Security update for xen SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2017:0008-1 Final 1 1 2017-01-02T08:13:41Z current 2017-01-02T08:13:41Z 2017-01-02T08:13:41Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for xen This updates xen to version 4.4.4_06 to fix the following issues: - An unprivileged user in a guest could gain guest could escalate privilege to that of the guest kernel, if it had could invoke the instruction emulator. Only 64-bit x86 HVM guest were affected. Linux guest have not been vulnerable. (boo#1016340, CVE-2016-10013) - An unprivileged user in a 64 bit x86 guest could gain information from the host, crash the host or gain privilege of the host (boo#1009107, CVE-2016-9383) - An unprivileged guest process could (unintentionally or maliciously) obtain or ocorrupt sensitive information of other programs in the same guest. Only x86 HVM guests have been affected. The attacker needs to be able to trigger the Xen instruction emulator. (boo#1000106, CVE-2016-7777) - A guest on x86 systems could read small parts of hypervisor stack data (boo#1012651, CVE-2016-9932) - A malicious guest kernel could hang or crash the host system (boo#1014298, CVE-2016-10024) - A malicious guest administrator could escalate their privilege to that of the host. Only affects x86 HVM guests using qemu older version 1.6.0 or using the qemu-xen-traditional. (boo#1011652, CVE-2016-9637) - An unprivileged guest user could escalate privilege to that of the guest administrator on x86 HVM guests, especially on Intel CPUs (boo#1009100, CVE-2016-9386) - An unprivileged guest user could escalate privilege to that of the guest administrator (on AMD CPUs) or crash the system (on Intel CPUs) on 32-bit x86 HVM guests. Only guest operating systems that allowed a new task to start in VM86 mode were affected. (boo#1009103, CVE-2016-9382) - A malicious guest administrator could crash the host on x86 PV guests only (boo#1009104, CVE-2016-9385) - A malicious guest administrator could get privilege of the host emulator process on x86 HVM guests. (boo#1009109, CVE-2016-9381) - A vulnerability in pygrub allowed a malicious guest administrator to obtain the contents of sensitive host files, or even delete those files (boo#1009111, CVE-2016-9379, CVE-2016-9380) - A privileged guest user could cause an infinite loop in the RTL8139 ethernet emulation to consume CPU cycles on the host, causing a DoS situation (boo#1007157, CVE-2016-8910) - A privileged guest user could cause an infinite loop in the intel-hda sound emulation to consume CPU cycles on the host, causing a DoS situation (boo#1007160, CVE-2016-8909) - A privileged guest user could cause a crash of the emulator process on the host by exploiting a divide by zero vulnerability of the JAZZ RC4030 chipset emulation (boo#1005004 CVE-2016-8667) - A privileged guest user could cause a crash of the emulator process on the host by exploiting a divide by zero issue of the 16550A UART emulation (boo#1005005, CVE-2016-8669) - A privileged guest user could cause an infinite loop in the USB xHCI emulation, causing a DoS situation on the host (boo#1004016, CVE-2016-8576) - A privileged guest user could cause an infinite loop in the ColdFire Fash Ethernet Controller emulation, causing