SUSE 11-SP2: 2016:2528-1 Important: Xen Buffer Overflow

suse

October 13, 2016

An update that fixes 16 vulnerabilities is now available

Summary

This update for xen fixes several issues. These security issues were fixed: - CVE-2016-7094: Buffer overflow in Xen allowed local x86 HVM guest OS administrators on guests running with shadow paging to cause a denial of service via a pagetable update (bsc#995792) - CVE-2016-7092: The get_page_from_l3e function in arch/x86/mm.c in Xen allowed local 32-bit PV guest OS administrators to gain host OS privileges via vectors related to L3 recursive pagetables (bsc#995785) - CVE-2016-6258: The PV pagetable code in arch/x86/mm.c in Xen allowed local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries (bsc#988675) - CVE-2016-5338: The (1) esp_reg_read and (2) esp_reg_write functions allowed local guest OS administrators to cause a denial of service (QEMU

Topics Covered

security advisory denial of service buffer overflow local privilege escalation SUSE Linux important update xen

References

#973188 #974038 #975130 #975138 #978164 #978295

#980716 #980724 #981264 #982960 #983984 #988675

#995785 #995792

Cross- CVE-2014-3615 CVE-2014-3672 CVE-2016-3158

CVE-2016-3159 CVE-2016-3710 CVE-2016-3960

CVE-2016-4001 CVE-2016-4002 CVE-2016-4439

CVE-2016-4441 CVE-2016-4480 CVE-2016-5238

CVE-2016-5338 CVE-2016-6258 CVE-2016-7092

CVE-2016-7094

Affected Products:

SUSE Linux Enterprise Server 11-SP2-LTSS

https://www.suse.com/security/cve/CVE-2014-3615.html

https://www.suse.com/security/cve/CVE-2014-3672.html

https://www.suse.com/security/cve/CVE-2016-3158.html

https://www.suse.com/security/cve/CVE-2016-3159.html

https://www.suse.com/security/cve/CVE-2016-3710.html

https://www.suse.com/security/cve/CVE-2016-3960.html

Severity

important

Lowest

Low

Medium

High

Critical

Announcement ID: SUSE-SU-2016:2528-1

Rating: important

Topics Covered

security advisory denial of service buffer overflow local privilege escalation SUSE Linux important update xen

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE 11-SP2: 2016:2528-1 Important: Xen Buffer Overflow

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE 11-SP2: 2016:2528-1 Important: Xen Buffer Overflow

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!