SUSE-SU-2015:2338-1: moderate: Security update for xen

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Tue Dec 22 05:11:28 MST 2015


   SUSE Security Update: Security update for xen
______________________________________________________________________________

Announcement ID:    SUSE-SU-2015:2338-1
Rating:             moderate
References:         #947165 #950703 #950704 #950705 #950706 #951845 
                    #954018 #954405 #955399 #956408 #956409 #956411 
                    #956592 #956832 
Cross-References:   CVE-2015-5307 CVE-2015-7311 CVE-2015-7504
                    CVE-2015-7835 CVE-2015-7969 CVE-2015-7970
                    CVE-2015-7971 CVE-2015-7972 CVE-2015-8104
                    CVE-2015-8339 CVE-2015-8340 CVE-2015-8341
                    CVE-2015-8345
Affected Products:
                    SUSE Linux Enterprise Software Development Kit 11-SP4
                    SUSE Linux Enterprise Server 11-SP4
                    SUSE Linux Enterprise Desktop 11-SP4
                    SUSE Linux Enterprise Debuginfo 11-SP4
______________________________________________________________________________

   An update that solves 13 vulnerabilities and has one errata
   is now available.

Description:


         This update fixes the following security issues:

   - bsc#955399 -  Fix xm migrate --log_progress. Due to logic error progress
     was not logged when requested.

   - bsc#956832 -  CVE-2015-8345: xen: qemu: net: eepro100: infinite loop in
     processing command block list

   - bsc#956592 -  xen: virtual PMU is unsupported (XSA-163)

   - bsc#956408 -  CVE-2015-8339, CVE-2015-8340: xen: XENMEM_exchange error
     handling issues (XSA-159)

   - bsc#956409 -  CVE-2015-8341: xen: libxl leak of pv kernel and initrd on
     error (XSA-160)

   - bsc#956411 -  CVE-2015-7504: xen: heap buffer overflow vulnerability in
     pcnet emulator (XSA-162)

   - bsc#947165 -  CVE-2015-7311: xen: libxl fails to honour readonly flag on
     disks with qemu-xen (xsa-142)

   - bsc#955399 -  Fix xm migrate --live.  The options were not passed due to
     a merge error. As a result the migration was not live, instead the
     suspended guest was migrated.

   - bsc#954405 -  CVE-2015-8104: Xen: guest to host DoS by triggering an
     infinite loop in microcode via #DB exception

   - bsc#954018 -  CVE-2015-5307: xen: x86: CPU lockup during fault delivery
     (XSA-156)


   - bsc#950704 -  CVE-2015-7970: xen: x86: Long latency populate-on-demand
     operation is not preemptible (XSA-150)

   - bsc#951845 -  CVE-2015-7972: xen: x86: populate-on-demand balloon size
     inaccuracy can crash guests (XSA-153)

   - Drop 5604f239-x86-PV-properly-populate-descriptor-tables.patch

   - bsc#950703 -  CVE-2015-7969: xen: leak of main per-domain vcpu pointer
     array (DoS) (XSA-149)

   - bsc#950705 -  CVE-2015-7969: xen: x86: leak of per-domain
     profiling-related vcpu pointer array (DoS) (XSA-151)

   - bsc#950706 -  CVE-2015-7971: xen: x86: some pmu and profiling hypercalls
     log without rate limiting (XSA-152)


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Software Development Kit 11-SP4:

      zypper in -t patch sdksp4-xen-20151203-12277=1

   - SUSE Linux Enterprise Server 11-SP4:

      zypper in -t patch slessp4-xen-20151203-12277=1

   - SUSE Linux Enterprise Desktop 11-SP4:

      zypper in -t patch sledsp4-xen-20151203-12277=1

   - SUSE Linux Enterprise Debuginfo 11-SP4:

      zypper in -t patch dbgsp4-xen-20151203-12277=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64):

      xen-devel-4.4.3_06-29.1

   - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64):

      xen-kmp-default-4.4.3_06_3.0.101_65-29.1
      xen-libs-4.4.3_06-29.1
      xen-tools-domU-4.4.3_06-29.1

   - SUSE Linux Enterprise Server 11-SP4 (x86_64):

      xen-4.4.3_06-29.1
      xen-doc-html-4.4.3_06-29.1
      xen-libs-32bit-4.4.3_06-29.1
      xen-tools-4.4.3_06-29.1

   - SUSE Linux Enterprise Server 11-SP4 (i586):

      xen-kmp-pae-4.4.3_06_3.0.101_65-29.1

   - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64):

      xen-kmp-default-4.4.3_06_3.0.101_65-29.1
      xen-libs-4.4.3_06-29.1
      xen-tools-domU-4.4.3_06-29.1

   - SUSE Linux Enterprise Desktop 11-SP4 (x86_64):

      xen-4.4.3_06-29.1
      xen-doc-html-4.4.3_06-29.1
      xen-libs-32bit-4.4.3_06-29.1
      xen-tools-4.4.3_06-29.1

   - SUSE Linux Enterprise Desktop 11-SP4 (i586):

      xen-kmp-pae-4.4.3_06_3.0.101_65-29.1

   - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64):

      xen-debuginfo-4.4.3_06-29.1
      xen-debugsource-4.4.3_06-29.1


References:

   https://www.suse.com/security/cve/CVE-2015-5307.html
   https://www.suse.com/security/cve/CVE-2015-7311.html
   https://www.suse.com/security/cve/CVE-2015-7504.html
   https://www.suse.com/security/cve/CVE-2015-7835.html
   https://www.suse.com/security/cve/CVE-2015-7969.html
   https://www.suse.com/security/cve/CVE-2015-7970.html
   https://www.suse.com/security/cve/CVE-2015-7971.html
   https://www.suse.com/security/cve/CVE-2015-7972.html
   https://www.suse.com/security/cve/CVE-2015-8104.html
   https://www.suse.com/security/cve/CVE-2015-8339.html
   https://www.suse.com/security/cve/CVE-2015-8340.html
   https://www.suse.com/security/cve/CVE-2015-8341.html
   https://www.suse.com/security/cve/CVE-2015-8345.html
   https://bugzilla.suse.com/947165
   https://bugzilla.suse.com/950703
   https://bugzilla.suse.com/950704
   https://bugzilla.suse.com/950705
   https://bugzilla.suse.com/950706
   https://bugzilla.suse.com/951845
   https://bugzilla.suse.com/954018
   https://bugzilla.suse.com/954405
   https://bugzilla.suse.com/955399
   https://bugzilla.suse.com/956408
   https://bugzilla.suse.com/956409
   https://bugzilla.suse.com/956411
   https://bugzilla.suse.com/956592
   https://bugzilla.suse.com/956832



More information about the sle-security-updates mailing list