SUSE Security Update: Security update for xen
______________________________________________________________________________

Announcement ID:    SUSE-SU-2016:1154-1
Rating:             important
References:         #864391 #864655 #864769 #864805 #864811 #877642 
                    #897654 #901508 #902737 #945989 #957162 #957988 
                    #958007 #958009 #958491 #958523 #959005 #960707 
                    #960725 #960861 #960862 #961691 #963782 #965315 
                    #965317 #967013 #967630 #969350 
Cross-References:   CVE-2013-4533 CVE-2013-4534 CVE-2013-4537
                    CVE-2013-4538 CVE-2013-4539 CVE-2014-0222
                    CVE-2014-3640 CVE-2014-3689 CVE-2014-7815
                    CVE-2015-5278 CVE-2015-7512 CVE-2015-8504
                    CVE-2015-8550 CVE-2015-8554 CVE-2015-8555
                    CVE-2015-8558 CVE-2015-8743 CVE-2015-8745
                    CVE-2016-1570 CVE-2016-1571 CVE-2016-1714
                    CVE-2016-1981 CVE-2016-2270 CVE-2016-2271
                    CVE-2016-2391 CVE-2016-2841
Affected Products:
                    SUSE Linux Enterprise Server 11-SP2-LTSS
______________________________________________________________________________

   An update that solves 26 vulnerabilities and has two fixes
   is now available.

Description:

   xen was updated to fix 27 security issues.

   These security issues were fixed:
   - CVE-2013-4533: Buffer overflow in the pxa2xx_ssp_load function in
     hw/arm/pxa2xx.c allowed remote attackers to cause a denial of service or
     possibly execute arbitrary code via a crafted s->rx_level value in a
     savevm image (bsc#864655).
   - CVE-2013-4534: Buffer overflow in hw/intc/openpic.c allowed remote
     attackers to cause a denial of service or possibly execute arbitrary
     code via vectors related to IRQDest elements (bsc#864811).
   - CVE-2013-4537: The ssi_sd_transfer function in hw/sd/ssi-sd.c allowed
     remote attackers to execute arbitrary code via a crafted arglen value in
     a savevm image (bsc#864391).
   - CVE-2013-4538: Multiple buffer overflows in the ssd0323_load function in
     hw/display/ssd0323.c allowed remote attackers to cause a denial of
     service (memory corruption) or possibly execute arbitrary code via
     crafted (1) cmd_len, (2) row, or (3) col values; (4) row_start and
     row_end values; or (5) col_star and col_end values in a savevm image
     (bsc#864769).
   - CVE-2013-4539: Multiple buffer overflows in the tsc210x_load function in
     hw/input/tsc210x.c might have allowed remote attackers to execute
     arbitrary code via a crafted (1) precision, (2) nextprecision, (3)
     function, or (4) nextfunction value in a savevm image (bsc#864805).
   - CVE-2014-0222: Integer overflow in the qcow_open function in
     block/qcow.c allowed remote attackers to cause a denial of service
     (crash) via a large L2 table in a QCOW version 1 image (bsc#877642).
   - CVE-2014-3640: The sosendto function in slirp/udp.c allowed local users     to cause a denial of service (NULL pointer dereference) by sending a udp
