SUSE 12-SP1: 2016:2473-1 Important Security Updates for Xen DDoS Risk

suse

October 7, 2016

An update that solves 10 vulnerabilities and has 11 fixes An update that solves 10 vulnerabilities and has 11 fixes An update that solves 10 vulnerabilities and has 11 fixes is now...

Summary

This update for xen fixes several issues. These security issues were fixed: - CVE-2016-7092: The get_page_from_l3e function in arch/x86/mm.c in Xen allowed local 32-bit PV guest OS administrators to gain host OS privileges via vectors related to L3 recursive pagetables (bsc#995785). - CVE-2016-7093: Xen allowed local HVM guest OS administrators to overwrite hypervisor memory and consequently gain host OS privileges by leveraging mishandling of instruction pointer truncation during emulation (bsc#995789). - CVE-2016-7094: Buffer overflow in Xen allowed local x86 HVM guest OS administrators on guests running with shadow paging to cause a denial of service via a pagetable update (bsc#995792). - CVE-2016-6836: Information leakage in vmxnet3_complete_packet (bsc#994761).

Topics Covered

security advisory denial of service buffer overflow important SUSE information leakage xen

References

#953518 #955104 #959330 #959552 #970135 #971949

#988675 #988676 #990500 #990970 #991934 #992224

#993665 #994421 #994625 #994761 #994772 #994775

#995785 #995789 #995792

Cross- CVE-2016-6258 CVE-2016-6259 CVE-2016-6833

CVE-2016-6834 CVE-2016-6835 CVE-2016-6836

CVE-2016-6888 CVE-2016-7092 CVE-2016-7093

CVE-2016-7094

Affected Products:

SUSE Linux Enterprise Software Development Kit 12-SP1

SUSE Linux Enterprise Server 12-SP1

SUSE Linux Enterprise Desktop 12-SP1

https://www.suse.com/security/cve/CVE-2016-6258.html

https://www.suse.com/security/cve/CVE-2016-6259.html

https://www.suse.com/security/cve/CVE-2016-6833.html

https://www.suse.com/security/cve/CVE-2016-6834.html

https://www.suse.com/security/cve/CVE-2016-6835.html

Severity

important

Lowest

Low

Medium

High

Critical

Announcement ID: SUSE-SU-2016:2473-1

Rating: important

Topics Covered

security advisory denial of service buffer overflow important SUSE information leakage xen

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE 12-SP1: 2016:2473-1 Important Security Updates for Xen DDoS Risk

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE 12-SP1: 2016:2473-1 Important Security Updates for Xen DDoS Risk

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!