Update for xen.openSUSE_13.2_Update security important

Security update for xen

This updates xen to version 4.4.4_06 to fix the following issues:

- An unprivileged user in a guest could gain guest could escalate privilege to
that of the guest kernel, if it had could invoke the instruction emulator.
Only 64-bit x86 HVM guest were affected. Linux guest have not been
vulnerable. (boo#1016340, CVE-2016-10013)
- An unprivileged user in a 64 bit x86 guest could gain information from the
host, crash the host or gain privilege of the host
(boo#1009107, CVE-2016-9383)
- An unprivileged guest process could (unintentionally or maliciously) obtain
or ocorrupt sensitive information of other programs in the same guest. Only
x86 HVM guests have been affected. The attacker needs to be able to trigger
the Xen instruction emulator.
(boo#1000106, CVE-2016-7777)
- A guest on x86 systems could read small parts of hypervisor stack data
(boo#1012651, CVE-2016-9932)
- A malicious guest kernel could hang or crash the host system (boo#1014298,
CVE-2016-10024)
- A malicious guest administrator could escalate their privilege to that of
the host. Only affects x86 HVM guests using qemu older version 1.6.0 or
using the qemu-xen-traditional.
(boo#1011652, CVE-2016-9637)
- An unprivileged guest user could escalate privilege to that of the guest
administrator on x86 HVM guests, especially on Intel CPUs
(boo#1009100, CVE-2016-9386)
- An unprivileged guest user could escalate privilege to that of the guest
administrator (on AMD CPUs) or crash the system (on Intel CPUs) on 32-bit
x86 HVM guests. Only guest operating systems that allowed a new task to
start in VM86 mode were affected.
(boo#1009103, CVE-2016-9382)
- A malicious guest administrator could crash the host on x86 PV guests only
(boo#1009104, CVE-2016-9385)
- A malicious guest administrator could get privilege of the host emulator
process on x86 HVM guests.
(boo#1009109, CVE-2016-9381)
- A vulnerability in pygrub allowed a malicious guest administrator to obtain
the contents of sensitive host files, or even delete those files
(boo#1009111, CVE-2016-9379, CVE-2016-9380)
- A privileged guest user could cause an infinite loop in the RTL8139 ethernet
emulation to consume CPU cycles on the host, causing a DoS situation
(boo#1007157, CVE-2016-8910)
- A privileged guest user could cause an infinite loop in the intel-hda sound
emulation to consume CPU cycles on the host, causing a DoS situation
(boo#1007160, CVE-2016-8909)
- A privileged guest user could cause a crash of the emulator process on the
host by exploiting a divide by zero vulnerability of the JAZZ RC4030 chipset
emulation
(boo#1005004 CVE-2016-8667)
- A privileged guest user could cause a crash of the emulator process on the
host by exploiting a divide by zero issue of the 16550A UART emulation
(boo#1005005, CVE-2016-8669)
- A privileged guest user could cause an infinite loop in the USB xHCI
emulation, causing a DoS situation on the host
(boo#1004016, CVE-2016-8576)
- A privileged guest user could cause an infinite loop in the ColdFire Fash
Ethernet Controller emulation, causing a DoS situation on the host
(boo#1003030, CVE-2016-7908)
- A privileged guest user could cause an infinite loop in the AMD PC-Net II
emulation, causing a DoS situation on the host
(boo#1003032, CVE-2016-7909)
- Cause a reload of clvm in the block-dmmd script to avoid a blocking lvchange
call (boo#1002496)
- Also unplug SCSI disks in qemu-xen-traditional for upstream unplug protocol.
Before a single SCSI storage devices added to HVM guests could appear
multiple times in the guest.
(boo#953518)
- Fix a kernel panic / black screen when trying to boot a XEN kernel on some
UEFI firmwares
(boo#1000195)

Fixed bugs
bnc#1012651
VUL-0: CVE-2016-9932: xen: x86 CMPXCHG8B emulation fails to ignore operand size override (XSA-200)
bnc#1004016
VUL-0: CVE-2016-8576: xen: usb: xHCI: infinite loop vulnerability in xhci_ring_fetch
bnc#1003032
VUL-0: CVE-2016-7909: xen: net: pcnet: infinite loop in pcnet_rdra_addr
bnc#1005005
VUL-0: CVE-2016-8669: xen: char: divide by zero error in serial_update_parameters
bnc#1003030
VUL-0: CVE-2016-7908: xen: net: Infinite loop in mcf_fec_do_tx
bnc#1000106
VUL-0: CVE-2016-7777: xen: CR0.TS and CR0.EM not always honored for x86 HVM guests (XSA-190)
bnc#1007160
VUL-0: CVE-2016-8909: xen: audio: intel-hda: infinite loop in processing dma buffer stream
bnc#953518
disks added via SCSI controller are visible twice on HVM XEN guest systems
bnc#1009109
VUL-0: CVE-2016-9381: XSA-197: xen: qemu incautious about shared ring processing
bnc#1011652
VUL-0: CVE-2016-9637: xen: qemu ioport array overflow (XSA-199)
bnc#1009111
VUL-0: CVE-2016-9379,CVE-2016-9380: XSA-198: xen: delimiter injection vulnerabilities in pygrub
bnc#1007157
VUL-0: CVE-2016-8910: xen: net: rtl8139: infinite loop while transmit in C+ mode
bnc#1005004
CVE-2016-8667: xen: dma: rc4030 divide by zero error in set_next_tick
bnc#1009100
VUL-0: CVE-2016-9386: XSA-191: xen: x86 null segments not always treated as unusable
bnc#1000195
SLES 11 SP3 with XEN kernel stop booting with Panic on CPU0
bnc#1016340
VUL-0: EMU: CVE-2016-10013: xen: x86: Mishandling of SYSCALL singlestep during emulation (XSA-204)
bnc#1009103
VUL-0: CVE-2016-9382: XSA-192: xen: x86 task switch to VM86 mode mis-handled
bnc#1009104
VUL-0: CVE-2016-9385: XSA-193: xen: x86 segment base write emulation lacking canonical address checks
bnc#1002496
Adding support for reloading clvm in block-dmmd
bnc#1014298
VUL-0: CVE-2016-10024: xen: x86 PV guests may be able to mask interrupts (XSA-202)
bnc#1009107
VUL-0: CVE-2016-9383: XSA-195: xen: x86 64-bit bit test instruction emulation broken
Selected Binaries
openSUSE Build Service is sponsored by