openSUSE Security Update: Security update for xen
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2016:0123-1
Rating:             important
References:         #954018 #956408 #956409 #956411 #956592 #956832 
                    #957988 #958007 #958009 #958493 #958523 #958918 
                    #959006 #959387 
Cross-References:   CVE-2015-5307 CVE-2015-7504 CVE-2015-7549
                    CVE-2015-8339 CVE-2015-8340 CVE-2015-8341
                    CVE-2015-8345 CVE-2015-8504 CVE-2015-8550
                    CVE-2015-8554 CVE-2015-8555 CVE-2015-8558
                    CVE-2015-8567 CVE-2015-8568
Affected Products:
                    openSUSE 13.2
______________________________________________________________________________

   An update that fixes 14 vulnerabilities is now available.

Description:


   This update for xen fixes the following security issues:

   - CVE-2015-8568 CVE-2015-8567: xen: qemu: net: vmxnet3: host memory
     leakage (boo#959387)
   - CVE-2015-8550: xen: paravirtualized drivers incautious about shared
     memory contents (XSA-155, boo#957988)
   - CVE-2015-8558: xen: qemu: usb: infinite loop in ehci_advance_state
     results in DoS (boo#959006)
   - CVE-2015-7549: xen: qemu pci: null pointer dereference issue (boo#958918)
   - CVE-2015-8504: xen: qemu: ui: vnc: avoid floating point exception
     (boo#958493)
   - CVE-2015-8554: xen: qemu-dm buffer overrun in MSI-X handling (XSA-164,
     boo#958007)
   - CVE-2015-8555: xen: information leak in legacy x86 FPU/XMM
     initialization (XSA-165, boo#958009)
   - boo#958523: xen: ioreq handling possibly susceptible to multiple read
     issue (XSA-166)
   - CVE-2015-5307: xen: x86: CPU lockup during fault delivery (XSA-156,
     boo#954018)
   - CVE-2015-8345: xen: qemu: net: eepro100: infinite loop in processing
     command block list (boo#956832)
   - boo#956592: xen: virtual PMU is unsupported (XSA-163)
   - CVE-2015-8339, CVE-2015-8340: xen: XENMEM_exchange error handling issues
     (XSA-159, boo#956408)
   - CVE-2015-8341: xen: libxl leak of pv kernel and initrd on error
     (XSA-160, boo#956409)
   - CVE-2015-7504: xen: heap buffer overflow vulnerability in pcnet emulator
     (XSA-162, boo#956411)


Patch Instructions:

   To install this openSUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - openSUSE 13.2:

      zypper in -t patch openSUSE-2016-35=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - openSUSE 13.2 (i586 x86_64):

      xen-debugsource-4.4.3_08-36.1
      xen-devel-4.4.3_08-36.1
      xen-libs-4.4.3_08-36.1
      xen-libs-debuginfo-4.4.3_08-36.1
      xen-tools-domU-4.4.3_08-36.1
      xen-tools-domU-debuginfo-4.4.3_08-36.1

   - openSUSE 13.2 (x86_64):

      xen-4.4.3_08-36.1
      xen-doc-html-4.4.3_08-36.1
      xen-kmp-default-4.4.3_08_k3.16.7_29-36.1
      xen-kmp-default-debuginfo-4.4.3_08_k3.16.7_29-36.1
      xen-kmp-desktop-4.4.3_08_k3.16.7_29-36.1
      xen-kmp-desktop-debuginfo-4.4.3_08_k3.16.7_29-36.1
      xen-libs-32bit-4.4.3_08-36.1
      xen-libs-debuginfo-32bit-4.4.3_08-36.1
      xen-tools-4.4.3_08-36.1
      xen-tools-debuginfo-4.4.3_08-36.1


References:

   https://www.suse.com/security/cve/CVE-2015-5307.html
   https://www.suse.com/security/cve/CVE-2015-7504.html
   https://www.suse.com/security/cve/CVE-2015-7549.html
   https://www.suse.com/security/cve/CVE-2015-8339.html
   https://www.suse.com/security/cve/CVE-2015-8340.html
   https://www.suse.com/security/cve/CVE-2015-8341.html
   https://www.suse.com/security/cve/CVE-2015-8345.html
   https://www.suse.com/security/cve/CVE-2015-8504.html
   https://www.suse.com/security/cve/CVE-2015-8550.html
   https://www.suse.com/security/cve/CVE-2015-8554.html
   https://www.suse.com/security/cve/CVE-2015-8555.html
   https://www.suse.com/security/cve/CVE-2015-8558.html
   https://www.suse.com/security/cve/CVE-2015-8567.html
   https://www.suse.com/security/cve/CVE-2015-8568.html
   https://bugzilla.suse.com/954018
   https://bugzilla.suse.com/956408
   https://bugzilla.suse.com/956409
   https://bugzilla.suse.com/956411
   https://bugzilla.suse.com/956592
   https://bugzilla.suse.com/956832
   https://bugzilla.suse.com/957988
   https://bugzilla.suse.com/958007
   https://bugzilla.suse.com/958009
   https://bugzilla.suse.com/958493
   https://bugzilla.suse.com/958523
   https://bugzilla.suse.com/958918
   https://bugzilla.suse.com/959006
   https://bugzilla.suse.com/959387

openSUSE: 2016:0123-1: important: xen

January 14, 2016
An update that fixes 14 vulnerabilities is now available

Description

This update for xen fixes the following security issues: - CVE-2015-8568 CVE-2015-8567: xen: qemu: net: vmxnet3: host memory leakage (boo#959387) - CVE-2015-8550: xen: paravirtualized drivers incautious about shared memory contents (XSA-155, boo#957988) - CVE-2015-8558: xen: qemu: usb: infinite loop in ehci_advance_state results in DoS (boo#959006) - CVE-2015-7549: xen: qemu pci: null pointer dereference issue (boo#958918) - CVE-2015-8504: xen: qemu: ui: vnc: avoid floating point exception (boo#958493) - CVE-2015-8554: xen: qemu-dm buffer overrun in MSI-X handling (XSA-164, boo#958007) - CVE-2015-8555: xen: information leak in legacy x86 FPU/XMM initialization (XSA-165, boo#958009) - boo#958523: xen: ioreq handling possibly susceptible to multiple read issue (XSA-166) - CVE-2015-5307: xen: x86: CPU lockup during fault delivery (XSA-156, boo#954018) - CVE-2015-8345: xen: qemu: net: eepro100: infinite loop in processing command block list (boo#956832) - boo#956592: xen: virtual PMU is unsupported (XSA-163) - CVE-2015-8339, CVE-2015-8340: xen: XENMEM_exchange error handling issues (XSA-159, boo#956408) - CVE-2015-8341: xen: libxl leak of pv kernel and initrd on error (XSA-160, boo#956409) - CVE-2015-7504: xen: heap buffer overflow vulnerability in pcnet emulator (XSA-162, boo#956411)

 

Patch

Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.2: zypper in -t patch openSUSE-2016-35=1 To bring your system up-to-date, use "zypper patch".


Package List

- openSUSE 13.2 (i586 x86_64): xen-debugsource-4.4.3_08-36.1 xen-devel-4.4.3_08-36.1 xen-libs-4.4.3_08-36.1 xen-libs-debuginfo-4.4.3_08-36.1 xen-tools-domU-4.4.3_08-36.1 xen-tools-domU-debuginfo-4.4.3_08-36.1 - openSUSE 13.2 (x86_64): xen-4.4.3_08-36.1 xen-doc-html-4.4.3_08-36.1 xen-kmp-default-4.4.3_08_k3.16.7_29-36.1 xen-kmp-default-debuginfo-4.4.3_08_k3.16.7_29-36.1 xen-kmp-desktop-4.4.3_08_k3.16.7_29-36.1 xen-kmp-desktop-debuginfo-4.4.3_08_k3.16.7_29-36.1 xen-libs-32bit-4.4.3_08-36.1 xen-libs-debuginfo-32bit-4.4.3_08-36.1 xen-tools-4.4.3_08-36.1 xen-tools-debuginfo-4.4.3_08-36.1


References

https://www.suse.com/security/cve/CVE-2015-5307.html https://www.suse.com/security/cve/CVE-2015-7504.html https://www.suse.com/security/cve/CVE-2015-7549.html https://www.suse.com/security/cve/CVE-2015-8339.html https://www.suse.com/security/cve/CVE-2015-8340.html https://www.suse.com/security/cve/CVE-2015-8341.html https://www.suse.com/security/cve/CVE-2015-8345.html https://www.suse.com/security/cve/CVE-2015-8504.html https://www.suse.com/security/cve/CVE-2015-8550.html https://www.suse.com/security/cve/CVE-2015-8554.html https://www.suse.com/security/cve/CVE-2015-8555.html https://www.suse.com/security/cve/CVE-2015-8558.html https://www.suse.com/security/cve/CVE-2015-8567.html https://www.suse.com/security/cve/CVE-2015-8568.html https://bugzilla.suse.com/954018 https://bugzilla.suse.com/956408 https://bugzilla.suse.com/956409 https://bugzilla.suse.com/956411 https://bugzilla.suse.com/956592 https://bugzilla.suse.com/956832 https://bugzilla.suse.com/957988 https://bugzilla.suse.com/958007 https://bugzilla.suse.com/958009 https://bugzilla.suse.com/958493 https://bugzilla.suse.com/958523 https://bugzilla.suse.com/958918 https://bugzilla.suse.com/959006 https://bugzilla.suse.com/959387


Severity
Announcement ID: openSUSE-SU-2016:0123-1
Rating: important
Affected Products: openSUSE 13.2 .

Related News

Defending Against Remote Code Execution in Google Chrome: A Critical Update
2 - 3 min read
Google Chrome, a widely used web browser, serves millions of internet users by connecting them to the online world. Unfortunately, severe
Navigating the Linux Kernel
2 - 4 min read
The Linux operating system, widely acclaimed for its robustness and security , recently received widespread media attention due to a significant
Staying a Step Ahead of Adversaries: Mitigating Chromium
2 - 4 min read
Google Chrome, one of the world's most widely used web browsers, has recently been scrutinized due to the discovery of multiple Chromium
Unmasking Cicada3301: Examining the Threat of the New Rust-Based Ransomware
2 - 4 min read
Ransomware has long been a severe threat to organizations and admins alike. Recently, cybersecurity researchers discovered a new variant called
Buffer Overflow Exploits in Linux: Origins, Impact, and Countermeasures
3 - 6 min read
Buffer overflow vulnerabilities have long been one of the biggest headaches in computer security, especially on Linux operating systems that power
8 Expert-Recommended Security Practices to Fortify Your Linux Systems
4 - 8 min read
As a Linux admin or an infosec professional, you understand how the security landscape changes due to evolving threats, newly discovered
Open Source Strategies for Enhancing Security in Digital Business Operations
5 - 9 min read
Digital transformation, powered by the principles of open-source security , is vital for businesses looking to excel in today's technology-driven
Microsoft Update Mayhem: Rescuing Linux Dual-Boot Systems from Secure Boot Woes
2 - 4 min read
Microsoft's recent patch, intended to strengthen Secure Boot defenses, has resulted in an unexpected setback for Linux-Windows dual-boot setups

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved