openSUSE Security Update: Security update for xen
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2017:0007-1
Rating:             important
References:         #1000106 #1002496 #1003030 #1003032 #1003870 
                    #1004016 #1005004 #1005005 #1007157 #1007160 
                    #1009100 #1009103 #1009104 #1009107 #1009108 
                    #1009109 #1009111 #1011652 #1012651 #1013657 
                    #1013668 #1014298 #1016340 
Cross-References:   CVE-2016-10013 CVE-2016-10024 CVE-2016-7777
                    CVE-2016-7908 CVE-2016-7909 CVE-2016-7995
                    CVE-2016-8576 CVE-2016-8667 CVE-2016-8669
                    CVE-2016-8909 CVE-2016-8910 CVE-2016-9101
                    CVE-2016-9377 CVE-2016-9378 CVE-2016-9379
                    CVE-2016-9380 CVE-2016-9381 CVE-2016-9382
                    CVE-2016-9383 CVE-2016-9385 CVE-2016-9386
                    CVE-2016-9637 CVE-2016-9776 CVE-2016-9932
                   
Affected Products:
                    openSUSE Leap 42.1
______________________________________________________________________________

   An update that fixes 24 vulnerabilities is now available.

Description:


   This updates xen to version 4.5.5 to fix the following issues:

   - An unprivileged user in a guest could gain guest could escalate
     privilege to that of the guest kernel, if it had could invoke the
     instruction emulator. Only 64-bit x86 HVM guest were affected. Linux
     guest have not been vulnerable. (boo#1016340, CVE-2016-10013)
   - An unprivileged user in a 64 bit x86 guest could gain information from
     the host, crash the host or gain privilege of the host (boo#1009107,
     CVE-2016-9383)
   - An unprivileged guest process could (unintentionally or maliciously)
     obtain
     or ocorrupt sensitive information of other programs in the same guest.
      Only x86 HVM guests have been affected. The attacker needs to be able
      to trigger the Xen instruction emulator. (boo#1000106, CVE-2016-7777)
   - A guest on x86 systems could read small parts of hypervisor stack data
     (boo#1012651, CVE-2016-9932)
   - A malicious guest kernel could hang or crash the host system
     (boo#1014298, CVE-2016-10024)
   - The epro100 emulated network device caused a memory leak in the host
     when unplugged in the guest. A privileged user in the guest could use
     this to cause a DoS on the host or potentially crash the guest process
     on the host (boo#1013668, CVE-2016-9101)
   - The ColdFire Fast Ethernet Controller was vulnerable to an infinite loop
     that could be trigged by a privileged user in the guest, leading to DoS
     (boo#1013657, CVE-2016-9776)
   - A malicious guest administrator could escalate their privilege to that
     of the host. Only affects x86 HVM guests using qemu older version 1.6.0
     or using the qemu-xen-traditional. (boo#1011652, CVE-2016-9637)
   - An unprivileged guest user could escalate privilege to that of the guest
     administrator on x86 HVM guests, especially on Intel CPUs (boo#1009100,
     CVE-2016-9386)
   - An unprivileged guest user could escalate privilege to that of the guest
     administrator (on AMD CPUs) or crash the system (on Intel CPUs) on
     32-bit x86 HVM guests. Only guest operating systems that allowed a new
     task to start in VM86 mode were affected. (boo#1009103, CVE-2016-9382)
   - A malicious guest administrator could crash the host on x86 PV guests
     only (boo#1009104, CVE-2016-9385)
   - An unprivileged guest user was able to crash the guest. (boo#1009108,
     CVE-2016-9377, CVE-2016-9378)
   - A malicious guest administrator could get privilege of the host emulator
     process on x86 HVM guests. (boo#1009109, CVE-2016-9381)
   - A vulnerability in pygrub allowed a malicious guest administrator to
     obtain the contents of sensitive host files, or even delete those files
     (boo#1009111, CVE-2016-9379, CVE-2016-9380)
   - A privileged guest user could cause an infinite loop in the RTL8139
     ethernet emulation to consume CPU cycles on the host, causing a DoS
     situation (boo#1007157, CVE-2016-8910)
   - A privileged guest user could cause an infinite loop in the intel-hda
     sound emulation to consume CPU cycles on the host, causing a DoS
     situation (boo#1007160, CVE-2016-8909)
   - A privileged guest user could cause a crash of the emulator process on
     the host by exploiting a divide by zero vulnerability of the JAZZ RC4030
     chipset emulation (boo#1005004 CVE-2016-8667)
   - A privileged guest user could cause a crash of the emulator process on
     the host by exploiting a divide by zero issue of the 16550A UART
     emulation (boo#1005005, CVE-2016-8669)
   - A privileged guest user could cause a memory leak in the USB EHCI
     emulation, causing a DoS situation on the host (boo#1003870,
     CVE-2016-7995)
   - A privileged guest user could cause an infinite loop in the USB xHCI
     emulation, causing a DoS situation on the host (boo#1004016,
     CVE-2016-8576)
   - A privileged guest user could cause an infinite loop in the ColdFire
     Fash Ethernet Controller emulation, causing a DoS situation on the host
     (boo#1003030, CVE-2016-7908)
   - A privileged guest user could cause an infinite loop in the AMD PC-Net
     II emulation, causing a DoS situation on the host (boo#1003032,
     CVE-2016-7909)
   - Cause a reload of clvm in the block-dmmd script to avoid a blocking
     lvchange call (boo#1002496)


Patch Instructions:

   To install this openSUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - openSUSE Leap 42.1:

      zypper in -t patch openSUSE-2017-4=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - openSUSE Leap 42.1 (i586 x86_64):

      xen-debugsource-4.5.5_06-18.1
      xen-devel-4.5.5_06-18.1
      xen-libs-4.5.5_06-18.1
      xen-libs-debuginfo-4.5.5_06-18.1
      xen-tools-domU-4.5.5_06-18.1
      xen-tools-domU-debuginfo-4.5.5_06-18.1

   - openSUSE Leap 42.1 (x86_64):

      xen-4.5.5_06-18.1
      xen-doc-html-4.5.5_06-18.1
      xen-kmp-default-4.5.5_06_k4.1.36_41-18.1
      xen-kmp-default-debuginfo-4.5.5_06_k4.1.36_41-18.1
      xen-libs-32bit-4.5.5_06-18.1
      xen-libs-debuginfo-32bit-4.5.5_06-18.1
      xen-tools-4.5.5_06-18.1
      xen-tools-debuginfo-4.5.5_06-18.1


References:

   https://www.suse.com/security/cve/CVE-2016-10013.html
   https://www.suse.com/security/cve/CVE-2016-10024.html
   https://www.suse.com/security/cve/CVE-2016-7777.html
   https://www.suse.com/security/cve/CVE-2016-7908.html
   https://www.suse.com/security/cve/CVE-2016-7909.html
   https://www.suse.com/security/cve/CVE-2016-7995.html
   https://www.suse.com/security/cve/CVE-2016-8576.html
   https://www.suse.com/security/cve/CVE-2016-8667.html
   https://www.suse.com/security/cve/CVE-2016-8669.html
   https://www.suse.com/security/cve/CVE-2016-8909.html
   https://www.suse.com/security/cve/CVE-2016-8910.html
   https://www.suse.com/security/cve/CVE-2016-9101.html
   https://www.suse.com/security/cve/CVE-2016-9377.html
   https://www.suse.com/security/cve/CVE-2016-9378.html
   https://www.suse.com/security/cve/CVE-2016-9379.html
   https://www.suse.com/security/cve/CVE-2016-9380.html
   https://www.suse.com/security/cve/CVE-2016-9381.html
   https://www.suse.com/security/cve/CVE-2016-9382.html
   https://www.suse.com/security/cve/CVE-2016-9383.html
   https://www.suse.com/security/cve/CVE-2016-9385.html
   https://www.suse.com/security/cve/CVE-2016-9386.html
   https://www.suse.com/security/cve/CVE-2016-9637.html
   https://www.suse.com/security/cve/CVE-2016-9776.html
   https://www.suse.com/security/cve/CVE-2016-9932.html
   https://bugzilla.suse.com/1000106
   https://bugzilla.suse.com/1002496
   https://bugzilla.suse.com/1003030
   https://bugzilla.suse.com/1003032
   https://bugzilla.suse.com/1003870
   https://bugzilla.suse.com/1004016
   https://bugzilla.suse.com/1005004
   https://bugzilla.suse.com/1005005
   https://bugzilla.suse.com/1007157
   https://bugzilla.suse.com/1007160
   https://bugzilla.suse.com/1009100
   https://bugzilla.suse.com/1009103
   https://bugzilla.suse.com/1009104
   https://bugzilla.suse.com/1009107
   https://bugzilla.suse.com/1009108
   https://bugzilla.suse.com/1009109
   https://bugzilla.suse.com/1009111
   https://bugzilla.suse.com/1011652
   https://bugzilla.suse.com/1012651
   https://bugzilla.suse.com/1013657
   https://bugzilla.suse.com/1013668
   https://bugzilla.suse.com/1014298
   https://bugzilla.suse.com/1016340

--

openSUSE: 2017:0007-1: important: xen

January 2, 2017
An update that fixes 24 vulnerabilities is now available.

Description

This updates xen to version 4.5.5 to fix the following issues: - An unprivileged user in a guest could gain guest could escalate privilege to that of the guest kernel, if it had could invoke the instruction emulator. Only 64-bit x86 HVM guest were affected. Linux guest have not been vulnerable. (boo#1016340, CVE-2016-10013) - An unprivileged user in a 64 bit x86 guest could gain information from the host, crash the host or gain privilege of the host (boo#1009107, CVE-2016-9383) - An unprivileged guest process could (unintentionally or maliciously) obtain or ocorrupt sensitive information of other programs in the same guest. Only x86 HVM guests have been affected. The attacker needs to be able to trigger the Xen instruction emulator. (boo#1000106, CVE-2016-7777) - A guest on x86 systems could read small parts of hypervisor stack data (boo#1012651, CVE-2016-9932) - A malicious guest kernel could hang or crash the host system (boo#1014298, CVE-2016-10024) - The epro100 emulated network device caused a memory leak in the host when unplugged in the guest. A privileged user in the guest could use this to cause a DoS on the host or potentially crash the guest process on the host (boo#1013668, CVE-2016-9101) - The ColdFire Fast Ethernet Controller was vulnerable to an infinite loop that could be trigged by a privileged user in the guest, leading to DoS (boo#1013657, CVE-2016-9776) - A malicious guest administrator could escalate their privilege to that of the host. Only affects x86 HVM guests using qemu older version 1.6.0 or using the qemu-xen-traditional. (boo#1011652, CVE-2016-9637) - An unprivileged guest user could escalate privilege to that of the guest administrator on x86 HVM guests, especially on Intel CPUs (boo#1009100, CVE-2016-9386) - An unprivileged guest user could escalate privilege to that of the guest administrator (on AMD CPUs) or crash the system (on Intel CPUs) on 32-bit x86 HVM guests. Only guest operating systems that allowed a new task to start in VM86 mode were affected. (boo#1009103, CVE-2016-9382) - A malicious guest administrator could crash the host on x86 PV guests only (boo#1009104, CVE-2016-9385) - An unprivileged guest user was able to crash the guest. (boo#1009108, CVE-2016-9377, CVE-2016-9378) - A malicious guest administrator could get privilege of the host emulator process on x86 HVM guests. (boo#1009109, CVE-2016-9381) - A vulnerability in pygrub allowed a malicious guest administrator to obtain the contents of sensitive host files, or even delete those files (boo#1009111, CVE-2016-9379, CVE-2016-9380) - A privileged guest user could cause an infinite loop in the RTL8139 ethernet emulation to consume CPU cycles on the host, causing a DoS situation (boo#1007157, CVE-2016-8910) - A privileged guest user could cause an infinite loop in the intel-hda sound emulation to consume CPU cycles on the host, causing a DoS situation (boo#1007160, CVE-2016-8909) - A privileged guest user could cause a crash of the emulator process on the host by exploiting a divide by zero vulnerability of the JAZZ RC4030 chipset emulation (boo#1005004 CVE-2016-8667) - A privileged guest user could cause a crash of the emulator process on the host by exploiting a divide by zero issue of the 16550A UART emulation (boo#1005005, CVE-2016-8669) - A privileged guest user could cause a memory leak in the USB EHCI emulation, causing a DoS situation on the host (boo#1003870, CVE-2016-7995) - A privileged guest user could cause an infinite loop in the USB xHCI emulation, causing a DoS situation on the host (boo#1004016, CVE-2016-8576) - A privileged guest user could cause an infinite loop in the ColdFire Fash Ethernet Controller emulation, causing a DoS situation on the host (boo#1003030, CVE-2016-7908) - A privileged guest user could cause an infinite loop in the AMD PC-Net II emulation, causing a DoS situation on the host (boo#1003032, CVE-2016-7909) - Cause a reload of clvm in the block-dmmd script to avoid a blocking lvchange call (boo#1002496)

 

Patch

Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.1: zypper in -t patch openSUSE-2017-4=1 To bring your system up-to-date, use "zypper patch".


