Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2015:1045-1

Опубликовано: 05 июн. 2015
Источник: suse-cvrf

Описание

Security update for Xen

Xen was updated to fix seven security vulnerabilities:

* CVE-2015-4103: Potential unintended writes to host MSI message data field via qemu. (XSA-128, bnc#931625) * CVE-2015-4104: PCI MSI mask bits inadvertently exposed to guests. (XSA-129, bnc#931626) * CVE-2015-4105: Guest triggerable qemu MSI-X pass-through error messages. (XSA-130, bnc#931627) * CVE-2015-4106: Unmediated PCI register access in qemu. (XSA-131, bnc#931628) * CVE-2015-4163: GNTTABOP_swap_grant_ref operation misbehavior. (XSA-134, bnc#932790) * CVE-2015-3209: Heap overflow in qemu pcnet controller allowing guest to host escape. (XSA-135, bnc#932770) * CVE-2015-4164: DoS through iret hypercall handler. (XSA-136, bnc#932996)

Security Issues:

* CVE-2015-4103 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4103> * CVE-2015-4104 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4104> * CVE-2015-4105 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4105> * CVE-2015-4106 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4106> * CVE-2015-4163 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4163> * CVE-2015-4164 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4164> * CVE-2015-3209 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3209>

Список пакетов

SUSE Linux Enterprise Desktop 11 SP3
xen-4.2.5_08-0.9.1
xen-doc-html-4.2.5_08-0.9.1
xen-doc-pdf-4.2.5_08-0.9.1
xen-kmp-default-4.2.5_08_3.0.101_0.47.55-0.9.1
xen-kmp-pae-4.2.5_08_3.0.101_0.47.55-0.9.1
xen-libs-4.2.5_08-0.9.1
xen-libs-32bit-4.2.5_08-0.9.1
xen-tools-4.2.5_08-0.9.1
xen-tools-domU-4.2.5_08-0.9.1
SUSE Linux Enterprise Server 11 SP3
xen-4.2.5_08-0.9.1
xen-doc-html-4.2.5_08-0.9.1
xen-doc-pdf-4.2.5_08-0.9.1
xen-kmp-default-4.2.5_08_3.0.101_0.47.55-0.9.1
xen-kmp-pae-4.2.5_08_3.0.101_0.47.55-0.9.1
xen-libs-4.2.5_08-0.9.1
xen-libs-32bit-4.2.5_08-0.9.1
xen-tools-4.2.5_08-0.9.1
xen-tools-domU-4.2.5_08-0.9.1
SUSE Linux Enterprise Server 11 SP3-TERADATA
xen-4.2.5_08-0.9.1
xen-doc-html-4.2.5_08-0.9.1
xen-doc-pdf-4.2.5_08-0.9.1
xen-kmp-default-4.2.5_08_3.0.101_0.47.55-0.9.1
xen-kmp-pae-4.2.5_08_3.0.101_0.47.55-0.9.1
xen-libs-4.2.5_08-0.9.1
xen-libs-32bit-4.2.5_08-0.9.1
xen-tools-4.2.5_08-0.9.1
xen-tools-domU-4.2.5_08-0.9.1
SUSE Linux Enterprise Server for SAP Applications 11 SP3
xen-4.2.5_08-0.9.1
xen-doc-html-4.2.5_08-0.9.1
xen-doc-pdf-4.2.5_08-0.9.1
xen-kmp-default-4.2.5_08_3.0.101_0.47.55-0.9.1
xen-kmp-pae-4.2.5_08_3.0.101_0.47.55-0.9.1
xen-libs-4.2.5_08-0.9.1
xen-libs-32bit-4.2.5_08-0.9.1
xen-tools-4.2.5_08-0.9.1
xen-tools-domU-4.2.5_08-0.9.1
SUSE Linux Enterprise Software Development Kit 11 SP3
xen-devel-4.2.5_08-0.9.1

Ссылки

Описание

Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_DEVICEOWNS set.

Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP3:xen-4.2.5_08-0.9.1
SUSE Linux Enterprise Desktop 11 SP3:xen-doc-html-4.2.5_08-0.9.1
SUSE Linux Enterprise Desktop 11 SP3:xen-doc-pdf-4.2.5_08-0.9.1
SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-default-4.2.5_08_3.0.101_0.47.55-0.9.1
Ссылки

Описание

Xen 3.3.x through 4.5.x does not properly restrict write access to the host MSI message data field, which allows local x86 HVM guest administrators to cause a denial of service (host interrupt handling confusion) via vectors related to qemu and accessing spanning multiple fields.

Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP3:xen-4.2.5_08-0.9.1
SUSE Linux Enterprise Desktop 11 SP3:xen-doc-html-4.2.5_08-0.9.1
SUSE Linux Enterprise Desktop 11 SP3:xen-doc-pdf-4.2.5_08-0.9.1
SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-default-4.2.5_08_3.0.101_0.47.55-0.9.1
Ссылки

Описание

Xen 3.3.x through 4.5.x does not properly restrict access to PCI MSI mask bits, which allows local x86 HVM guest users to cause a denial of service (unexpected interrupt and host crash) via unspecified vectors.

Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP3:xen-4.2.5_08-0.9.1
SUSE Linux Enterprise Desktop 11 SP3:xen-doc-html-4.2.5_08-0.9.1
SUSE Linux Enterprise Desktop 11 SP3:xen-doc-pdf-4.2.5_08-0.9.1
SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-default-4.2.5_08_3.0.101_0.47.55-0.9.1
Ссылки

Описание

Xen 3.3.x through 4.5.x enables logging for PCI MSI-X pass-through error messages, which allows local x86 HVM guests to cause a denial of service (host disk consumption) via certain invalid operations.

Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP3:xen-4.2.5_08-0.9.1
SUSE Linux Enterprise Desktop 11 SP3:xen-doc-html-4.2.5_08-0.9.1
SUSE Linux Enterprise Desktop 11 SP3:xen-doc-pdf-4.2.5_08-0.9.1
SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-default-4.2.5_08_3.0.101_0.47.55-0.9.1
Ссылки

Описание

QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might allow local x86 HVM guests to gain privileges, cause a denial of service (host crash), obtain sensitive information, or possibly have other unspecified impact via unknown vectors.

Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP3:xen-4.2.5_08-0.9.1
SUSE Linux Enterprise Desktop 11 SP3:xen-doc-html-4.2.5_08-0.9.1
SUSE Linux Enterprise Desktop 11 SP3:xen-doc-pdf-4.2.5_08-0.9.1
SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-default-4.2.5_08_3.0.101_0.47.55-0.9.1
Ссылки

Описание

GNTTABOP_swap_grant_ref in Xen 4.2 through 4.5 does not check the grant table operation version, which allows local guest domains to cause a denial of service (NULL pointer dereference) via a hypercall without a GNTTABOP_setup_table or GNTTABOP_set_version.

Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP3:xen-4.2.5_08-0.9.1
SUSE Linux Enterprise Desktop 11 SP3:xen-doc-html-4.2.5_08-0.9.1
SUSE Linux Enterprise Desktop 11 SP3:xen-doc-pdf-4.2.5_08-0.9.1
SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-default-4.2.5_08_3.0.101_0.47.55-0.9.1
Ссылки

Описание

The compat_iret function in Xen 3.1 through 4.5 iterates the wrong way through a loop, which allows local 32-bit PV guest administrators to cause a denial of service (large loop and system hang) via a hypercall_iret call with EFLAGS.VM set.

Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP3:xen-4.2.5_08-0.9.1
SUSE Linux Enterprise Desktop 11 SP3:xen-doc-html-4.2.5_08-0.9.1
SUSE Linux Enterprise Desktop 11 SP3:xen-doc-pdf-4.2.5_08-0.9.1
SUSE Linux Enterprise Desktop 11 SP3:xen-kmp-default-4.2.5_08_3.0.101_0.47.55-0.9.1
Ссылки