File _patchinfo of Package patchinfo.6112

Overview Repositories Revisions Requests Users Attributes Meta

File _patchinfo of Package patchinfo.6112

<patchinfo incident="6112">
  <issue id="1012651" tracker="bnc">VUL-0: CVE-2016-9932: xen: x86 CMPXCHG8B emulation fails to ignore operand size override (XSA-200)</issue>
  <issue id="1011652" tracker="bnc">VUL-0: CVE-2016-9637: xen: qemu ioport array overflow (XSA-199)</issue>
  <issue id="1013668" tracker="bnc">VUL-0: CVE-2016-9101: xen: qemu: net: eepro100 memory leakage at device unplug</issue>
  <issue id="1007157" tracker="bnc">VUL-0: CVE-2016-8910: xen: net: rtl8139: infinite loop while transmit in C+ mode</issue>
  <issue id="1000106" tracker="bnc">VUL-0: CVE-2016-7777: xen: CR0.TS and CR0.EM not always honored for x86 HVM guests (XSA-190)</issue>
  <issue id="1003870" tracker="bnc">VUL-0: CVE-2016-7995: xen: usb: hcd-ehci: memory leak in ehci_process_itd</issue>
  <issue id="1009108" tracker="bnc">VUL-0: CVE-2016-9377,CVE-2016-9378: XSA-196: xen: x86 software interrupt injection mis-handled</issue>
  <issue id="1009109" tracker="bnc">VUL-0: CVE-2016-9381: XSA-197: xen: qemu incautious about shared ring processing</issue>
  <issue id="1004016" tracker="bnc">VUL-0: CVE-2016-8576: xen: usb: xHCI: infinite loop vulnerability in xhci_ring_fetch</issue>
  <issue id="1009100" tracker="bnc">VUL-0: CVE-2016-9386: XSA-191: xen: x86 null segments not always treated as unusable</issue>
  <issue id="1016340" tracker="bnc">VUL-0: EMU: CVE-2016-10013: xen: x86: Mishandling of SYSCALL singlestep during emulation (XSA-204)</issue>
  <issue id="1009103" tracker="bnc">VUL-0: CVE-2016-9382: XSA-192: xen: x86 task switch to VM86 mode mis-handled</issue>
  <issue id="1009104" tracker="bnc">VUL-0: CVE-2016-9385: XSA-193: xen: x86 segment base write emulation lacking canonical address checks</issue>
  <issue id="1009107" tracker="bnc">VUL-0: CVE-2016-9383: XSA-195: xen: x86 64-bit bit test instruction emulation broken</issue>
  <issue id="1003032" tracker="bnc">VUL-0: CVE-2016-7909: xen: net: pcnet: infinite loop in pcnet_rdra_addr</issue>
  <issue id="1003030" tracker="bnc">VUL-0: CVE-2016-7908: xen: net: Infinite loop in mcf_fec_do_tx</issue>
  <issue id="1013657" tracker="bnc">VUL-0: CVE-2016-9776: xen: qemu: net: mcf_fec: infinite loop while receiving data in mcf_fec_receive</issue>
  <issue id="1007160" tracker="bnc">VUL-0: CVE-2016-8909: xen: audio: intel-hda: infinite loop in processing dma buffer stream</issue>
  <issue id="1002496" tracker="bnc">Adding support for reloading clvm in block-dmmd</issue>
  <issue id="1005005" tracker="bnc">VUL-0: CVE-2016-8669: xen: char: divide by zero error in serial_update_parameters</issue>
  <issue id="1005004" tracker="bnc">CVE-2016-8667: xen: dma: rc4030 divide by zero error in set_next_tick</issue>
  <issue id="1009111" tracker="bnc">VUL-0: CVE-2016-9379,CVE-2016-9380: XSA-198: xen: delimiter injection vulnerabilities in pygrub</issue>
  <issue id="1014298" tracker="bnc">VUL-0: CVE-2016-10024: xen: x86 PV guests may be able to mask interrupts (XSA-202)</issue>
  <issue id="2016-9932" tracker="cve" />
  <issue id="2016-8909" tracker="cve" />
  <issue id="2016-7777" tracker="cve" />
  <issue id="2016-9377" tracker="cve" />
  <issue id="2016-9378" tracker="cve" />
  <issue id="2016-9379" tracker="cve" />
  <issue id="2016-7909" tracker="cve" />
  <issue id="2016-7908" tracker="cve" />
  <issue id="2016-8576" tracker="cve" />
  <issue id="2016-8669" tracker="cve" />
  <issue id="2016-8667" tracker="cve" />
  <issue id="2016-7995" tracker="cve" />
  <issue id="2016-8910" tracker="cve" />
  <issue id="2016-9101" tracker="cve" />
  <issue id="2016-9637" tracker="cve" />
  <issue id="2016-9776" tracker="cve" />
  <issue id="2016-10013" tracker="cve" />
  <issue id="2016-10024" tracker="cve" />
  <issue id="2016-9381" tracker="cve" />
  <issue id="2016-9380" tracker="cve" />
  <issue id="2016-9383" tracker="cve" />
  <issue id="2016-9382" tracker="cve" />
  <issue id="2016-9385" tracker="cve" />
  <issue id="2016-9386" tracker="cve" />
  <category>security</category>
  <rating>important</rating>
  <packager>charlesa</packager>
  <description>
This updates xen to version 4.5.5 to fix the following issues:

- An unprivileged user in a guest could gain guest could escalate privilege to
  that of the guest kernel, if it had could invoke the instruction emulator.
  Only 64-bit x86 HVM guest were affected. Linux guest have not been
  vulnerable. (boo#1016340, CVE-2016-10013)
- An unprivileged user in a 64 bit x86 guest could gain information from the
  host, crash the host or gain privilege of the host
  (boo#1009107, CVE-2016-9383)
- An unprivileged guest process could (unintentionally or maliciously) obtain
  or ocorrupt sensitive information of other programs in the same guest. Only
  x86 HVM guests have been affected. The attacker needs to be able to trigger
  the Xen instruction emulator.
  (boo#1000106, CVE-2016-7777)
- A guest on x86 systems could read small parts of hypervisor stack data
  (boo#1012651, CVE-2016-9932)
- A malicious guest kernel could hang or crash the host system (boo#1014298,
  CVE-2016-10024)
- The epro100 emulated network device caused a memory leak in the host when
  unplugged in the guest. A privileged user in the guest could use this to
  cause a DoS on the host or potentially crash the guest process on the host
  (boo#1013668, CVE-2016-9101)
- The ColdFire Fast Ethernet Controller was vulnerable to an infinite loop
  that could be trigged by a privileged user in the guest, leading to DoS
  (boo#1013657, CVE-2016-9776)
- A malicious guest administrator could escalate their privilege to that of
  the host. Only affects x86 HVM guests using qemu older version 1.6.0 or
  using the qemu-xen-traditional.
  (boo#1011652, CVE-2016-9637)
- An unprivileged guest user could escalate privilege to that of the guest
  administrator on x86 HVM guests, especially on Intel CPUs
  (boo#1009100, CVE-2016-9386)
- An unprivileged guest user could escalate privilege to that of the guest
  administrator (on AMD CPUs) or crash the system (on Intel CPUs) on 32-bit
  x86 HVM guests. Only guest operating systems that allowed a new task to
  start in VM86 mode were affected.
  (boo#1009103, CVE-2016-9382)
- A malicious guest administrator could crash the host on x86 PV guests only
  (boo#1009104, CVE-2016-9385)
- An unprivileged guest user was able to crash the guest.
  (boo#1009108, CVE-2016-9377, CVE-2016-9378)
- A malicious guest administrator could get privilege of the host emulator
  process on x86 HVM guests.
  (boo#1009109, CVE-2016-9381)
- A vulnerability in pygrub allowed a malicious guest administrator to obtain
  the contents of sensitive host files, or even delete those files
  (boo#1009111, CVE-2016-9379, CVE-2016-9380)
- A privileged guest user could cause an infinite loop in the RTL8139 ethernet
  emulation to consume CPU cycles on the host, causing a DoS situation
  (boo#1007157, CVE-2016-8910)
- A privileged guest user could cause an infinite loop in the intel-hda sound
  emulation to consume CPU cycles on the host, causing a DoS situation
  (boo#1007160, CVE-2016-8909)
- A privileged guest user could cause a crash of the emulator process on the
  host by exploiting a divide by zero vulnerability of the JAZZ RC4030 chipset
  emulation
  (boo#1005004 CVE-2016-8667)
- A privileged guest user could cause a crash of the emulator process on the
  host by exploiting a divide by zero issue of the 16550A UART emulation
  (boo#1005005, CVE-2016-8669)
- A privileged guest user could cause a memory leak in the USB EHCI emulation,
  causing a DoS situation on the host
  (boo#1003870, CVE-2016-7995)
- A privileged guest user could cause an infinite loop in the USB xHCI
  emulation, causing a DoS situation on the host
  (boo#1004016, CVE-2016-8576)
- A privileged guest user could cause an infinite loop in the ColdFire Fash
  Ethernet Controller emulation, causing a DoS situation on the host
  (boo#1003030, CVE-2016-7908)
- A privileged guest user could cause an infinite loop in the AMD PC-Net II
  emulation, causing a DoS situation on the host
  (boo#1003032, CVE-2016-7909)
- Cause a reload of clvm in the block-dmmd script to avoid a blocking lvchange
  call (boo#1002496)
</description>
  <summary>Security update for xen</summary>
</patchinfo>

Places

File _patchinfo of Package patchinfo.6112

Places