SUSE: 2016:2725-1 Important: Xen Buffer Overflow DoS Risk

suse

November 4, 2016

An update that solves 21 vulnerabilities and has four fixes An update that solves 21 vulnerabilities and has four fixes An update that solves 21 vulnerabilities and has four fixes ...

Summary

This update for xen fixes several issues. These security issues were fixed: - CVE-2016-7094: Buffer overflow in Xen allowed local x86 HVM guest OS administrators on guests running with shadow paging to cause a denial of service via a pagetable update (bsc#995792) - CVE-2016-7092: The get_page_from_l3e function in arch/x86/mm.c in Xen allowed local 32-bit PV guest OS administrators to gain host OS privileges via vectors related to L3 recursive pagetables (bsc#995785) - CVE-2016-5403: Unbounded memory allocation allowed a guest administrator to cause a denial of service of the host (bsc#990923) - CVE-2016-6351: The esp_do_dma function in hw/scsi/esp.c, when built with ESP/NCR53C9x controller emulation support, allowed local guest OS administrators to cause a denial of service (out-of-bounds write and

Topics Covered

security advisory denial of service update important fixes SUSE xen

References

#954872 #961600 #963161 #973188 #973631 #974038

#975130 #975138 #976470 #978164 #978295 #978413

#980716 #980724 #981264 #982224 #982225 #982960

#983984 #985503 #988675 #990843 #990923 #995785

#995792

Cross- CVE-2014-3615 CVE-2014-3672 CVE-2016-3158

CVE-2016-3159 CVE-2016-3710 CVE-2016-3712

CVE-2016-3960 CVE-2016-4001 CVE-2016-4002

CVE-2016-4439 CVE-2016-4441 CVE-2016-4453

CVE-2016-4454 CVE-2016-4480 CVE-2016-5238

CVE-2016-5338 CVE-2016-5403 CVE-2016-6258

CVE-2016-6351 CVE-2016-7092 CVE-2016-7094

Affected Products:

SUSE OpenStack Cloud 5

SUSE Manager Proxy 2.1

SUSE Manager 2.1

SUSE Linux Enterprise Server 11-SP3-LTSS

SUSE Linux Enterprise Point of Sale 11-SP3

https://ww...

Read the Full Advisory

Severity

important

Lowest

Low

Medium

High

Critical

Announcement ID: SUSE-SU-2016:2725-1

Rating: important

Topics Covered

security advisory denial of service update important fixes SUSE xen

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2016:2725-1 Important: Xen Buffer Overflow DoS Risk

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2016:2725-1 Important: Xen Buffer Overflow DoS Risk

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!