Package List

- openSUSE Leap 42.1 (i586 x86_64): xen-debugsource-4.5.5_06-18.1 xen-devel-4.5.5_06-18.1 xen-libs-4.5.5_06-18.1 xen-libs-debuginfo-4.5.5_06-18.1 xen-tools-domU-4.5.5_06-18.1 xen-tools-domU-debuginfo-4.5.5_06-18.1 - openSUSE Leap 42.1 (x86_64): xen-4.5.5_06-18.1 xen-doc-html-4.5.5_06-18.1 xen-kmp-default-4.5.5_06_k4.1.36_41-18.1 xen-kmp-default-debuginfo-4.5.5_06_k4.1.36_41-18.1 xen-libs-32bit-4.5.5_06-18.1 xen-libs-debuginfo-32bit-4.5.5_06-18.1 xen-tools-4.5.5_06-18.1 xen-tools-debuginfo-4.5.5_06-18.1


References

https://www.suse.com/security/cve/CVE-2016-10013.html https://www.suse.com/security/cve/CVE-2016-10024.html https://www.suse.com/security/cve/CVE-2016-7777.html https://www.suse.com/security/cve/CVE-2016-7908.html https://www.suse.com/security/cve/CVE-2016-7909.html https://www.suse.com/security/cve/CVE-2016-7995.html https://www.suse.com/security/cve/CVE-2016-8576.html https://www.suse.com/security/cve/CVE-2016-8667.html https://www.suse.com/security/cve/CVE-2016-8669.html https://www.suse.com/security/cve/CVE-2016-8909.html https://www.suse.com/security/cve/CVE-2016-8910.html https://www.suse.com/security/cve/CVE-2016-9101.html https://www.suse.com/security/cve/CVE-2016-9377.html https://www.suse.com/security/cve/CVE-2016-9378.html https://www.suse.com/security/cve/CVE-2016-9379.html https://www.suse.com/security/cve/CVE-2016-9380.html https://www.suse.com/security/cve/CVE-2016-9381.html https://www.suse.com/security/cve/CVE-2016-9382.html https://www.suse.com/security/cve/CVE-2016-9383.html https://www.suse.com/security/cve/CVE-2016-9385.html https://www.suse.com/security/cve/CVE-2016-9386.html https://www.suse.com/security/cve/CVE-2016-9637.html https://www.suse.com/security/cve/CVE-2016-9776.html https://www.suse.com/security/cve/CVE-2016-9932.html https://bugzilla.suse.com/1000106 https://bugzilla.suse.com/1002496 https://bugzilla.suse.com/1003030 https://bugzilla.suse.com/1003032 https://bugzilla.suse.com/1003870 https://bugzilla.suse.com/1004016 https://bugzilla.suse.com/1005004 https://bugzilla.suse.com/1005005 https://bugzilla.suse.com/1007157 https://bugzilla.suse.com/1007160 https://bugzilla.suse.com/1009100 https://bugzilla.suse.com/1009103 https://bugzilla.suse.com/1009104 https://bugzilla.suse.com/1009107 https://bugzilla.suse.com/1009108 https://bugzilla.suse.com/1009109 https://bugzilla.suse.com/1009111 https://bugzilla.suse.com/1011652 https://bugzilla.suse.com/1012651 https://bugzilla.suse.com/1013657 https://bugzilla.suse.com/1013668 https://bugzilla.suse.com/1014298 https://bugzilla.suse.com/1016340--


Severity
Announcement ID: openSUSE-SU-2017:0007-1
Rating: important
Affected Products: openSUSE Leap 42.1

Related News

11.Locks IsometricPattern Esm H320
2 - 3 min read
The Kinsing hacker group, or H2Miner, has been orchestrating illicit cryptocurrency mining campaigns since 2019 and poses a persistent security
32.Lock Code Circular Esm H320
2 - 3 min read
The Kimsuky APT group, reportedly linked to North Korea's Reconnaissance General Bureau (RGB), has been identified deploying a Linux version of its
4.Lock AbstractDigital Esm H320
2 - 3 min read
Recent research sheds light on the security vulnerabilities prevalent in Linux vendor kernels due to flawed engineering processes that backport
28.Lock Globe Esm H320
1 - 2 min read
The intersection of Linux and quantum computing has become increasingly apparent, emphasizing the importance of Linux-based operating systems in
6.EmailConnection Touch Esm H320
2 - 3 min read
Recent security updates for Ubuntu and Debian have been released to address vulnerabilities in Thunderbird, the popular open-source mail and
30.Lock Globe Motherboard Esm H320
1 - 2 min read
As cybersecurity practitioners, we are no strangers to the constant threat of malicious actors and the importance of remaining vigilant to protect
22.Lock ScreenEffect Esm H320
1 - 2 min read
EndeavorOS Gemini is a captivating and charming desktop operating system based on Arch Linux. The new release includes a kernel upgrade, 3D graphics
25.@Sign Hook Keyboard Esm H320
1 min read
Cyber risk is increasing for individuals and organizations, making flexible and robust solutions for identifying spam and malware increasingly

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved