SUSE-SU-2015:1156-1: important: Security update for Xen

sle-updates at lists.suse.com sle-updates at lists.suse.com
Mon Jun 29 06:05:19 MDT 2015


   SUSE Security Update: Security update for Xen
______________________________________________________________________________

Announcement ID:    SUSE-SU-2015:1156-1
Rating:             important
References:         #931625 #931626 #931627 #931628 #932770 #932996 
                    
Cross-References:   CVE-2015-3209 CVE-2015-4103 CVE-2015-4104
                    CVE-2015-4105 CVE-2015-4106 CVE-2015-4164
                   
Affected Products:
                    SUSE Linux Enterprise Server 11 SP1 LTSS
______________________________________________________________________________

   An update that fixes 6 vulnerabilities is now available.

Description:


   Xen was updated to fix six security issues:

       * CVE-2015-4103: Potential unintended writes to host MSI message data
         field via qemu. (XSA-128, bsc#931625)
       * CVE-2015-4104: PCI MSI mask bits inadvertently exposed to guests.
         (XSA-129, bsc#931626)
       * CVE-2015-4105: Guest triggerable qemu MSI-X pass-through error
         messages. (XSA-130, bsc#931627)
       * CVE-2015-4106: Unmediated PCI register access in qemu. (XSA-131,
         bsc#931628)
       * CVE-2015-3209: heap overflow in qemu pcnet controller allowing guest
         to host escape. (XSA-135, bsc#932770)
       * CVE-2015-4164: DoS through iret hypercall handler. (XSA-136,
         bsc#932996)

   Security Issues:

       * CVE-2015-4103
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4103>
       * CVE-2015-4104
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4104>
       * CVE-2015-4105
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4105>
       * CVE-2015-4106
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4106>
       * CVE-2015-4164
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4164>
       * CVE-2015-3209
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3209>


Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server 11 SP1 LTSS:

      zypper in -t patch slessp1-xen-201506=10726

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 x86_64):

      xen-4.0.3_21548_18-0.25.1
      xen-doc-html-4.0.3_21548_18-0.25.1
      xen-doc-pdf-4.0.3_21548_18-0.25.1
      xen-kmp-default-4.0.3_21548_18_2.6.32.59_0.19-0.25.1
      xen-kmp-trace-4.0.3_21548_18_2.6.32.59_0.19-0.25.1
      xen-libs-4.0.3_21548_18-0.25.1
      xen-tools-4.0.3_21548_18-0.25.1
      xen-tools-domU-4.0.3_21548_18-0.25.1

   - SUSE Linux Enterprise Server 11 SP1 LTSS (i586):

      xen-kmp-pae-4.0.3_21548_18_2.6.32.59_0.19-0.25.1


References:

   https://www.suse.com/security/cve/CVE-2015-3209.html
   https://www.suse.com/security/cve/CVE-2015-4103.html
   https://www.suse.com/security/cve/CVE-2015-4104.html
   https://www.suse.com/security/cve/CVE-2015-4105.html
   https://www.suse.com/security/cve/CVE-2015-4106.html
   https://www.suse.com/security/cve/CVE-2015-4164.html
   https://bugzilla.suse.com/931625
   https://bugzilla.suse.com/931626
   https://bugzilla.suse.com/931627
   https://bugzilla.suse.com/931628
   https://bugzilla.suse.com/932770
   https://bugzilla.suse.com/932996
   https://download.suse.com/patch/finder/?keywords=5db78436698154117f5060fbcf442cac



More information about the sle-updates mailing list