openSUSE Build Service

Security update for xen

This update for xen fixes several issues.

These security issues were fixed:

- CVE-2017-5753, CVE-2017-5715, CVE-2017-5754: Prevent information leaks via
side effects of speculative execution, aka "Spectre" and "Meltdown" attacks
(bsc#1074562, bsc#1068032)
- CVE-2017-15595: x86 PV guest OS users were able to cause a DoS (unbounded
recursion, stack consumption, and hypervisor crash) or possibly gain privileges
via crafted page-table stacking (bsc#1061081)
- CVE-2017-17566: Prevent PV guest OS users to cause a denial of service (host
OS crash) or gain host OS privileges in shadow mode by mapping a certain
auxiliary page (bsc#1070158).
- CVE-2017-17563: Prevent guest OS users to cause a denial of service (host OS
crash) or gain host OS privileges by leveraging an incorrect mask for
reference-count overflow checking in shadow mode (bsc#1070159).
- CVE-2017-17564: Prevent guest OS users to cause a denial of service (host OS
crash) or gain host OS privileges by leveraging incorrect error handling for
reference counting in shadow mode (bsc#1070160).
- CVE-2017-17565: Prevent PV guest OS users to cause a denial of service (host
OS crash) if shadow mode and log-dirty mode are in place, because of an
incorrect assertion related to M2P (bsc#1070163).
- CVE-2018-5683: The vga_draw_text function allowed local OS guest privileged
users to cause a denial of service (out-of-bounds read and QEMU process crash)
by leveraging improper memory address validation (bsc#1076116).
- CVE-2017-18030: The cirrus_invalidate_region function allowed local OS guest
privileged users to cause a denial of service (out-of-bounds array access and
QEMU process crash) via vectors related to negative pitch (bsc#1076180).

These non-security issues were fixed:

- bsc#1067317: pass cache=writeback|unsafe|directsync to qemu depending on the
libxl disk settings
- bsc#1051729: Prevent invalid symlinks after install of SLES 12 SP2
- bsc#1035442: Increased the value of LIBXL_DESTROY_TIMEOUT from 10 to 100
seconds. If many domUs shutdown in parallel the backends couldn't keep up
- bsc#1027519: Added several upstream patches

This update was imported from the SUSE:SLE-12-SP3:Update update project.

Submitted by Charles Arnold (charlesa)

Fixed bugs

bnc#1027519

Xen: Missing upstream bug fixes

bnc#1035442

L3: libxl: error: libxl.c:1676:devices_destroy_cb: libxl__devices_destroy failed

bnc#1051729

Invalid symlinks after install of sles12sp2

bnc#1061081

VUL-0: CVE-2017-15595: xen: Unlimited recursion in linear pagetable de-typing (XSA-240)

bnc#1067317

[XEN] The storage sub-option *cache* is invalid when try to change cache mode during install fv guest by virt-install/virt-manager.

bnc#1068032

VUL-0: speculative side channel attacks on various CPU platforms aka "SpectreAttack" and "MeltdownAttack"

bnc#1070158

VUL-0: CVE-2017-17566: xen: x86 PV guests may gain access to internally used pages (XSA-248)

bnc#1070159

VUL-0: CVE-2017-17563: xen: broken x86 shadow mode refcount overflow check (XSA-249)

bnc#1070160

VUL-0: CVE-2017-17564: xen: improper x86 shadow mode refcount error handling (XSA-250)

bnc#1070163

VUL-0: CVE-2017-17565: xen: improper bug check in x86 log-dirty handling (XSA-251)

bnc#1074562

VUL-0: xen: Information leak via side effects of speculative execution (XSA-254)

bnc#1076116

VUL-1: CVE-2018-5683: xen: Qemu: Out-of-bounds read in vga_draw_text routine

bnc#1076180

VUL-1: CVE-2017-18030: xen: qemu: Out-of-bounds access in cirrus_invalidate_region routine

Places

Fixed bugs

Selected Binaries

Places