Security update for xen SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2015:1479-2 Final 1 1 2015-08-11T14:48:25Z current 2015-08-11T14:48:25Z 2015-08-11T14:48:25Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for xen xen was updated to fix the following security issues: * CVE-2015-5165: QEMU leak of uninitialized heap memory in rtl8139 device model (bsc#939712, XSA-140) * CVE-2015-5166: Use after free in QEMU/Xen block unplug protocol (bsc#939709, XSA-139) * CVE-2015-2751: Certain domctl operations could have be used to lock up the host (bsc#922709, XSA-127) * CVE-2015-3259: xl command line config handling stack overflow (bsc#935634, XSA-137) * CVE-2015-4164: DoS through iret hypercall handler (bsc#932996, XSA-136) * CVE-2015-5154: Host code execution via IDE subsystem CD-ROM (bsc#938344) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). sledsp3-xen-12066 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2015/suse-su-20151479-2/ Link for SUSE-SU-2015:1479-2 https://lists.opensuse.org/opensuse-security-announce/2015-09/msg00003.html E-Mail link for SUSE-SU-2015:1479-2 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/922709 SUSE Bug 922709 https://bugzilla.suse.com/932996 SUSE Bug 932996 https://bugzilla.suse.com/935634 SUSE Bug 935634 https://bugzilla.suse.com/938344 SUSE Bug 938344 https://bugzilla.suse.com/939709 SUSE Bug 939709 https://bugzilla.suse.com/939712 SUSE Bug 939712 https://www.suse.com/security/cve/CVE-2015-2751/ SUSE CVE CVE-2015-2751 page https://www.suse.com/security/cve/CVE-2015-3259/ SUSE CVE CVE-2015-3259 page https://www.suse.com/security/cve/CVE-2015-4164/ SUSE CVE CVE-2015-4164 page https://www.suse.com/security/cve/CVE-2015-5154/ SUSE CVE CVE-2015-5154 page https://www.suse.com/security/cve/CVE-2015-5165/ SUSE CVE CVE-2015-5165 page https://www.suse.com/security/cve/CVE-2015-5166/ SUSE CVE CVE-2015-5166 page SUSE Linux Enterprise Desktop 11 SP3 xen-4.2.5_12-15.1 xen-doc-html-4.2.5_12-15.1 xen-doc-pdf-4.2.5_12-15.1 xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1 xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1 xen-libs-4.2.5_12-15.1 xen-libs-32bit-4.2.5_12-15.1 xen-tools-4.2.5_12-15.1 xen-tools-domU-4.2.5_12-15.1 xen-4.2.5_12-15.1 as a component of SUSE Linux Enterprise Desktop 11 SP3 xen-doc-html-4.2.5_12-15.1 as a component of SUSE Linux Enterprise Desktop 11 SP3 xen-doc-pdf-4.2.5_12-15.1 as a component of SUSE Linux Enterprise Desktop 11 SP3 xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1 as a component of SUSE Linux Enterprise Desktop 11 SP3 xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1 as a component of SUSE Linux Enterprise Desktop 11 SP3 xen-libs-4.2.5_12-15.1 as a component of SUSE Linux Enterprise Desktop 11 SP3 xen-libs-32bit-4.2.5_12-15.1 as a component of SUSE Linux Enterprise Desktop 11 SP3 xen-tools-4.2.5_12-15.1 as a component of SUSE Linux Enterprise Desktop 11 SP3 xen-tools-domU-4.2.5_12-15.1 as a component of SUSE Linux Enterprise Desktop 11 SP3 Xen 4.3.x, 4.4.x, and 4.5.x, when using toolstack disaggregation, allows remote domains with partial management control to cause a denial of service (host lock) via unspecified domctl operations. CVE-2015-2751 SUSE Linux Enterprise Desktop 11 SP3:xen-4.2.5_12-15.1 SUSE Linux Enterprise Desktop 11 SP3:xen-doc-html-4.2.5_12-15.1 SUSE Linux Enterprise Desktop 11 SP3:xen-doc-pdf-4.2.5_12-15.1 SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1 SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1 SUSE Linux Enterprise Desktop 11 SP3:xen-libs-32bit-4.2.5_12-15.1 SUSE Linux Enterprise Desktop 11 SP3:xen-libs-4.2.5_12-15.1 SUSE Linux Enterprise Desktop 11 SP3:xen-tools-4.2.5_12-15.1 SUSE Linux Enterprise Desktop 11 SP3:xen-tools-domU-4.2.5_12-15.