Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2015:2249-1

Опубликовано: 10 дек. 2015
Источник: suse-cvrf

Описание

Security update for xen

This update fixes the following security issues:

  • bsc#947165 - CVE-2015-7311: xen: libxl fails to honour readonly flag on disks with qemu-xen (xsa-142)

  • bsc#954405 - CVE-2015-8104: Xen: guest to host DoS by triggering an infinite loop in microcode via #DB exception

  • bsc#954018 - CVE-2015-5307: xen: x86: CPU lockup during fault delivery (XSA-156)

  • bsc#950704 - CVE-2015-7970 xen: x86: Long latency populate-on-demand operation is not preemptible (XSA-150) 563212c9-x86-PoD-Eager-sweep-for-zeroed-pages.patch

Список пакетов

openSUSE Leap 42.1
xen-4.5.2_01-6.1
xen-devel-4.5.2_01-6.1
xen-doc-html-4.5.2_01-6.1
xen-kmp-default-4.5.2_01_k4.1.12_1-6.1
xen-libs-4.5.2_01-6.1
xen-libs-32bit-4.5.2_01-6.1
xen-tools-4.5.2_01-6.1
xen-tools-domU-4.5.2_01-6.1

Ссылки

Описание

Stack-based buffer overflow in the xl command line utility in Xen 4.1.x through 4.5.x allows local guest administrators to gain privileges via a long configuration argument.

Затронутые продукты
openSUSE Leap 42.1:xen-4.5.2_01-6.1
openSUSE Leap 42.1:xen-devel-4.5.2_01-6.1
openSUSE Leap 42.1:xen-doc-html-4.5.2_01-6.1
openSUSE Leap 42.1:xen-kmp-default-4.5.2_01_k4.1.12_1-6.1
Ссылки

Описание

QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might allow local x86 HVM guests to gain privileges, cause a denial of service (host crash), obtain sensitive information, or possibly have other unspecified impact via unknown vectors.

Затронутые продукты
openSUSE Leap 42.1:xen-4.5.2_01-6.1
openSUSE Leap 42.1:xen-devel-4.5.2_01-6.1
openSUSE Leap 42.1:xen-doc-html-4.5.2_01-6.1
openSUSE Leap 42.1:xen-kmp-default-4.5.2_01_k4.1.12_1-6.1
Ссылки

Описание

Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands.

Затронутые продукты
openSUSE Leap 42.1:xen-4.5.2_01-6.1
openSUSE Leap 42.1:xen-devel-4.5.2_01-6.1
openSUSE Leap 42.1:xen-doc-html-4.5.2_01-6.1
openSUSE Leap 42.1:xen-kmp-default-4.5.2_01_k4.1.12_1-6.1
Ссылки

Описание

Integer overflow in the VNC display driver in QEMU before 2.1.0 allows attachers to cause a denial of service (process crash) via a CLIENT_CUT_TEXT message, which triggers an infinite loop.

Затронутые продукты
openSUSE Leap 42.1:xen-4.5.2_01-6.1
openSUSE Leap 42.1:xen-devel-4.5.2_01-6.1
openSUSE Leap 42.1:xen-doc-html-4.5.2_01-6.1
openSUSE Leap 42.1:xen-kmp-default-4.5.2_01_k4.1.12_1-6.1
Ссылки

Описание

The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c.

Затронутые продукты
openSUSE Leap 42.1:xen-4.5.2_01-6.1
openSUSE Leap 42.1:xen-devel-4.5.2_01-6.1
openSUSE Leap 42.1:xen-doc-html-4.5.2_01-6.1
openSUSE Leap 42.1:xen-kmp-default-4.5.2_01_k4.1.12_1-6.1
Ссылки

Описание

The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecified vectors.

Затронутые продукты
openSUSE Leap 42.1:xen-4.5.2_01-6.1
openSUSE Leap 42.1:xen-devel-4.5.2_01-6.1
openSUSE Leap 42.1:xen-doc-html-4.5.2_01-6.1
openSUSE Leap 42.1:xen-kmp-default-4.5.2_01_k4.1.12_1-6.1
Ссылки

Описание

libxl in Xen 4.1.x through 4.6.x does not properly handle the readonly flag on disks when using the qemu-xen device model, which allows local guest users to write to a read-only disk image.

Затронутые продукты
openSUSE Leap 42.1:xen-4.5.2_01-6.1
openSUSE Leap 42.1:xen-devel-4.5.2_01-6.1
openSUSE Leap 42.1:xen-doc-html-4.5.2_01-6.1
openSUSE Leap 42.1:xen-kmp-default-4.5.2_01_k4.1.12_1-6.1
Ссылки

Описание

The mod_l2_entry function in arch/x86/mm.c in Xen 3.4 through 4.6.x does not properly validate level 2 page table entries, which allows local PV guest administrators to gain privileges via a crafted superpage mapping.

Затронутые продукты
openSUSE Leap 42.1:xen-4.5.2_01-6.1
openSUSE Leap 42.1:xen-devel-4.5.2_01-6.1
openSUSE Leap 42.1:xen-doc-html-4.5.2_01-6.1
openSUSE Leap 42.1:xen-kmp-default-4.5.2_01_k4.1.12_1-6.1
Ссылки

Описание

The p2m_pod_emergency_sweep function in arch/x86/mm/p2m-pod.c in Xen 3.4.x, 3.5.x, and 3.6.x is not preemptible, which allows local x86 HVM guest administrators to cause a denial of service (CPU consumption and possibly reboot) via crafted memory contents that triggers a "time-consuming linear scan," related to Populate-on-Demand.

Затронутые продукты
openSUSE Leap 42.1:xen-4.5.2_01-6.1
openSUSE Leap 42.1:xen-devel-4.5.2_01-6.1
openSUSE Leap 42.1:xen-doc-html-4.5.2_01-6.1
openSUSE Leap 42.1:xen-kmp-default-4.5.2_01_k4.1.12_1-6.1
Ссылки

Описание

The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c.

Затронутые продукты
openSUSE Leap 42.1:xen-4.5.2_01-6.1
openSUSE Leap 42.1:xen-devel-4.5.2_01-6.1
openSUSE Leap 42.1:xen-doc-html-4.5.2_01-6.1
openSUSE Leap 42.1:xen-kmp-default-4.5.2_01_k4.1.12_1-6.1
Ссылки
Уязвимость openSUSE-SU-2015:2249-1