SUSE-SU-2015:2324-1: moderate: Security update for xen

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Sat Dec 19 08:10:35 MST 2015


   SUSE Security Update: Security update for xen
______________________________________________________________________________

Announcement ID:    SUSE-SU-2015:2324-1
Rating:             moderate
References:         #947165 #954018 #954405 #956408 #956409 #956411 
                    #956592 #956832 
Cross-References:   CVE-2015-3259 CVE-2015-4106 CVE-2015-5154
                    CVE-2015-5239 CVE-2015-5307 CVE-2015-6815
                    CVE-2015-7311 CVE-2015-7504 CVE-2015-7835
                    CVE-2015-8104 CVE-2015-8339 CVE-2015-8340
                    CVE-2015-8341 CVE-2015-8345
Affected Products:
                    SUSE Linux Enterprise Software Development Kit 12-SP1
                    SUSE Linux Enterprise Server 12-SP1
                    SUSE Linux Enterprise Desktop 12-SP1
______________________________________________________________________________

   An update that fixes 14 vulnerabilities is now available.

Description:



   This update fixes the following security issues:

   - bsc#956832 -  CVE-2015-8345: xen: qemu: net: eepro100: infinite loop in
     processing command block list

   - Revert x86/IO-APIC: don't create pIRQ mapping from masked RTE until
     kernel maintenance release goes out.

   - bsc#956592 -  xen: virtual PMU is unsupported (XSA-163)

   - bsc#956408 -  CVE-2015-8339, CVE-2015-8340: xen: XENMEM_exchange error
     handling issues (XSA-159)

   - bsc#956409 -  CVE-2015-8341: xen: libxl leak of pv kernel and initrd on
     error (XSA-160)

   - bsc#956411 -  CVE-2015-7504: xen: heap buffer overflow vulnerability in
     pcnet emulator (XSA-162)

   - bsc#947165 -  CVE-2015-7311: xen: libxl fails to honour readonly flag on
     disks with qemu-xen (xsa-142)

   - bsc#954405 -  CVE-2015-8104: Xen: guest to host DoS by triggering an
     infinite loop in microcode via #DB exception

   - bsc#954018 -  CVE-2015-5307: xen: x86: CPU lockup during fault delivery
     (XSA-156)


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Software Development Kit 12-SP1:

      zypper in -t patch SUSE-SLE-SDK-12-SP1-2015-999=1

   - SUSE Linux Enterprise Server 12-SP1:

      zypper in -t patch SUSE-SLE-SERVER-12-SP1-2015-999=1

   - SUSE Linux Enterprise Desktop 12-SP1:

      zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2015-999=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Software Development Kit 12-SP1 (x86_64):

      xen-debugsource-4.5.2_02-4.1
      xen-devel-4.5.2_02-4.1

   - SUSE Linux Enterprise Server 12-SP1 (x86_64):

      xen-4.5.2_02-4.1
      xen-debugsource-4.5.2_02-4.1
      xen-doc-html-4.5.2_02-4.1
      xen-kmp-default-4.5.2_02_k3.12.49_11-4.1
      xen-kmp-default-debuginfo-4.5.2_02_k3.12.49_11-4.1
      xen-libs-32bit-4.5.2_02-4.1
      xen-libs-4.5.2_02-4.1
      xen-libs-debuginfo-32bit-4.5.2_02-4.1
      xen-libs-debuginfo-4.5.2_02-4.1
      xen-tools-4.5.2_02-4.1
      xen-tools-debuginfo-4.5.2_02-4.1
      xen-tools-domU-4.5.2_02-4.1
      xen-tools-domU-debuginfo-4.5.2_02-4.1

   - SUSE Linux Enterprise Desktop 12-SP1 (x86_64):

      xen-4.5.2_02-4.1
      xen-debugsource-4.5.2_02-4.1
      xen-kmp-default-4.5.2_02_k3.12.49_11-4.1
      xen-kmp-default-debuginfo-4.5.2_02_k3.12.49_11-4.1
      xen-libs-32bit-4.5.2_02-4.1
      xen-libs-4.5.2_02-4.1
      xen-libs-debuginfo-32bit-4.5.2_02-4.1
      xen-libs-debuginfo-4.5.2_02-4.1


References:

   https://www.suse.com/security/cve/CVE-2015-3259.html
   https://www.suse.com/security/cve/CVE-2015-4106.html
   https://www.suse.com/security/cve/CVE-2015-5154.html
   https://www.suse.com/security/cve/CVE-2015-5239.html
   https://www.suse.com/security/cve/CVE-2015-5307.html
   https://www.suse.com/security/cve/CVE-2015-6815.html
   https://www.suse.com/security/cve/CVE-2015-7311.html
   https://www.suse.com/security/cve/CVE-2015-7504.html
   https://www.suse.com/security/cve/CVE-2015-7835.html
   https://www.suse.com/security/cve/CVE-2015-8104.html
   https://www.suse.com/security/cve/CVE-2015-8339.html
   https://www.suse.com/security/cve/CVE-2015-8340.html
   https://www.suse.com/security/cve/CVE-2015-8341.html
   https://www.suse.com/security/cve/CVE-2015-8345.html
   https://bugzilla.suse.com/947165
   https://bugzilla.suse.com/954018
   https://bugzilla.suse.com/954405
   https://bugzilla.suse.com/956408
   https://bugzilla.suse.com/956409
   https://bugzilla.suse.com/956411
   https://bugzilla.suse.com/956592
   https://bugzilla.suse.com/956832



More information about the sle-security-updates mailing list