SUSE-SU-2015:2306-1: moderate: Security update for xen

sle-updates at lists.suse.com sle-updates at lists.suse.com
Fri Dec 18 14:12:56 MST 2015


   SUSE Security Update: Security update for xen
______________________________________________________________________________

Announcement ID:    SUSE-SU-2015:2306-1
Rating:             moderate
References:         #950703 #950704 #950705 #950706 #951845 #953527 
                    #954405 #956408 #956411 #956832 
Cross-References:   CVE-2015-5307 CVE-2015-7504 CVE-2015-7969
                    CVE-2015-7970 CVE-2015-7971 CVE-2015-7972
                    CVE-2015-8104 CVE-2015-8339 CVE-2015-8340
                    CVE-2015-8345
Affected Products:
                    SUSE Linux Enterprise Server 11-SP2-LTSS
                    SUSE Linux Enterprise Debuginfo 11-SP2
______________________________________________________________________________

   An update that fixes 10 vulnerabilities is now available.

Description:



   This update fixes the following security issues:

   - bsc#956832 -  CVE-2015-8345: xen: qemu: net: eepro100: infinite loop in
     processing command block list

   - bsc#956408 -  CVE-2015-8339, CVE-2015-8340: xen: XENMEM_exchange error
     handling issues (XSA-159) xsa159.patch
   - bsc#956411 -  CVE-2015-7504: xen: heap buffer overflow vulnerability in
     pcnet emulator (XSA-162)

   - bsc#954405 -  CVE-2015-8104: Xen: guest to host DoS by triggering an
     infinite loop in microcode via #DB exception
   - bsc#953527 -  CVE-2015-5307: kernel: kvm/xen: x86: avoid guest->host DOS
     by intercepting #AC (XSA-156)

   - bsc#950704 -  CVE-2015-7970: xen: x86: Long latency populate-on-demand
     operation is not preemptible (XSA-150)

   - bsc#951845 -  CVE-2015-7972: xen: x86: populate-on-demand balloon size
     inaccuracy can crash guests (XSA-153)

   - bsc#950703 -  CVE-2015-7969: xen: leak of main per-domain vcpu pointer
     array (DoS) (XSA-149)
   - bsc#950705 -  CVE-2015-7969: xen: x86: leak of per-domain
     profiling-related vcpu pointer array (DoS) (XSA-151)
   - bsc#950706 -  CVE-2015-7971: xen: x86: some pmu and profiling hypercalls
     log without rate limiting (XSA-152)


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server 11-SP2-LTSS:

      zypper in -t patch slessp2-xen-20151201-12273=1

   - SUSE Linux Enterprise Debuginfo 11-SP2:

      zypper in -t patch dbgsp2-xen-20151201-12273=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 x86_64):

      xen-devel-4.1.6_08-23.1
      xen-kmp-default-4.1.6_08_3.0.101_0.7.37-23.1
      xen-kmp-trace-4.1.6_08_3.0.101_0.7.37-23.1
      xen-libs-4.1.6_08-23.1
      xen-tools-domU-4.1.6_08-23.1

   - SUSE Linux Enterprise Server 11-SP2-LTSS (x86_64):

      xen-4.1.6_08-23.1
      xen-doc-html-4.1.6_08-23.1
      xen-doc-pdf-4.1.6_08-23.1
      xen-libs-32bit-4.1.6_08-23.1
      xen-tools-4.1.6_08-23.1

   - SUSE Linux Enterprise Server 11-SP2-LTSS (i586):

      xen-kmp-pae-4.1.6_08_3.0.101_0.7.37-23.1

   - SUSE Linux Enterprise Debuginfo 11-SP2 (i586 x86_64):

      xen-debuginfo-4.1.6_08-23.1
      xen-debugsource-4.1.6_08-23.1


References:

   https://www.suse.com/security/cve/CVE-2015-5307.html
   https://www.suse.com/security/cve/CVE-2015-7504.html
   https://www.suse.com/security/cve/CVE-2015-7969.html
   https://www.suse.com/security/cve/CVE-2015-7970.html
   https://www.suse.com/security/cve/CVE-2015-7971.html
   https://www.suse.com/security/cve/CVE-2015-7972.html
   https://www.suse.com/security/cve/CVE-2015-8104.html
   https://www.suse.com/security/cve/CVE-2015-8339.html
   https://www.suse.com/security/cve/CVE-2015-8340.html
   https://www.suse.com/security/cve/CVE-2015-8345.html
   https://bugzilla.suse.com/950703
   https://bugzilla.suse.com/950704
   https://bugzilla.suse.com/950705
   https://bugzilla.suse.com/950706
   https://bugzilla.suse.com/951845
   https://bugzilla.suse.com/953527
   https://bugzilla.suse.com/954405
   https://bugzilla.suse.com/956408
   https://bugzilla.suse.com/956411
   https://bugzilla.suse.com/956832



More information about the sle-updates mailing list