Security update for xen SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2016:3221-1 Final 1 1 2016-12-21T21:00:13Z current 2016-12-21T21:00:13Z 2016-12-21T21:00:13Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for xen This update for xen fixes the following issues: - A Mishandling of SYSCALL singlestep during emulation which could have lead to privilege escalation. (XSA-204, bsc#1016340, CVE-2016-10013) - CMPXCHG8B emulation failed to ignore operand size override which could have lead to information disclosure. (XSA-200, bsc#1012651, CVE-2016-9932) - PV guests may have been able to mask interrupts causing a Denial of Service. (XSA-202, bsc#1014298, CVE-2016-10024) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). sdksp4-xen-12905,slessp4-xen-12905 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2016/suse-su-20163221-1/ Link for SUSE-SU-2016:3221-1 https://lists.opensuse.org/opensuse-security-announce/2016-12/msg00082.html E-Mail link for SUSE-SU-2016:3221-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1012651 SUSE Bug 1012651 https://bugzilla.suse.com/1014298 SUSE Bug 1014298 https://bugzilla.suse.com/1016340 SUSE Bug 1016340 https://www.suse.com/security/cve/CVE-2016-10013/ SUSE CVE CVE-2016-10013 page https://www.suse.com/security/cve/CVE-2016-10024/ SUSE CVE CVE-2016-10024 page https://www.suse.com/security/cve/CVE-2016-9932/ SUSE CVE CVE-2016-9932 page SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 xen-devel-4.4.4_12-46.1 xen-4.4.4_12-46.1 xen-doc-html-4.4.4_12-46.1 xen-kmp-default-4.4.4_12_3.0.101_91-46.1 xen-kmp-pae-4.4.4_12_3.0.101_91-46.1 xen-libs-4.4.4_12-46.1 xen-libs-32bit-4.4.4_12-46.1 xen-tools-4.4.4_12-46.1 xen-tools-domU-4.4.4_12-46.1 xen-4.4.4_12-46.1 as a component of SUSE Linux Enterprise Server 11 SP4 xen-doc-html-4.4.4_12-46.1 as a component of SUSE Linux Enterprise Server 11 SP4 xen-kmp-default-4.4.4_12_3.0.101_91-46.1 as a component of SUSE Linux Enterprise Server 11 SP4 xen-kmp-pae-4.4.4_12_3.0.101_91-46.1 as a component of SUSE Linux Enterprise Server 11 SP4 xen-libs-4.4.4_12-46.1 as a component of SUSE Linux Enterprise Server 11 SP4 xen-libs-32bit-4.4.4_12-46.1 as a component of SUSE Linux Enterprise Server 11 SP4 xen-tools-4.4.4_12-46.1 as a component of SUSE Linux Enterprise Server 11 SP4 xen-tools-domU-4.4.4_12-46.1 as a component of SUSE Linux Enterprise Server 11 SP4 xen-4.4.4_12-46.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 xen-doc-html-4.4.4_12-46.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 xen-kmp-default-4.4.4_12_3.0.101_91-46.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 xen-kmp-pae-4.4.4_12_3.0.101_91-46.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 xen-libs-4.4.4_12-46.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 xen-libs-32bit-4.4.4_12-46.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 xen-tools-4.4.4_12-46.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 xen-tools-domU-4.4.4_12-46.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 xen-devel-4.4.4_12-46.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 Xen through 4.8.x allows local 64-bit x86 HVM guest OS users to gain privileges by leveraging mishandling of SYSCALL singlestep during emulation. CVE-2016-10013 SUSE Linux Enterprise Server 11 SP4:xen-4.4.4_12-46.1 SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.4_12-46.1 SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_12_3.0.101_91-46.1 SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.4_12_3.0.101_91-46.1 SUSE Linux Enterprise Server 11 SP4:xen-libs-32bit-4.4.4_12-46.1 SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_12-46.1 SUSE Linux Enterprise Server 11 SP4:xen-tools-4.4.4_12-46.1 SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_12-46.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-4.4.4_12-46.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-doc-html-4.4.4_12-46.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_12_3.0.101_91-46.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-pae-4.4.4_12_3.0.101_91-46.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-32bit-4.4.4_12-46.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_12-46.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-4.4.4_12-46.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_12-46.1 SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_12-46.1 moderate 6.6 AV:L/AC:M/Au:S/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20163221-1/ https://www.suse.com/security/cve/CVE-2016-10013.html CVE-2016-10013 https://bugzilla.suse.com/1016340 SUSE Bug 1016340 Xen through 4.8.x allows local x86 PV guest OS kernel administrators to cause a denial of service (host hang or crash) by modifying the instruction stream asynchronously while performing certain kernel operations. CVE-2016-10024 SUSE Linux Enterprise Server 11 SP4:xen-4.4.4_12-46.1 SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.4_12-46.1 SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_12_3.0.101_91-46.1 SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.4_12_3.0.101_91-46.1 SUSE Linux Enterprise Server 11 SP4:xen-libs-32bit-4.4.4_12-46.1 SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_12-46.1 SUSE Linux Enterprise Server 11 SP4:xen-tools-4.4.4_12-46.1 SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_12-46.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-4.4.4_12-46.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-doc-html-4.4.4_12-46.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_12_3.0.101_91-46.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-pae-4.4.4_12_3.0.101_91-46.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-32bit-4.4.4_12-46.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_12-46.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-4.4.4_12-46.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_12-46.1 SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_12-46.1 moderate 4.4 AV:L/AC:M/Au:S/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20163221-1/ https://www.suse.com/security/cve/CVE-2016-10024.html CVE-2016-10024 https://bugzilla.suse.com/1014298 SUSE Bug 1014298 https://bugzilla.suse.com/1178658 SUSE Bug 1178658 CMPXCHG8B emulation in Xen 3.3.x through 4.7.x on x86 systems allows local HVM guest OS users to obtain sensitive information from host stack memory via a "supposedly-ignored" operand size prefix. CVE-2016-9932 SUSE Linux Enterprise Server 11 SP4:xen-4.4.4_12-46.1 SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.4_12-46.1 SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_12_3.0.101_91-46.1 SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.4_12_3.0.101_91-46.1 SUSE Linux Enterprise Server 11 SP4:xen-libs-32bit-4.4.4_12-46.1 SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_12-46.1 SUSE Linux Enterprise Server 11 SP4:xen-tools-4.4.4_12-46.1 SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_12-46.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-4.4.4_12-46.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-doc-html-4.4.4_12-46.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_12_3.0.101_91-46.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-pae-4.4.4_12_3.0.101_91-46.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-32bit-4.4.4_12-46.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_12-46.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-4.4.4_12-46.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_12-46.1 SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_12-46.1 low 1 AV:L/AC:H/Au:S/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20163221-1/ https://www.suse.com/security/cve/CVE-2016-9932.html CVE-2016-9932 https://bugzilla.suse.com/1012651 SUSE Bug 1012651 https://bugzilla.suse.com/1016340 SUSE Bug 1016340