SUSE-SU-2016:0658-1: important: Security update for Xen

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Fri Mar 4 14:13:55 MST 2016


   SUSE Security Update: Security update for Xen
______________________________________________________________________________

Announcement ID:    SUSE-SU-2016:0658-1
Rating:             important
References:         #877642 #932267 #944463 #950706 #953527 #954405 
                    #956408 #956411 #957988 #958009 #958493 #958523 
                    #962360 
Cross-References:   CVE-2014-0222 CVE-2015-4037 CVE-2015-5239
                    CVE-2015-5307 CVE-2015-7504 CVE-2015-7512
                    CVE-2015-7971 CVE-2015-8104 CVE-2015-8339
                    CVE-2015-8340 CVE-2015-8504 CVE-2015-8550
                    CVE-2015-8555
Affected Products:
                    SUSE Linux Enterprise Server 10 SP4 LTSS
______________________________________________________________________________

   An update that fixes 13 vulnerabilities is now available.

Description:


   Xen was updated to fix the following vulnerabilities:

       * CVE-2014-0222: Qcow1 L2 table size integer overflows (bsc#877642)
       * CVE-2015-4037: Insecure temporary file use in /net/slirp.c
         (bsc#932267)
       * CVE-2015-5239: Integer overflow in vnc_client_read() and
         protocol_client_msg() (bsc#944463)
       * CVE-2015-7504: Heap buffer overflow vulnerability in pcnet emulator
         (XSA-162, bsc#956411)
       * CVE-2015-7971: Some pmu and profiling hypercalls log without rate
         limiting (XSA-152, bsc#950706)
       * CVE-2015-8104: Guest to host DoS by triggering an infinite loop in
         microcode via #DB exception (bsc#954405)
       * CVE-2015-5307: Guest to host DOS by intercepting #AC (XSA-156,
         bsc#953527)
       * CVE-2015-8339: XENMEM_exchange error handling issues (XSA-159,
         bsc#956408)
       * CVE-2015-8340: XENMEM_exchange error handling issues (XSA-159,
         bsc#956408)
       * CVE-2015-7512: Buffer overflow in pcnet's non-loopback mode
         (bsc#962360)
       * CVE-2015-8550: Paravirtualized drivers incautious about shared
         memory contents (XSA-155, bsc#957988)
       * CVE-2015-8504: Avoid floating point exception in vnc support
         (bsc#958493)
       * CVE-2015-8555: Information leak in legacy x86 FPU/XMM initialization
         (XSA-165, bsc#958009)
       * Ioreq handling possibly susceptible to multiple read issue (XSA-166,
         bsc#958523)

   Security Issues:

       * CVE-2014-0222
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0222>
       * CVE-2015-4037
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4037>
       * CVE-2015-5239
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5239>
       * CVE-2015-7504
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7504>
       * CVE-2015-7971
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7971>
       * CVE-2015-8104
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8104>
       * CVE-2015-5307
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5307>
       * CVE-2015-8339
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8339>
       * CVE-2015-8340
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8340>
       * CVE-2015-7512
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7512>
       * CVE-2015-8550
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8550>
       * CVE-2015-8504
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8504>
       * CVE-2015-8555
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8555>


Special Instructions and Notes:

   Please reboot the system after installing this update.


Package List:

   - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 x86_64):

      xen-3.2.3_17040_46-0.23.2
      xen-devel-3.2.3_17040_46-0.23.2
      xen-doc-html-3.2.3_17040_46-0.23.2
      xen-doc-pdf-3.2.3_17040_46-0.23.2
      xen-doc-ps-3.2.3_17040_46-0.23.2
      xen-kmp-debug-3.2.3_17040_46_2.6.16.60_0.132.6-0.23.2
      xen-kmp-default-3.2.3_17040_46_2.6.16.60_0.132.6-0.23.2
      xen-kmp-kdump-3.2.3_17040_46_2.6.16.60_0.132.6-0.23.2
      xen-kmp-smp-3.2.3_17040_46_2.6.16.60_0.132.6-0.23.2
      xen-libs-3.2.3_17040_46-0.23.2
      xen-tools-3.2.3_17040_46-0.23.2
      xen-tools-domU-3.2.3_17040_46-0.23.2
      xen-tools-ioemu-3.2.3_17040_46-0.23.2

   - SUSE Linux Enterprise Server 10 SP4 LTSS (x86_64):

      xen-libs-32bit-3.2.3_17040_46-0.23.2

   - SUSE Linux Enterprise Server 10 SP4 LTSS (i586):

      xen-kmp-bigsmp-3.2.3_17040_46_2.6.16.60_0.132.6-0.23.2
      xen-kmp-kdumppae-3.2.3_17040_46_2.6.16.60_0.132.6-0.23.2
      xen-kmp-vmi-3.2.3_17040_46_2.6.16.60_0.132.6-0.23.2
      xen-kmp-vmipae-3.2.3_17040_46_2.6.16.60_0.132.6-0.23.2


References:

   https://www.suse.com/security/cve/CVE-2014-0222.html
   https://www.suse.com/security/cve/CVE-2015-4037.html
   https://www.suse.com/security/cve/CVE-2015-5239.html
   https://www.suse.com/security/cve/CVE-2015-5307.html
   https://www.suse.com/security/cve/CVE-2015-7504.html
   https://www.suse.com/security/cve/CVE-2015-7512.html
   https://www.suse.com/security/cve/CVE-2015-7971.html
   https://www.suse.com/security/cve/CVE-2015-8104.html
   https://www.suse.com/security/cve/CVE-2015-8339.html
   https://www.suse.com/security/cve/CVE-2015-8340.html
   https://www.suse.com/security/cve/CVE-2015-8504.html
   https://www.suse.com/security/cve/CVE-2015-8550.html
   https://www.suse.com/security/cve/CVE-2015-8555.html
   https://bugzilla.suse.com/877642
   https://bugzilla.suse.com/932267
   https://bugzilla.suse.com/944463
   https://bugzilla.suse.com/950706
   https://bugzilla.suse.com/953527
   https://bugzilla.suse.com/954405
   https://bugzilla.suse.com/956408
   https://bugzilla.suse.com/956411
   https://bugzilla.suse.com/957988
   https://bugzilla.suse.com/958009
   https://bugzilla.suse.com/958493
   https://bugzilla.suse.com/958523
   https://bugzilla.suse.com/962360
   https://download.suse.com/patch/finder/?keywords=085198b0d3665c1af17df9c5dcb0be80



More information about the sle-security-updates mailing list