Описание
Security update for xen
xen was updated to version 4.4.3 to fix nine security issues.
These security issues were fixed:
- CVE-2015-4037: The slirp_smb function in net/slirp.c created temporary files with predictable names, which allowed local users to cause a denial of service (instantiation failure) by creating /tmp/qemu-smb.- files before the program (bsc#932267).
- CVE-2014-0222: Integer overflow in the qcow_open function allowed remote attackers to cause a denial of service (crash) via a large L2 table in a QCOW version 1 image (bsc#877642).
- CVE-2015-7835: Uncontrolled creation of large page mappings by PV guests (bsc#950367).
- CVE-2015-7311: libxl in Xen did not properly handle the readonly flag on disks when using the qemu-xen device model, which allowed local guest users to write to a read-only disk image (bsc#947165).
- CVE-2015-5239: Integer overflow in vnc_client_read() and protocol_client_msg() (bsc#944463).
- CVE-2015-6815: With e1000 NIC emulation support it was possible to enter an infinite loop (bsc#944697).
- CVE-2015-7969: Leak of main per-domain vcpu pointer array leading to denial of service (bsc#950703).
- CVE-2015-7969: Leak of per-domain profiling- related vcpu pointer array leading to denial of service (bsc#950705).
- CVE-2015-7971: Some pmu and profiling hypercalls log without rate limiting (bsc#950706).
These non-security issues were fixed:
- bsc#907514: Bus fatal error: SLES 12 sudden reboot has been observed
- bsc#910258: SLES12 Xen host crashes with FATAL NMI after shutdown of guest with VT-d NIC
- bsc#918984: Bus fatal error: SLES11-SP4 sudden reboot has been observed
- bsc#923967: Partner-L3: Bus fatal error: SLES11-SP3 sudden reboot has been observed
- bnc#901488: Intel ixgbe driver assigns rx/tx queues per core resulting in irq problems on servers with a large amount of CPU cores
- bsc#945167: Running command: xl pci-assignable-add 03:10.1 secondly show errors
- bsc#949138: Setting vcpu affinity under Xen causes libvirtd abort
- bsc#949549: xm create hangs when maxmen value is enclosed in quotes
Список пакетов
SUSE Linux Enterprise Desktop 11 SP4
SUSE Linux Enterprise Server 11 SP4
SUSE Linux Enterprise Server for SAP Applications 11 SP4
SUSE Linux Enterprise Software Development Kit 11 SP4
Ссылки
- Link for SUSE-SU-2015:1894-1
- E-Mail link for SUSE-SU-2015:1894-1
- SUSE Security Ratings
- SUSE Bug 877642
- SUSE Bug 901488
- SUSE Bug 907514
- SUSE Bug 910258
- SUSE Bug 918984
- SUSE Bug 923967
- SUSE Bug 932267
- SUSE Bug 944463
- SUSE Bug 944697
- SUSE Bug 945167
- SUSE Bug 947165
- SUSE Bug 949138
- SUSE Bug 949549
- SUSE Bug 950367
- SUSE Bug 950703
- SUSE Bug 950705
- SUSE Bug 950706
Описание
Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service (crash) via a large L2 table in a QCOW version 1 image.
Затронутые продукты
Ссылки
- CVE-2014-0222
- SUSE Bug 1072223
- SUSE Bug 877642
- SUSE Bug 950367
- SUSE Bug 964925
Описание
The slirp_smb function in net/slirp.c in QEMU 2.3.0 and earlier creates temporary files with predictable names, which allows local users to cause a denial of service (instantiation failure) by creating /tmp/qemu-smb.*-* files before the program.
Затронутые продукты
Ссылки
- CVE-2015-4037
- SUSE Bug 932267
- SUSE Bug 950367
Описание
Integer overflow in the VNC display driver in QEMU before 2.1.0 allows attachers to cause a denial of service (process crash) via a CLIENT_CUT_TEXT message, which triggers an infinite loop.
Затронутые продукты
Ссылки
- CVE-2015-5239
- SUSE Bug 944463
- SUSE Bug 950367
Описание
The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecified vectors.
Затронутые продукты
Ссылки
- CVE-2015-6815
- SUSE Bug 944697
- SUSE Bug 950367
Описание
libxl in Xen 4.1.x through 4.6.x does not properly handle the readonly flag on disks when using the qemu-xen device model, which allows local guest users to write to a read-only disk image.
Затронутые продукты
Ссылки
- CVE-2015-7311
- SUSE Bug 947165
- SUSE Bug 950367
Описание
The mod_l2_entry function in arch/x86/mm.c in Xen 3.4 through 4.6.x does not properly validate level 2 page table entries, which allows local PV guest administrators to gain privileges via a crafted superpage mapping.
Затронутые продукты
Ссылки
- CVE-2015-7835
- SUSE Bug 940929
- SUSE Bug 947159
- SUSE Bug 950367
Описание
Multiple memory leaks in Xen 4.0 through 4.6.x allow local guest administrators or domains with certain permission to cause a denial of service (memory consumption) via a large number of "teardowns" of domains with the vcpu pointer array allocated using the (1) XEN_DOMCTL_max_vcpus hypercall or the xenoprofile state vcpu pointer array allocated using the (2) XENOPROF_get_buffer or (3) XENOPROF_set_passive hypercall.
Затронутые продукты
Ссылки
- CVE-2015-7969
- SUSE Bug 950703
- SUSE Bug 950705
Описание
Xen 3.2.x through 4.6.x does not limit the number of printk console messages when logging certain pmu and profiling hypercalls, which allows local guests to cause a denial of service via a sequence of crafted (1) HYPERCALL_xenoprof_op hypercalls, which are not properly handled in the do_xenoprof_op function in common/xenoprof.c, or (2) HYPERVISOR_xenpmu_op hypercalls, which are not properly handled in the do_xenpmu_op function in arch/x86/cpu/vpmu.c.
Затронутые продукты
Ссылки
- CVE-2015-7971
- SUSE Bug 950706