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20151479-2/ https://www.suse.com/security/cve/CVE-2015-2751.html CVE-2015-2751 https://bugzilla.suse.com/922709 SUSE Bug 922709 https://bugzilla.suse.com/950367 SUSE Bug 950367 Stack-based buffer overflow in the xl command line utility in Xen 4.1.x through 4.5.x allows local guest administrators to gain privileges via a long configuration argument. CVE-2015-3259 SUSE Linux Enterprise Desktop 11 SP3:xen-4.2.5_12-15.1 SUSE Linux Enterprise Desktop 11 SP3:xen-doc-html-4.2.5_12-15.1 SUSE Linux Enterprise Desktop 11 SP3:xen-doc-pdf-4.2.5_12-15.1 SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1 SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1 SUSE Linux Enterprise Desktop 11 SP3:xen-libs-32bit-4.2.5_12-15.1 SUSE Linux Enterprise Desktop 11 SP3:xen-libs-4.2.5_12-15.1 SUSE Linux Enterprise Desktop 11 SP3:xen-tools-4.2.5_12-15.1 SUSE Linux Enterprise Desktop 11 SP3:xen-tools-domU-4.2.5_12-15.1 moderate 4.1 AV:L/AC:M/Au:S/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20151479-2/ https://www.suse.com/security/cve/CVE-2015-3259.html CVE-2015-3259 https://bugzilla.suse.com/935634 SUSE Bug 935634 https://bugzilla.suse.com/936281 SUSE Bug 936281 https://bugzilla.suse.com/937018 SUSE Bug 937018 https://bugzilla.suse.com/950367 SUSE Bug 950367 The compat_iret function in Xen 3.1 through 4.5 iterates the wrong way through a loop, which allows local 32-bit PV guest administrators to cause a denial of service (large loop and system hang) via a hypercall_iret call with EFLAGS.VM set. CVE-2015-4164 SUSE Linux Enterprise Desktop 11 SP3:xen-4.2.5_12-15.1 SUSE Linux Enterprise Desktop 11 SP3:xen-doc-html-4.2.5_12-15.1 SUSE Linux Enterprise Desktop 11 SP3:xen-doc-pdf-4.2.5_12-15.1 SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1 SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1 SUSE Linux Enterprise Desktop 11 SP3:xen-libs-32bit-4.2.5_12-15.1 SUSE Linux Enterprise Desktop 11 SP3:xen-libs-4.2.5_12-15.1 SUSE Linux Enterprise Desktop 11 SP3:xen-tools-4.2.5_12-15.1 SUSE Linux Enterprise Desktop 11 SP3:xen-tools-domU-4.2.5_12-15.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20151479-2/ https://www.suse.com/security/cve/CVE-2015-4164.html CVE-2015-4164 https://bugzilla.suse.com/932996 SUSE Bug 932996 https://bugzilla.suse.com/950367 SUSE Bug 950367 Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands. CVE-2015-5154 SUSE Linux Enterprise Desktop 11 SP3:xen-4.2.5_12-15.1 SUSE Linux Enterprise Desktop 11 SP3:xen-doc-html-4.2.5_12-15.1 SUSE Linux Enterprise Desktop 11 SP3:xen-doc-pdf-4.2.5_12-15.1 SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1 SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1 SUSE Linux Enterprise Desktop 11 SP3:xen-libs-32bit-4.2.5_12-15.1 SUSE Linux Enterprise Desktop 11 SP3:xen-libs-4.2.5_12-15.1 SUSE Linux Enterprise Desktop 11 SP3:xen-tools-4.2.5_12-15.1 SUSE Linux Enterprise Desktop 11 SP3:xen-tools-domU-4.2.5_12-15.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20151479-2/ https://www.suse.com/security/cve/CVE-2015-5154.html CVE-2015-5154 https://bugzilla.suse.com/938344 SUSE Bug 938344 https://bugzilla.suse.com/950367 SUSE Bug 950367 The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors. CVE-2015-5165 SUSE Linux Enterprise Desktop 11 SP3:xen-4.2.5_12-15.1 SUSE Linux Enterprise Desktop 11 SP3:xen-doc-html-4.2.5_12-15.1 SUSE Linux Enterprise Desktop 11 SP3:xen-doc-pdf-4.2.5_12-15.1 SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1 SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1 SUSE Linux Enterprise Desktop 11 SP3:xen-libs-32bit-4.2.5_12-15.1 SUSE Linux Enterprise Desktop 11 SP3:xen-libs-4.2.5_12-15.1 SUSE Linux Enterprise Desktop 11 SP3:xen-tools-4.2.5_12-15.1 SUSE Linux Enterprise Desktop 11 SP3:xen-tools-domU-4.2.5_12-15.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20151479-2/ https://www.suse.com/security/cve/CVE-2015-5165.html CVE-2015-5165 https://bugzilla.suse.com/939712 SUSE Bug 939712 https://bugzilla.suse.com/950367 SUSE Bug 950367 Use-after-free vulnerability in QEMU in Xen 4.5.x and earlier does not completely unplug emulated block devices, which allows local HVM guest users to gain privileges by unplugging a block device twice. CVE-2015-5166 SUSE Linux Enterprise Desktop 11 SP3:xen-4.2.5_12-15.1 SUSE Linux Enterprise Desktop 11 SP3:xen-doc-html-4.2.5_12-15.1 SUSE Linux Enterprise Desktop 11 SP3:xen-doc-pdf-4.2.5_12-15.1 SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1 SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1 SUSE Linux Enterprise Desktop 11 SP3:xen-libs-32bit-4.2.5_12-15.1 SUSE Linux Enterprise Desktop 11 SP3:xen-libs-4.2.5_12-15.1 SUSE Linux Enterprise Desktop 11 SP3:xen-tools-4.2.5_12-15.1 SUSE Linux Enterprise Desktop 11 SP3:xen-tools-domU-4.2.5_12-15.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20151479-2/ https://www.suse.com/security/cve/CVE-2015-5166.html CVE-2015-5166 https://bugzilla.suse.com/939709 SUSE Bug 939709 https://bugzilla.suse.com/950367 SUSE Bug 950367