Описание
Security update for xen
This update fixes the following security issues:
-
bsc#956832 - CVE-2015-8345: xen: qemu: net: eepro100: infinite loop in processing command block list
-
bsc#956408 - CVE-2015-8339, CVE-2015-8340: xen: XENMEM_exchange error handling issues (XSA-159) xsa159.patch
-
bsc#956411 - CVE-2015-7504: xen: heap buffer overflow vulnerability in pcnet emulator (XSA-162)
-
bsc#954405 - CVE-2015-8104: Xen: guest to host DoS by triggering an infinite loop in microcode via #DB exception
-
bsc#953527 - CVE-2015-5307: kernel: kvm/xen: x86: avoid guest->host DOS by intercepting #AC (XSA-156)
-
bsc#950704 - CVE-2015-7970: xen: x86: Long latency populate-on-demand operation is not preemptible (XSA-150)
-
bsc#951845 - CVE-2015-7972: xen: x86: populate-on-demand balloon size inaccuracy can crash guests (XSA-153)
-
bsc#950703 - CVE-2015-7969: xen: leak of main per-domain vcpu pointer array (DoS) (XSA-149)
-
bsc#950705 - CVE-2015-7969: xen: x86: leak of per-domain profiling-related vcpu pointer array (DoS) (XSA-151)
-
bsc#950706 - CVE-2015-7971: xen: x86: some pmu and profiling hypercalls log without rate limiting (XSA-152)
Список пакетов
SUSE Linux Enterprise Server 11 SP2-LTSS
Ссылки
- Link for SUSE-SU-2015:2306-1
- E-Mail link for SUSE-SU-2015:2306-1
- SUSE Security Ratings
- SUSE Bug 950703
- SUSE Bug 950704
- SUSE Bug 950705
- SUSE Bug 950706
- SUSE Bug 951845
- SUSE Bug 953527
- SUSE Bug 954405
- SUSE Bug 956408
- SUSE Bug 956411
- SUSE Bug 956832
- SUSE CVE CVE-2015-5307 page
- SUSE CVE CVE-2015-7504 page
- SUSE CVE CVE-2015-7969 page
- SUSE CVE CVE-2015-7970 page
- SUSE CVE CVE-2015-7971 page
- SUSE CVE CVE-2015-7972 page
- SUSE CVE CVE-2015-8104 page
Описание
The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c.
Затронутые продукты
Ссылки
- CVE-2015-5307
- SUSE Bug 953527
- SUSE Bug 954018
- SUSE Bug 954404
- SUSE Bug 954405
- SUSE Bug 962977
Описание
Heap-based buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU allows guest OS administrators to cause a denial of service (instance crash) or possibly execute arbitrary code via a series of packets in loopback mode.
Затронутые продукты
Ссылки
- CVE-2015-7504
- SUSE Bug 956411
Описание
Multiple memory leaks in Xen 4.0 through 4.6.x allow local guest administrators or domains with certain permission to cause a denial of service (memory consumption) via a large number of "teardowns" of domains with the vcpu pointer array allocated using the (1) XEN_DOMCTL_max_vcpus hypercall or the xenoprofile state vcpu pointer array allocated using the (2) XENOPROF_get_buffer or (3) XENOPROF_set_passive hypercall.
Затронутые продукты
Ссылки
- CVE-2015-7969
- SUSE Bug 950703
- SUSE Bug 950705
Описание
The p2m_pod_emergency_sweep function in arch/x86/mm/p2m-pod.c in Xen 3.4.x, 3.5.x, and 3.6.x is not preemptible, which allows local x86 HVM guest administrators to cause a denial of service (CPU consumption and possibly reboot) via crafted memory contents that triggers a "time-consuming linear scan," related to Populate-on-Demand.
Затронутые продукты
Ссылки
- CVE-2015-7970
- SUSE Bug 950704
Описание
Xen 3.2.x through 4.6.x does not limit the number of printk console messages when logging certain pmu and profiling hypercalls, which allows local guests to cause a denial of service via a sequence of crafted (1) HYPERCALL_xenoprof_op hypercalls, which are not properly handled in the do_xenoprof_op function in common/xenoprof.c, or (2) HYPERVISOR_xenpmu_op hypercalls, which are not properly handled in the do_xenpmu_op function in arch/x86/cpu/vpmu.c.
Затронутые продукты
Ссылки
- CVE-2015-7971
- SUSE Bug 950706
Описание
The (1) libxl_set_memory_target function in tools/libxl/libxl.c and (2) libxl__build_post function in tools/libxl/libxl_dom.c in Xen 3.4.x through 4.6.x do not properly calculate the balloon size when using the populate-on-demand (PoD) system, which allows local HVM guest users to cause a denial of service (guest crash) via unspecified vectors related to "heavy memory pressure."
Затронутые продукты
Ссылки
- CVE-2015-7972
- SUSE Bug 950704
- SUSE Bug 951845
Описание
The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c.
Затронутые продукты
Ссылки
- CVE-2015-8104
- SUSE Bug 1215748
- SUSE Bug 953527
- SUSE Bug 954018
- SUSE Bug 954404
- SUSE Bug 954405
- SUSE Bug 962977
Описание
The memory_exchange function in common/memory.c in Xen 3.2.x through 4.6.x does not properly hand back pages to a domain, which might allow guest OS administrators to cause a denial of service (host crash) via unspecified vectors related to domain teardown.
Затронутые продукты
Ссылки
- CVE-2015-8339
- SUSE Bug 956408
Описание
The memory_exchange function in common/memory.c in Xen 3.2.x through 4.6.x does not properly release locks, which might allow guest OS administrators to cause a denial of service (deadlock or host crash) via unspecified vectors, related to XENMEM_exchange error handling.
Затронутые продукты
Ссылки
- CVE-2015-8340
- SUSE Bug 956408
Описание
The eepro100 emulator in QEMU qemu-kvm blank allows local guest users to cause a denial of service (application crash and infinite loop) via vectors involving the command block list.
Затронутые продукты
Ссылки
- CVE-2015-8345
- SUSE Bug 956829
- SUSE Bug 956832