-4.1.6_08-0.13.1 xen-tools-domU-4.1.6_08-0.13.1 xen-4.1.6_08-0.13.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS xen-devel-4.1.6_08-0.13.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS xen-doc-html-4.1.6_08-0.13.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS xen-doc-pdf-4.1.6_08-0.13.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS xen-kmp-default-4.1.6_08_3.0.101_0.7.29-0.13.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS xen-kmp-pae-4.1.6_08_3.0.101_0.7.29-0.13.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS xen-kmp-trace-4.1.6_08_3.0.101_0.7.29-0.13.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS xen-libs-4.1.6_08-0.13.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS xen-libs-32bit-4.1.6_08-0.13.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS xen-tools-4.1.6_08-0.13.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS xen-tools-domU-4.1.6_08-0.13.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_DEVICEOWNS set. CVE-2015-3209 SUSE Linux Enterprise Server 11 SP2-LTSS:xen-4.1.6_08-0.13.1 SUSE Linux Enterprise Server 11 SP2-LTSS:xen-devel-4.1.6_08-0.13.1 SUSE Linux Enterprise Server 11 SP2-LTSS:xen-doc-html-4.1.6_08-0.13.1 SUSE Linux Enterprise Server 11 SP2-LTSS:xen-doc-pdf-4.1.6_08-0.13.1 SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-default-4.1.6_08_3.0.101_0.7.29-0.13.1 SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-pae-4.1.6_08_3.0.101_0.7.29-0.13.1 SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-trace-4.1.6_08_3.0.101_0.7.29-0.13.1 SUSE Linux Enterprise Server 11 SP2-LTSS:xen-libs-32bit-4.1.6_08-0.13.1 SUSE Linux Enterprise Server 11 SP2-LTSS:xen-libs-4.1.6_08-0.13.1 SUSE Linux Enterprise Server 11 SP2-LTSS:xen-tools-4.1.6_08-0.13.1 SUSE Linux Enterprise Server 11 SP2-LTSS:xen-tools-domU-4.1.6_08-0.13.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20151157-1/ https://www.suse.com/security/cve/CVE-2015-3209.html CVE-2015-3209 https://bugzilla.suse.com/932267 SUSE Bug 932267 https://bugzilla.suse.com/932770 SUSE Bug 932770 https://bugzilla.suse.com/932823 SUSE Bug 932823 Xen 3.3.x through 4.5.x does not properly restrict write access to the host MSI message data field, which allows local x86 HVM guest administrators to cause a denial of service (host interrupt handling confusion) via vectors related to qemu and accessing spanning multiple fields. CVE-2015-4103 SUSE Linux Enterprise Server 11 SP2-LTSS:xen-4.1.6_08-0.13.1 SUSE Linux Enterprise Server 11 SP2-LTSS:xen-devel-4.1.6_08-0.13.1 SUSE Linux Enterprise Server 11 SP2-LTSS:xen-doc-html-4.1.6_08-0.13.1 SUSE Linux Enterprise Server 11 SP2-LTSS:xen-doc-pdf-4.1.6_08-0.13.1 SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-default-4.1.6_08_3.0.101_0.7.29-0.13.1 SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-pae-4.1.6_08_3.0.101_0.7.29-0.13.1 SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-trace-4.1.6_08_3.0.101_0.7.29-0.13.1 SUSE Linux Enterprise Server 11 SP2-LTSS:xen-libs-32bit-4.1.6_08-0.13.1 SUSE Linux Enterprise Server 11 SP2-LTSS:xen-libs-4.1.6_08-0.13.1 SUSE Linux Enterprise Server 11 SP2-LTSS:xen-tools-4.1.6_08-0.13.1 SUSE Linux Enterprise Server 11 SP2-LTSS:xen-tools-domU-4.1.6_08-0.13.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20151157-1/ https://www.suse.com/security/cve/CVE-2015-4103.html CVE-2015-4103 https://bugzilla.suse.com/931625 SUSE Bug 931625 Xen 3.3.x through 4.5.x does not properly restrict access to PCI MSI mask bits, which allows local x86 HVM guest users to cause a denial of service (unexpected interrupt and host crash) via unspecified vectors. CVE-2015-4104 SUSE Linux Enterprise Server 11 SP2-LTSS:xen-4.1.6_08-0.13.1 SUSE Linux Enterprise Server 11 SP2-LTSS:xen-devel-4.1.6_08-0.13.1 SUSE Linux Enterprise Server 11 SP2-LTSS:xen-doc-html-4.1.6_08-0.13.1 SUSE Linux Enterprise Server 11 SP2-LTSS:xen-doc-pdf-4.1.6_08-0.13.1 SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-default-4.1.6_08_3.0.101_0.7.29-0.13.1 SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-pae-4.1.6_08_3.0.101_0.7.29-0.13.1 SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-trace-4.1.6_08_3.0.101_0.7.29-0.13.1 SUSE Linux Enterprise Server 11 SP2-LTSS:xen-libs-32bit-4.1.6_08-0.13.1 SUSE Linux Enterprise Server 11 SP2-LTSS:xen-libs-4.1.6_08-0.13.1 SUSE Linux Enterprise Server 11 SP2-LTSS:xen-tools-4.1.6_08-0.13.1 SUSE Linux Enterprise Server 11 SP2-LTSS:xen-tools-domU-4.1.6_08-0.13.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20151157-1/ https://www.suse.com/security/cve/CVE-2015-4104.html CVE-2015-4104 https://bugzilla.suse.com/931626 SUSE Bug 931626 Xen 3.3.x through 4.5.x enables logging for PCI MSI-X pass-through error messages, which allows local x86 HVM guests to cause a denial of service (host disk consumption) via certain invalid operations. CVE-2015-4105 SUSE Linux Enterprise Server 11 SP2-LTSS:xen-4.1.6_08-0.13.1 SUSE Linux Enterprise Server 11 SP2-LTSS:xen-devel-4.1.6_08-0.13.1 SUSE Linux Enterprise Server 11 SP2-LTSS:xen-doc-html-4.1.6_08-0.13.1 SUSE Linux Enterprise Server 11 SP2-LTSS:xen-doc-pdf-4.1.6_08-0.13.1 SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-default-4.1.6_08_3.0.101_0.7.29-0.13.1 SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-pae-4.1.6_08_3.0.101_0.7.29-0.13.1 SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-trace-4.1.6_08_3.0.101_0.7.29-0.13.1 SUSE Linux Enterprise Server 11 SP2-LTSS:xen-libs-32bit-4.1.6_08-0.13.1 SUSE Linux Enterprise Server 11 SP2-LTSS:xen-libs-4.1.6_08-0.13.1 SUSE Linux Enterprise Server 11 SP2-LTSS:xen-tools-4.1.6_08-0.13.1 SUSE Linux Enterprise Server 11 SP2-LTSS:xen-tools-domU-4.1.6_08-0.13.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20151157-1/ https://www.suse.com/security/cve/CVE-2015-4105.html CVE-2015-4105 https://bugzilla.suse.com/931627 SUSE Bug 931627 QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might allow local x86 HVM guests to gain privileges, cause a denial of service (host crash), obtain sensitive information, or possibly have other unspecified impact via unknown vectors. CVE-2015-4106 SUSE Linux Enterprise Server 11 SP2-LTSS:xen-4.1.6_08-0.13.1 SUSE Linux Enterprise Server 11 SP2-LTSS:xen-devel-4.1.6_08-0.13.1 SUSE Linux Enterprise Server 11 SP2-LTSS:xen-doc-html-4.1.6_08-0.13.1 SUSE Linux Enterprise Server 11 SP2-LTSS:xen-doc-pdf-4.1.6_08-0.13.1 SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-default-4.1.6_08_3.0.101_0.7.29-0.13.1 SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-pae-4.1.6_08_3.0.101_0.7.29-0.13.1 SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-trace-4.1.6_08_3.0.101_0.7.29-0.13.1 SUSE Linux Enterprise Server 11 SP2-LTSS:xen-libs-32bit-4.1.6_08-0.13.1 SUSE Linux Enterprise Server 11 SP2-LTSS:xen-libs-4.1.6_08-0.13.1 SUSE Linux Enterprise Server 11 SP2-LTSS:xen-tools-4.1.6_08-0.13.1 SUSE Linux Enterprise Server 11 SP2-LTSS:xen-tools-domU-4.1.6_08-0.13.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20151157-1/ https://www.suse.com/security/cve/CVE-2015-4106.html CVE-2015-4106 https://bugzilla.suse.com/931628 SUSE Bug 931628 GNTTABOP_swap_grant_ref in Xen 4.2 through 4.5 does not check the grant table operation version, which allows local guest domains to cause a denial of service (NULL pointer dereference) via a hypercall without a GNTTABOP_setup_table or GNTTABOP_set_version. CVE-2015-4163 SUSE Linux Enterprise Server 11 SP2-LTSS:xen-4.1.6_08-0.13.1 SUSE Linux Enterprise Server 11 SP2-LTSS:xen-devel-4.1.6_08-0.13.1 SUSE Linux Enterprise Server 11 SP2-LTSS:xen-doc-html-4.1.6_08-0.13.1 SUSE Linux Enterprise Server 11 SP2-LTSS:xen-doc-pdf-4.1.6_08-0.13.1 SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-default-4.1.6_08_3.0.101_0.7.29-0.13.1 SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-pae-4.1.6_08_3.0.101_0.7.29-0.13.1 SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-trace-4.1.6_08_3.0.101_0.7.29-0.13.1 SUSE Linux Enterprise Server 11 SP2-LTSS:xen-libs-32bit-4.1.6_08-0.13.1 SUSE Linux Enterprise Server 11 SP2-LTSS:xen-libs-4.1.6_08-0.13.1 SUSE Linux Enterprise Server 11 SP2-LTSS:xen-tools-4.1.6_08-0.13.1 SUSE Linux Enterprise Server 11 SP2-LTSS:xen-tools-domU-4.1.6_08-0.13.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20151157-1/ https://www.suse.com/security/cve/CVE-2015-4163.html CVE-2015-4163 https://bugzilla.suse.com/932790 SUSE Bug 932790 The compat_iret function in Xen 3.1 through 4.5 iterates the wrong way through a loop, which allows local 32-bit PV guest administrators to cause a denial of service (large loop and system hang) via a hypercall_iret call with EFLAGS.VM set. CVE-2015-4164 SUSE Linux Enterprise Server 11 SP2-LTSS:xen-4.1.6_08-0.13.1 SUSE Linux Enterprise Server 11 SP2-LTSS:xen-devel-4.1.6_08-0.13.1 SUSE Linux Enterprise Server 11 SP2-LTSS:xen-doc-html-4.1.6_08-0.13.1 SUSE Linux Enterprise Server 11 SP2-LTSS:xen-doc-pdf-4.1.6_08-0.13.1 SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-default-4.1.6_08_3.0.101_0.7.29-0.13.1 SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-pae-4.1.6_08_3.0.101_0.7.29-0.13.1 SUSE Linux Enterprise Server 11 SP2-LTSS:xen-kmp-trace-4.1.6_08_3.0.101_0.7.29-0.13.1 SUSE Linux Enterprise Server 11 SP2-LTSS:xen-libs-32bit-4.1.6_08-0.13.1 SUSE Linux Enterprise Server 11 SP2-LTSS:xen-libs-4.1.6_08-0.13.1 SUSE Linux Enterprise Server 11 SP2-LTSS:xen-tools-4.1.6_08-0.13.1 SUSE Linux Enterprise Server 11 SP2-LTSS:xen-tools-domU-4.1.6_08-0.13.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20151157-1/ https://www.suse.com/security/cve/CVE-2015-4164.html CVE-2015-4164 https://bugzilla.suse.com/932996 SUSE Bug 932996 https://bugzilla.suse.com/950367 SUSE Bug 950367