Overview

File _patchinfo of Package patchinfo.3242

<patchinfo incident="3242">
  <issue id="959330" tracker="bnc">Guest migrations using virsh results in error  "Internal error: received hangup / error event on socket"</issue>
  <issue id="995789" tracker="bnc">VUL-0: CVE-2016-7093: xen: x86: Mishandling of instruction pointer truncation during emulation (XSA-186)</issue>
  <issue id="993665" tracker="bnc">Migration of xen guests finishes in: One or more references were leaked after disconnect from the hypervisor</issue>
  <issue id="988676" tracker="bnc">VUL-0: CVE-2016-6259: xen: x86: Missing SMAP whitelisting in 32-bit exception / event delivery (XSA-183)</issue>
  <issue id="992224" tracker="bnc">[HPS Bug] During boot of Xen Hypervisor, Failed to get contiguous memory for DMA from Xen</issue>
  <issue id="959552" tracker="bnc">Migration of HVM guest leads into libvirt segmentation fault</issue>
  <issue id="994775" tracker="bnc">VUL-0: CVE-2016-6833: xen: net: vmxnet3: use after free while writing</issue>
  <issue id="953518" tracker="bnc">disks added via SCSI controller are visible twice on HVM XEN guest systems</issue>
  <issue id="995792" tracker="bnc">VUL-0: CVE-2016-7094: xen: x86 HVM: Overflow of sh_ctxt-&gt;seg_reg[] (XSA-187)</issue>
  <issue id="994772" tracker="bnc">VUL-0: CVE-2016-6888: xen: Integer overflow in packet initialisation in VMXNET3 device driver. Aprivileged user inside guest c...</issue>
  <issue id="990970" tracker="bnc">xen-4.4.4_02-32.1 add PMU support for Intel E7-8867 v4 (fam=6, model=79)</issue>
  <issue id="994625" tracker="bnc">VUL-0: CVE-2016-6835: xen: qemu: Buffer overflow in vmxnet_tx_pkt_parse_headers() in vmxnet3 deviceemulation.</issue>
  <issue id="995785" tracker="bnc">VUL-0: CVE-2016-7092: xen: x86: Disallow L3 recursive pagetable for 32-bit PV guests (XSA-185)</issue>
  <issue id="991934" tracker="bnc">xen hypervisor crash in csched_acct</issue>
  <issue id="994761" tracker="bnc">VUL-0: CVE-2016-6836: xen: qemu: net: vmxnet: Information leakage in vmxnet3_complete_packet</issue>
  <issue id="990500" tracker="bnc">VM virsh migration fails with keepalive error: ":virKeepAliveTimerInternal:143 : No response from client"</issue>
  <issue id="988675" tracker="bnc">VUL-0: CVE-2016-6258: xen: x86: Privilege escalation in PV guests (XSA-182)</issue>
  <issue id="994421" tracker="bnc">VUL-0: CVE-2016-6834: xen:  an infinite loop during packet fragmentation</issue>
  <issue id="971949" tracker="bnc">XEN: "option `' not supported" is displayed within guest migration using xl stack</issue>
  <issue id="955104" tracker="bnc">Virsh reports error "one or more references were leaked after disconnect from hypervisor" when "virsh save" failed due to "no response from client after 6 keepalive messages"</issue>
  <issue id="970135" tracker="bnc">new virtualization project clock test randomly fails on Xen</issue>
  <issue id="2016-6888" tracker="cve" />
  <issue id="2016-6258" tracker="cve" />
  <issue id="2016-6259" tracker="cve" />
  <issue id="2016-6836" tracker="cve" />
  <issue id="2016-7093" tracker="cve" />
  <issue id="2016-7092" tracker="cve" />
  <issue id="2016-6834" tracker="cve" />
  <issue id="2016-6835" tracker="cve" />
  <issue id="2016-6833" tracker="cve" />
  <issue id="2016-7094" tracker="cve" />
  <category>security</category>
  <rating>important</rating>
  <packager>charlesa</packager>
  <description>This update for xen fixes several issues.

These security issues were fixed:
- CVE-2016-7092: The get_page_from_l3e function in arch/x86/mm.c in Xen allowed local 32-bit PV guest OS administrators to gain host OS privileges via vectors related to L3 recursive pagetables (bsc#995785).
- CVE-2016-7093: Xen allowed local HVM guest OS administrators to overwrite hypervisor memory and consequently gain host OS privileges by leveraging mishandling of instruction pointer truncation during emulation (bsc#995789).
- CVE-2016-7094: Buffer overflow in Xen allowed local x86 HVM guest OS administrators on guests running with shadow paging to cause a denial of service via a pagetable update (bsc#995792).
- CVE-2016-6836: Information leakage in vmxnet3_complete_packet (bsc#994761).
- CVE-2016-6888: Integer overflow in packet initialisation in VMXNET3 device driver. Aprivileged user inside guest c... (bsc#994772).
- CVE-2016-6833: Use after free while writing (bsc#994775).
- CVE-2016-6835: Buffer overflow in vmxnet_tx_pkt_parse_headers() in vmxnet3 deviceemulation. (bsc#994625).
- CVE-2016-6834: An infinite loop during packet fragmentation (bsc#994421).
- CVE-2016-6258: The PV pagetable code in arch/x86/mm.c in Xen allowed local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries (bsc#988675).
- CVE-2016-6259: Xen did not implement Supervisor Mode Access Prevention (SMAP) whitelisting in 32-bit exception and event delivery, which allowed local 32-bit PV guest OS kernels to cause a denial of service (hypervisor and VM crash) by triggering a safety check (bsc#988676).

These non-security issues were fixed:
- bsc#991934: Hypervisor crash in csched_acct
- bsc#992224: During boot of Xen Hypervisor, failed to get contiguous memory for DMA
- bsc#955104: Virsh reports error "one or more references were leaked after disconnect from hypervisor" when "virsh save" failed due to "no response from client after 6 keepalive messages"
- bsc#959552: Migration of HVM guest leads into libvirt segmentation fault
- bsc#993665: Migration of xen guests finishes in: One or more references were leaked after disconnect from the hypervisor
- bsc#959330: Guest migrations using virsh results in error "Internal error: received hangup / error event on socket"
- bsc#990500: VM virsh migration fails with keepalive error: ":virKeepAliveTimerInternal:143 : No response from client"
- bsc#953518: Unplug also SCSI disks in qemu-xen-traditional for upstream unplug protocol
- bsc#953518: xen_platform: unplug also SCSI disks in qemu-xen
- bsc#971949: xl: Support (by ignoring) xl migrate --live. xl migrations are always live
- bsc#970135: New virtualization project clock test randomly fails on Xen
- bsc#990970: Add PMU support for Intel E7-8867 v4 (fam=6, model=79)
</description>
  <summary>Security update for xen</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places