Описание
Security update for xen
This update for xen fixes the following issues:
- CVE-2015-8567,CVE-2015-8568: xen: qemu: net: vmxnet3: host memory leakage (boo#959387)
- CVE-2015-8550: xen: paravirtualized drivers incautious about shared memory contents (XSA-155, boo#957988)
- CVE-2015-8558: xen: qemu: usb: infinite loop in ehci_advance_state results in DoS (boo#959006)
- CVE-2015-7549: xen: qemu pci: null pointer dereference issue (boo#958918)
- CVE-2015-8504: xen: qemu: ui: vnc: avoid floating point exception (boo#958493)
- CVE-2015-8554: xen: qemu-dm buffer overrun in MSI-X handling (XSA-164, boo#958007)
- CVE-2015-8555: xen: information leak in legacy x86 FPU/XMM initialization (XSA-165, boo#958009)
- boo#958523: xen: ioreq handling possibly susceptible to multiple read issue (XSA-166)
- CVE-2015-8345: xen: qemu: net: eepro100: infinite loop in processing command block list (boo#956832)
- CVE-2015-5307: xen: x86: CPU lockup during fault delivery (XSA-156, boo#954018)
- boo#956592: xen: virtual PMU is unsupported (XSA-163)
- CVE-2015-8339, CVE-2015-8340: xen: XENMEM_exchange error handling issues (XSA-159, boo#956408)
- CVE-2015-8341: xen: libxl leak of pv kernel and initrd on error (XSA-160, boo#956409)
- CVE-2015-7504: xen: heap buffer overflow vulnerability in pcnet emulator (XSA-162, boo#956411)
Список пакетов
openSUSE Leap 42.1
Ссылки
- E-Mail link for openSUSE-SU-2016:0126-1
- SUSE Security Ratings
Описание
The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c.
Затронутые продукты
Ссылки
- CVE-2015-5307
- SUSE Bug 953527
- SUSE Bug 954018
- SUSE Bug 954404
- SUSE Bug 954405
- SUSE Bug 962977
Описание
Heap-based buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU allows guest OS administrators to cause a denial of service (instance crash) or possibly execute arbitrary code via a series of packets in loopback mode.
Затронутые продукты
Ссылки
- CVE-2015-7504
- SUSE Bug 956411
Описание
The MSI-X MMIO support in hw/pci/msix.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by leveraging failure to define the .write method.
Затронутые продукты
Ссылки
- CVE-2015-7549
- SUSE Bug 958917
- SUSE Bug 958918
Описание
The memory_exchange function in common/memory.c in Xen 3.2.x through 4.6.x does not properly hand back pages to a domain, which might allow guest OS administrators to cause a denial of service (host crash) via unspecified vectors related to domain teardown.
Затронутые продукты
Ссылки
- CVE-2015-8339
- SUSE Bug 956408
Описание
The memory_exchange function in common/memory.c in Xen 3.2.x through 4.6.x does not properly release locks, which might allow guest OS administrators to cause a denial of service (deadlock or host crash) via unspecified vectors, related to XENMEM_exchange error handling.
Затронутые продукты
Ссылки
- CVE-2015-8340
- SUSE Bug 956408
Описание
The libxl toolstack library in Xen 4.1.x through 4.6.x does not properly release mappings of files used as kernels and initial ramdisks when managing multiple domains in the same process, which allows attackers to cause a denial of service (memory and disk consumption) by starting domains.
Затронутые продукты
Ссылки
- CVE-2015-8341
- SUSE Bug 956409
Описание
The eepro100 emulator in QEMU qemu-kvm blank allows local guest users to cause a denial of service (application crash and infinite loop) via vectors involving the command block list.
Затронутые продукты
Ссылки
- CVE-2015-8345
- SUSE Bug 956829
- SUSE Bug 956832
Описание
Qemu, when built with VNC display driver support, allows remote attackers to cause a denial of service (arithmetic exception and application crash) via crafted SetPixelFormat messages from a client.
Затронутые продукты
Ссылки
- CVE-2015-8504
- SUSE Bug 958491
- SUSE Bug 958493
Описание
Xen, when used on a system providing PV backends, allows local guest OS administrators to cause a denial of service (host OS crash) or gain privileges by writing to memory shared between the frontend and backend, aka a double fetch vulnerability.
Затронутые продукты
Ссылки
- CVE-2015-8550
- SUSE Bug 1052256
- SUSE Bug 957988
Описание
Buffer overflow in hw/pt-msi.c in Xen 4.6.x and earlier, when using the qemu-xen-traditional (aka qemu-dm) device model, allows local x86 HVM guest administrators to gain privileges by leveraging a system with access to a passed-through MSI-X capable physical PCI device and MSI-X table entries, related to a "write path."
Затронутые продукты
Ссылки
- CVE-2015-8554
- SUSE Bug 958007
Описание
Xen 4.6.x, 4.5.x, 4.4.x, 4.3.x, and earlier do not initialize x86 FPU stack and XMM registers when XSAVE/XRSTOR are not used to manage guest extended register state, which allows local guest domains to obtain sensitive information from other domains via unspecified vectors.
Затронутые продукты
Ссылки
- CVE-2015-8555
- SUSE Bug 958009
Описание
The ehci_process_itd function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular isochronous transfer descriptor (iTD) list.
Затронутые продукты
Ссылки
- CVE-2015-8558
- SUSE Bug 959005
- SUSE Bug 959006
- SUSE Bug 976109
- SUSE Bug 976111
Описание
Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause a denial of service (memory consumption).
Затронутые продукты
Ссылки
- CVE-2015-8567
- SUSE Bug 959386
- SUSE Bug 959387
Описание
Memory leak in QEMU, when built with a VMWARE VMXNET3 paravirtual NIC emulator support, allows local guest users to cause a denial of service (host memory consumption) by trying to activate the vmxnet3 device repeatedly.
Затронутые продукты
Ссылки
- CVE-2015-8568
- SUSE Bug 959386
- SUSE Bug 959387