Описание
Security update for xen
Xen was updated to fix seven security issues and one non-security bug.
The following vulnerabilities were fixed:
- CVE-2015-4103: Potential unintended writes to host MSI message data field via qemu (XSA-128) (bnc#931625)
- CVE-2015-4104: PCI MSI mask bits inadvertently exposed to guests (XSA-129) (bnc#931626)
- CVE-2015-4105: Guest triggerable qemu MSI-X pass-through error messages (XSA-130) (bnc#931627)
- CVE-2015-4106: Unmediated PCI register access in qemu (XSA-131) (bnc#931628)
- CVE-2015-4163: GNTTABOP_swap_grant_ref operation misbehavior (XSA-134) (bnc#932790)
- CVE-2015-3209: heap overflow in qemu pcnet controller allowing guest to host escape (XSA-135) (bnc#932770)
- CVE-2015-4164: DoS through iret hypercall handler (XSA-136) (bnc#932996)
The following non-security bug was fixed:
- bnc#906689: let systemd schedule xencommons after network-online.target and remote-fs.target so that xendomains has access to remote shares
Список пакетов
SUSE Linux Enterprise Desktop 12
SUSE Linux Enterprise Server 12
SUSE Linux Enterprise Server for SAP Applications 12
SUSE Linux Enterprise Software Development Kit 12
Ссылки
- Link for SUSE-SU-2015:1042-1
- E-Mail link for SUSE-SU-2015:1042-1
- SUSE Security Ratings
- SUSE Bug 906689
- SUSE Bug 931625
- SUSE Bug 931626
- SUSE Bug 931627
- SUSE Bug 931628
- SUSE Bug 932770
- SUSE Bug 932790
- SUSE Bug 932996
- SUSE CVE CVE-2015-3209 page
- SUSE CVE CVE-2015-4103 page
- SUSE CVE CVE-2015-4104 page
- SUSE CVE CVE-2015-4105 page
- SUSE CVE CVE-2015-4106 page
- SUSE CVE CVE-2015-4163 page
- SUSE CVE CVE-2015-4164 page
Описание
Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_DEVICEOWNS set.
Затронутые продукты
Ссылки
- CVE-2015-3209
- SUSE Bug 932267
- SUSE Bug 932770
- SUSE Bug 932823
Описание
Xen 3.3.x through 4.5.x does not properly restrict write access to the host MSI message data field, which allows local x86 HVM guest administrators to cause a denial of service (host interrupt handling confusion) via vectors related to qemu and accessing spanning multiple fields.
Затронутые продукты
Ссылки
- CVE-2015-4103
- SUSE Bug 931625
Описание
Xen 3.3.x through 4.5.x does not properly restrict access to PCI MSI mask bits, which allows local x86 HVM guest users to cause a denial of service (unexpected interrupt and host crash) via unspecified vectors.
Затронутые продукты
Ссылки
- CVE-2015-4104
- SUSE Bug 931626
Описание
Xen 3.3.x through 4.5.x enables logging for PCI MSI-X pass-through error messages, which allows local x86 HVM guests to cause a denial of service (host disk consumption) via certain invalid operations.
Затронутые продукты
Ссылки
- CVE-2015-4105
- SUSE Bug 931627
Описание
QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might allow local x86 HVM guests to gain privileges, cause a denial of service (host crash), obtain sensitive information, or possibly have other unspecified impact via unknown vectors.
Затронутые продукты
Ссылки
- CVE-2015-4106
- SUSE Bug 931628
Описание
GNTTABOP_swap_grant_ref in Xen 4.2 through 4.5 does not check the grant table operation version, which allows local guest domains to cause a denial of service (NULL pointer dereference) via a hypercall without a GNTTABOP_setup_table or GNTTABOP_set_version.
Затронутые продукты
Ссылки
- CVE-2015-4163
- SUSE Bug 932790
Описание
The compat_iret function in Xen 3.1 through 4.5 iterates the wrong way through a loop, which allows local 32-bit PV guest administrators to cause a denial of service (large loop and system hang) via a hypercall_iret call with EFLAGS.VM set.
Затронутые продукты
Ссылки
- CVE-2015-4164
- SUSE Bug 932996
- SUSE Bug 950367