     packet with a value of 0 in the source port and address, which triggers     access of an uninitialized socket (bsc#897654).
   - CVE-2014-3689: The vmware-vga driver (hw/display/vmware_vga.c) allowed
     local guest users to write to qemu memory locations and gain privileges
     via unspecified parameters related to rectangle handling (bsc#901508).
   - CVE-2014-7815: The set_pixel_format function in ui/vnc.c allowed remote
     attackers to cause a denial of service (crash) via a small
     bytes_per_pixel value (bsc#902737).
   - CVE-2015-5278: Infinite loop in ne2000_receive() function (bsc#945989).
   - CVE-2015-7512: Buffer overflow in the pcnet_receive function in
     hw/net/pcnet.c, when a guest NIC has a larger MTU, allowed remote
     attackers to cause a denial of service (guest OS crash) or execute
     arbitrary code via a large packet (bsc#957162).
   - CVE-2015-8504: VNC: floating point exception (bsc#958491).
   - CVE-2015-8550: Paravirtualized drivers were incautious about shared
     memory contents (XSA-155) (bsc#957988).
   - CVE-2015-8554: qemu-dm buffer overrun in MSI-X handling (XSA-164)
     (bsc#958007).
   - CVE-2015-8555: Information leak in legacy x86 FPU/XMM initialization
     (XSA-165) (bsc#958009).
   - CVE-2015-8558: Infinite loop in ehci_advance_state resulted in DoS
     (bsc#959005).
   - CVE-2015-8743: ne2000: OOB memory access in ioport r/w functions
     (bsc#960725).
   - CVE-2015-8745: Reading IMR registers lead to a crash via assert(2) call
     (bsc#960707).
   - CVE-2016-1570: The PV superpage functionality in arch/x86/mm.c allowed
     local PV guests to obtain sensitive information, cause a denial of
     service, gain privileges, or have unspecified other impact via a crafted
     page identifier (MFN) to the (1) MMUEXT_MARK_SUPER or (2)
     MMUEXT_UNMARK_SUPER sub-op in the HYPERVISOR_mmuext_op hypercall or (3)
     unknown vectors related to page table updates (bsc#960861).
   - CVE-2016-1571: VMX: intercept issue with INVLPG on non-canonical address
     (XSA-168) (bsc#960862).
   - CVE-2016-1714: nvram: OOB r/w access in processing firmware
     configurations (bsc#961691).
   - CVE-2016-1981: e1000 infinite loop in start_xmit and e1000_receive_iov
     routines (bsc#963782).
   - CVE-2016-2270: Xen allowed local guest administrators to cause a denial
     of service (host reboot) via vectors related to multiple mappings of
     MMIO pages with different cachability settings (bsc#965315).
   - CVE-2016-2271: VMX when using an Intel or Cyrix CPU, allowed local HVM
     guest users to cause a denial of service (guest crash) via vectors     related to a non-canonical RIP (bsc#965317).
   - CVE-2016-2391: usb: multiple eof_timers in ohci module lead to NULL
     pointer dereference (bsc#967013).
   - CVE-2016-2841: ne2000: Infinite loop in ne2000_receive (bsc#969350).
   - XSA-166: ioreq handling possibly susceptible to multiple read issue
     (bsc#958523).

   This non-security issue was fixed:
   - bsc#967630: Discrepancy in reported memory size with correction XSA-153
     for xend


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server 11-SP2-LTSS:

      zypper in -t patch slessp2-xen-12530=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 x86_64):

      xen-devel-4.1.6_08-26.1
      xen-kmp-default-4.1.6_08_3.0.101_0.7.37-26.1
      xen-kmp-trace-4.1.6_08_3.0.101_0.7.37-26.1
      xen-libs-4.1.6_08-26.1
      xen-tools-domU-4.1.6_08-26.1

   - SUSE Linux Enterprise Server 11-SP2-LTSS (x86_64):

      xen-4.1.6_08-26.1
      xen-doc-html-4.1.6_08-26.1
      xen-doc-pdf-4.1.6_08-26.1
      xen-libs-32bit-4.1.6_08-26.1
      xen-tools-4.1.6_08-26.1

   - SUSE Linux Enterprise Server 11-SP2-LTSS (i586):

      xen-kmp-pae-4.1.6_08_3.0.101_0.7.37-26.1


References:

   https://www.suse.com/security/cve/CVE-2013-4533.html
   https://www.suse.com/security/cve/CVE-2013-4534.html
   https://www.suse.com/security/cve/CVE-2013-4537.html
   https://www.suse.com/security/cve/CVE-2013-4538.html
   https://www.suse.com/security/cve/CVE-2013-4539.html
   https://www.suse.com/security/cve/CVE-2014-0222.html
   https://www.suse.com/security/cve/CVE-2014-3640.html
   https://www.suse.com/security/cve/CVE-2014-3689.html
   https://www.suse.com/security/cve/CVE-2014-7815.html
   https://www.suse.com/security/cve/CVE-2015-5278.html
   https://www.suse.com/security/cve/CVE-2015-7512.html
   https://www.suse.com/security/cve/CVE-2015-8504.html
   https://www.suse.com/security/cve/CVE-2015-8550.html
   https://www.suse.com/security/cve/CVE-2015-8554.html
   https://www.suse.com/security/cve/CVE-2015-8555.html
   https://www.suse.com/security/cve/CVE-2015-8558.html
   https://www.suse.com/security/cve/CVE-2015-8743.html
   https://www.suse.com/security/cve/CVE-2015-8745.html
   https://www.suse.com/security/cve/CVE-2016-1570.html
   https://www.suse.com/security/cve/CVE-2016-1571.html
   https://www.suse.com/security/cve/CVE-2016-1714.html
   https://www.suse.com/security/cve/CVE-2016-1981.html
   https://www.suse.com/security/cve/CVE-2016-2270.html
   https://www.suse.com/security/cve/CVE-2016-2271.html
   https://www.suse.com/security/cve/CVE-2016-2391.html
   https://www.suse.com/security/cve/CVE-2016-2841.html
   https://bugzilla.suse.com/864391
   https://bugzilla.suse.com/864655
   https://bugzilla.suse.com/864769
   https://bugzilla.suse.com/864805
   https://bugzilla.suse.com/864811
   https://bugzilla.suse.com/877642
   https://bugzilla.suse.com/897654
   https://bugzilla.suse.com/901508
   https://bugzilla.suse.com/902737
   https://bugzilla.suse.com/945989
   https://bugzilla.suse.com/957162
   https://bugzilla.suse.com/957988
   https://bugzilla.suse.com/958007
   https://bugzilla.suse.com/958009
   https://bugzilla.suse.com/958491
   https://bugzilla.suse.com/958523
   https://bugzilla.suse.com/959005
   https://bugzilla.suse.com/960707
   https://bugzilla.suse.com/960725
   https://bugzilla.suse.com/960861
   https://bugzilla.suse.com/960862
   https://bugzilla.suse.com/961691
   https://bugzilla.suse.com/963782
   https://bugzilla.suse.com/965315
   https://bugzilla.suse.com/965317
   https://bugzilla.suse.com/967013
   https://bugzilla.suse.com/967630
   https://bugzilla.suse.com/969350

SuSE: 2016:1154-1: important: xen

April 26, 2016
An update that solves 26 vulnerabilities and has two fixes An update that solves 26 vulnerabilities and has two fixes An update that solves 26 vulnerabilities and has two fixes is ...

Summary

xen was updated to fix 27 security issues. These security issues were fixed: - CVE-2013-4533: Buffer overflow in the pxa2xx_ssp_load function in hw/arm/pxa2xx.c allowed remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted s->rx_level value in a savevm image (bsc#864655). - CVE-2013-4534: Buffer overflow in hw/intc/openpic.c allowed remote attackers to cause a denial of service or possibly execute arbitrary code via vectors related to IRQDest elements (bsc#864811). - CVE-2013-4537: The ssi_sd_transfer function in hw/sd/ssi-sd.c allowed remote attackers to execute arbitrary code via a crafted arglen value in a savevm image (bsc#864391). - CVE-2013-4538: Multiple buffer overflows in the ssd0323_load function in hw/display/ssd0323.c allowed remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via crafted (1) cmd_len, (2) row, or (3) col values; (4) row_start and row_end values; or (5) col_star and col_end values in a savevm image (bsc#864769). - CVE-2013-4539: Multiple buffer overflows in the tsc210x_load function in hw/input/tsc210x.c might have allowed remote attackers to execute arbitrary code via a crafted (1) precision, (2) nextprecision, (3) function, or (4) nextfunction value in a savevm image (bsc#864805). - CVE-2014-0222: Integer overflow in the qcow_open function in block/qcow.c allowed remote attackers to cause a denial of service (crash) via a large L2 table in a QCOW version 1 image (bsc#877642). - CVE-2014-3640: The sosendto function in slirp/udp.c allowed local users to cause a denial of service (NULL pointer dereference) by sending a udp packet with a value of 0 in the source port and address, which triggers access of an uninitialized socket (bsc#897654). - CVE-2014-3689: The vmware-vga driver (hw/display/vmware_vga.c) allowed local guest users to write to qemu memory locations and gain privileges via unspecified parameters related to rectangle handling (bsc#901508). - CVE-2014-7815: The set_pixel_format function in ui/vnc.c allowed remote attackers to cause a denial of service (crash) via a small bytes_per_pixel value (bsc#902737). - CVE-2015-5278: Infinite loop in ne2000_receive() function (bsc#945989). - CVE-2015-7512: Buffer overflow in the pcnet_receive function in hw/net/pcnet.c, when a guest NIC has a larger MTU, allowed remote attackers to cause a denial of service (guest OS crash) or execute arbitrary code via a large packet (bsc#957162). - CVE-2015-8504: VNC: floating point exception (bsc#958491). - CVE-2015-8550: Paravirtualized drivers were incautious about shared memory contents (XSA-155) (bsc#957988). - CVE-2015-8554: qemu-dm buffer overrun in MSI-X handling (XSA-164) (bsc#958007). - CVE-2015-8555: Information leak in legacy x86 FPU/XMM initialization (XSA-165) (bsc#958009). - CVE-2015-8558: Infinite loop in ehci_advance_state resulted in DoS (bsc#959005). - CVE-2015-8743: ne2000: OOB memory access in ioport r/w functions (bsc#960725). - CVE-2015-8745: Reading IMR registers lead to a crash via assert(2) call (bsc#960707). - CVE-2016-1570: The PV superpage functionality in arch/x86/mm.c allowed local PV guests to obtain sensitive information, cause a denial of service, gain privileges, or have unspecified other impact via a crafted page identifier (MFN) to the (1) MMUEXT_MARK_SUPER or (2) MMUEXT_UNMARK_SUPER sub-op in the HYPERVISOR_mmuext_op hypercall or (3) unknown vectors related to page table updates (bsc#960861). - CVE-2016-1571: VMX: intercept issue with INVLPG on non-canonical address (XSA-168) (bsc#960862). - CVE-2016-1714: nvram: OOB r/w access in processing firmware configurations (bsc#961691). - CVE-2016-1981: e1000 infinite loop in start_xmit and e1000_receive_iov routines (bsc#963782). - CVE-2016-2270: Xen allowed local guest administrators to cause a denial of service (host reboot) via vectors related to multiple mappings of MMIO pages with different cachability settings (bsc#965315). - CVE-2016-2271: VMX when using an Intel or Cyrix CPU, allowed local HVM guest users to cause a denial of service (guest crash) via vectors related to a non-canonical RIP (bsc#965317). - CVE-2016-2391: usb: multiple eof_timers in ohci module lead to NULL pointer dereference (bsc#967013). - CVE-2016-2841: ne2000: Infinite loop in ne2000_receive (bsc#969350). - XSA-166: ioreq handling possibly susceptible to multiple read issue (bsc#958523). This non-security issue was fixed: - bsc#967630: Discrepancy in reported memory size with correction XSA-153 for xend Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP2-LTSS: zypper in -t patch slessp2-xen-12530=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 x86_64): xen-devel-4.1.6_08-26.1 xen-kmp-default-4.1.6_08_3.0.101_0.7.37-26.1 xen-kmp-trace-4.1.6_08_3.0.101_0.7.37-26.1 xen-libs-4.1.6_08-26.1 xen-tools-domU-4.1.6_08-26.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (x86_64): xen-4.1.6_08-26.1 xen-doc-html-4.1.6_08-26.1 xen-doc-pdf-4.1.6_08-26.1 xen-libs-32bit-4.1.6_08-26.1 xen-tools-4.1.6_08-26.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (i586): xen-kmp-pae-4.1.6_08_3.0.101_0.7.37-26.1

References

#864391 #864655 #864769 #864805 #864811 #877642

#897654 #901508 #902737 #945989 #957162 #957988

#958007 #958009 #958491 #958523 #959005 #960707

#960725 #960861 #960862 #961691 #963782 #965315

#965317 #967013 #967630 #969350

Cross- CVE-2013-4533 CVE-2013-4534 CVE-2013-4537

CVE-2013-4538 CVE-2013-4539 CVE-2014-0222

CVE-2014-3640 CVE-2014-3689 CVE-2014-7815

CVE-2015-5278 CVE-2015-7512 CVE-2015-8504

CVE-2015-8550 CVE-2015-8554 CVE-2015-8555

CVE-2015-8558 CVE-2015-8743 CVE-2015-8745

CVE-2016-1570 CVE-2016-1571 CVE-2016-1714

CVE-2016-1981 CVE-2016-2270 CVE-2016-2271

CVE-2016-2391 CVE-2016-2841

Affected Products:

SUSE Linux Enterprise Server 11-SP2-LTSS

https://www.suse.com/security/cve/CVE-2013-4533.html

https://www.suse.com/security/cve/CVE-2013-4534.html

https://www.suse.com/security/cve/CVE-2013-4537.html

https://www.suse.com/security/cve/CVE-2013-4538.html

https://www.suse.com/security/cve/CVE-2013-4539.html

https://www.suse.com/security/cve/CVE-2014-0222.html

https://www.suse.com/security/cve/CVE-2014-3640.html

https://www.suse.com/security/cve/CVE-2014-3689.html

https://www.suse.com/security/cve/CVE-2014-7815.html

https://www.suse.com/security/cve/CVE-2015-5278.html

https://www.suse.com/security/cve/CVE-2015-7512.html

https://www.suse.com/security/cve/CVE-2015-8504.html

https://www.suse.com/security/cve/CVE-2015-8550.html

https://www.suse.com/security/cve/CVE-2015-8554.html

https://www.suse.com/security/cve/CVE-2015-8555.html

https://www.suse.com/security/cve/CVE-2015-8558.html

https://www.suse.com/security/cve/CVE-2015-8743.html

https://www.suse.com/security/cve/CVE-2015-8745.html

https://www.suse.com/security/cve/CVE-2016-1570.html

https://www.suse.com/security/cve/CVE-2016-1571.html

https://www.suse.com/security/cve/CVE-2016-1714.html

https://www.suse.com/security/cve/CVE-2016-1981.html

https://www.suse.com/security/cve/CVE-2016-2270.html

https://www.suse.com/security/cve/CVE-2016-2271.html

https://www.suse.com/security/cve/CVE-2016-2391.html

https://www.suse.com/security/cve/CVE-2016-2841.html

https://bugzilla.suse.com/864391

https://bugzilla.suse.com/864655

https://bugzilla.suse.com/864769

https://bugzilla.suse.com/864805

https://bugzilla.suse.com/864811

https://bugzilla.suse.com/877642

https://bugzilla.suse.com/897654

https://bugzilla.suse.com/901508

https://bugzilla.suse.com/902737

https://bugzilla.suse.com/945989

https://bugzilla.suse.com/957162

https://bugzilla.suse.com/957988

https://bugzilla.suse.com/958007

https://bugzilla.suse.com/958009

https://bugzilla.suse.com/958491

https://bugzilla.suse.com/958523

https://bugzilla.suse.com/959005

https://bugzilla.suse.com/960707

https://bugzilla.suse.com/960725

https://bugzilla.suse.com/960861

https://bugzilla.suse.com/960862

https://bugzilla.suse.com/961691

https://bugzilla.suse.com/963782

https://bugzilla.suse.com/965315

https://bugzilla.suse.com/965317

https://bugzilla.suse.com/967013

https://bugzilla.suse.com/967630

https://bugzilla.suse.com/969350

Severity
Announcement ID: SUSE-SU-2016:1154-1
Rating: important

Related News

Google Chrome 129: Addressing Crucial Vulnerabilities and Enhancing Security
2 - 4 min read
Google Chrome remains the crown jewel in the browser market, with an impressive user base of approximately 3.45 billion. However, this immense
Fighting Back Against Hadooken Malware by Strengthening WebLogic Security
2 - 4 min read
Cybercriminals have been relentlessly attacking the digital landscape, aiming to exploit vulnerabilities in well-known systems. One such exploit is
CISA Sounds Alarm on Newly Exploited Vulnerabilities: Is Your System at Risk?
3 - 5 min read
CISA regularly publishes updates regarding vulnerabilities that present severe threats to global cybersecurity. Recently, CISA added three
Defending Against Remote Code Execution in Google Chrome: A Critical Update
2 - 3 min read
Google Chrome, a widely used web browser, serves millions of internet users by connecting them to the online world. Unfortunately, severe
Navigating the Linux Kernel
2 - 4 min read
The Linux operating system, widely acclaimed for its robustness and security , recently received widespread media attention due to a significant
Staying a Step Ahead of Adversaries: Mitigating Chromium
2 - 4 min read
Google Chrome, one of the world's most widely used web browsers, has recently been scrutinized due to the discovery of multiple Chromium
Unmasking Cicada3301: Examining the Threat of the New Rust-Based Ransomware
2 - 4 min read
Ransomware has long been a severe threat to organizations and admins alike. Recently, cybersecurity researchers discovered a new variant called
Buffer Overflow Exploits in Linux: Origins, Impact, and Countermeasures
3 - 6 min read
Buffer overflow vulnerabilities have long been one of the biggest headaches in computer security, especially on Linux operating systems that power

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved