File _patchinfo of Package patchinfo.4687

<patchinfo incident="4687">
  <packager>charlesa</packager>
  <issue tracker="bnc" id="1027570">VUL-0: CVE-2017-6414: xen: libcacard: host memory leakage while creating new APDU</issue>
  <issue tracker="bnc" id="1028655">VUL-0: CVE-2016-9603: xen: Cirrus VGA Heap overflow via display refresh (XSA-211)</issue>
  <issue tracker="bnc" id="1029827">Forward port xenstored</issue>
  <issue tracker="bnc" id="1035483">VUL-0: CVE-2017-7980: xen: qemu: display: cirrus: OOB r/w access issues in bitblt routines</issue>
  <issue tracker="bnc" id="1028235">VUL-0: CVE-2017-6505: xen: qemu: usb: an infinite loop issue in ohci_service_ed_list</issue>
  <issue tracker="bnc" id="1034994">VUL-0: CVE-2017-7718: xen: qemu: display: cirrus: OOB read access issue</issue>
  <issue tracker="bnc" id="1030144">VUL-0: xen: xenstore denial of service via repeated update (XSA-206)</issue>
  <issue tracker="bnc" id="1030442">VUL-0: CVE-2017-7228: xen: x86: broken check in memory_exchange() permits PV guest breakout (XSA-212)</issue>
  <issue tracker="bnc" id="1034845">VUL-0: EMBARGOED: xen: possible memory corruption via failsafe callback (XSA-215)</issue>
  <issue tracker="bnc" id="1034844">VUL-0: EMBARGOED: xen: grant transfer allows PV guest to elevate privileges (XSA-214)</issue>
  <issue tracker="bnc" id="1027519">Xen: Missing upstream bug fixes</issue>
  <issue tracker="bnc" id="1034843">VUL-0: EMBARGOED: xen: x86: 64bit PV guest breakout via pagetable use-after-mode-change (XSA-213)</issue>
  <issue tracker="bnc" id="1015348">libvirtd does not start during boot</issue>
  <issue tracker="bnc" id="1022555">L3: Timeout in "execution of /etc/xen/scripts/block add"</issue>
  <issue tracker="bnc" id="1026636">VUL-1: CVE-2017-2633: xen: qemu:   VNC: memory corruption due to unchecked resolution limit</issue>
  <issue tracker="cve" id="2017-6505"></issue>
  <issue tracker="cve" id="2017-2633"></issue>
  <issue tracker="cve" id="2017-7980"></issue>
  <issue tracker="cve" id="2017-7718"></issue>
  <issue tracker="cve" id="2017-6414"></issue>
  <issue tracker="cve" id="2016-9603"></issue>
  <category>security</category>
  <rating>important</rating>
  <summary>Security update for xen</summary>
  <description>
This update for xen fixes several issues.

These security issues were fixed:

- A malicious 64-bit PV guest may be able to access all of system memory, allowing for all of privilege escalation, host crashes, and information leaks by placing a IRET hypercall in the middle of a multicall batch (XSA-213, bsc#1034843)
- A malicious pair of guests may be able to access all of system memory, allowing for all of privilege escalation, host crashes, and information leaks because of a missing check when transfering pages via GNTTABOP_transfer (XSA-214, bsc#1034844).
- CVE-2017-7718: hw/display/cirrus_vga_rop.h allowed local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors related to copying VGA data via the cirrus_bitblt_rop_fwd_transp_ and cirrus_bitblt_rop_fwd_ functions (bsc#1034994).
- CVE-2016-9603: A privileged user within the guest VM could have caused a heap overflow in the device model process, potentially escalating their privileges to that of the device model process (bsc#1028655)

These non-security issues were fixed:

- bsc#1027519: Missing upstream bug fixes
- bsc#1015348: libvirtd does not start during boot
- bsc#1022555: Timeout in "execution of /etc/xen/scripts/block add
</description>
  <reboot_needed/>
</patchinfo>