a DoS situation on the host (boo#1003030, CVE-2016-7908) - A privileged guest user could cause an infinite loop in the AMD PC-Net II emulation, causing a DoS situation on the host (boo#1003032, CVE-2016-7909) - Cause a reload of clvm in the block-dmmd script to avoid a blocking lvchange call (boo#1002496) - Also unplug SCSI disks in qemu-xen-traditional for upstream unplug protocol. Before a single SCSI storage devices added to HVM guests could appear multiple times in the guest. (boo#953518) - Fix a kernel panic / black screen when trying to boot a XEN kernel on some UEFI firmwares (boo#1000195) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00003.html E-Mail link for openSUSE-SU-2017:0008-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE 13.2 xen-4.4.4_06-58.1 xen-debugsource-4.4.4_06-58.1 xen-devel-4.4.4_06-58.1 xen-doc-html-4.4.4_06-58.1 xen-kmp-default-4.4.4_06_k3.16.7_53-58.1 xen-kmp-default-debuginfo-4.4.4_06_k3.16.7_53-58.1 xen-kmp-desktop-4.4.4_06_k3.16.7_53-58.1 xen-kmp-desktop-debuginfo-4.4.4_06_k3.16.7_53-58.1 xen-libs-4.4.4_06-58.1 xen-libs-32bit-4.4.4_06-58.1 xen-libs-debuginfo-4.4.4_06-58.1 xen-libs-debuginfo-32bit-4.4.4_06-58.1 xen-tools-4.4.4_06-58.1 xen-tools-debuginfo-4.4.4_06-58.1 xen-tools-domU-4.4.4_06-58.1 xen-tools-domU-debuginfo-4.4.4_06-58.1 xen-4.4.4_06-58.1 as a component of openSUSE 13.2 xen-debugsource-4.4.4_06-58.1 as a component of openSUSE 13.2 xen-devel-4.4.4_06-58.1 as a component of openSUSE 13.2 xen-doc-html-4.4.4_06-58.1 as a component of openSUSE 13.2 xen-kmp-default-4.4.4_06_k3.16.7_53-58.1 as a component of openSUSE 13.2 xen-kmp-default-debuginfo-4.4.4_06_k3.16.7_53-58.1 as a component of openSUSE 13.2 xen-kmp-desktop-4.4.4_06_k3.16.7_53-58.1 as a component of openSUSE 13.2 xen-kmp-desktop-debuginfo-4.4.4_06_k3.16.7_53-58.1 as a component of openSUSE 13.2 xen-libs-4.4.4_06-58.1 as a component of openSUSE 13.2 xen-libs-32bit-4.4.4_06-58.1 as a component of openSUSE 13.2 xen-libs-debuginfo-4.4.4_06-58.1 as a component of openSUSE 13.2 xen-libs-debuginfo-32bit-4.4.4_06-58.1 as a component of openSUSE 13.2 xen-tools-4.4.4_06-58.1 as a component of openSUSE 13.2 xen-tools-debuginfo-4.4.4_06-58.1 as a component of openSUSE 13.2 xen-tools-domU-4.4.4_06-58.1 as a component of openSUSE 13.2 xen-tools-domU-debuginfo-4.4.4_06-58.1 as a component of openSUSE 13.2 Xen through 4.8.x allows local 64-bit x86 HVM guest OS users to gain privileges by leveraging mishandling of SYSCALL singlestep during emulation. CVE-2016-10013 openSUSE 13.2:xen-4.4.4_06-58.1 openSUSE 13.2:xen-debugsource-4.4.4_06-58.1 openSUSE 13.2:xen-devel-4.4.4_06-58.1 openSUSE 13.2:xen-doc-html-4.4.4_06-58.1 openSUSE 13.2:xen-kmp-default-4.4.4_06_k3.16.7_53-58.1 openSUSE 13.2:xen-kmp-default-debuginfo-4.4.4_06_k3.16.7_53-58.1 openSUSE 13.2:xen-kmp-desktop-4.4.4_06_k3.16.7_53-58.1 openSUSE 13.2:xen-kmp-desktop-debuginfo-4.4.4_06_k3.16.7_53-58.1 openSUSE 13.2:xen-libs-32bit-4.4.4_06-58.1 openSUSE 13.2:xen-libs-4.4.4_06-58.1 openSUSE 13.2:xen-libs-debuginfo-32bit-4.4.4_06-58.1 openSUSE 13.2:xen-libs-debuginfo-4.4.4_06-58.1 openSUSE 13.2:xen-tools-4.4.4_06-58.1 openSUSE 13.2:xen-tools-debuginfo-4.4.4_06-58.1 openSUSE 13.2:xen-tools-domU-4.4.4_06-58.1 openSUSE 13.2:xen-tools-domU-debuginfo-4.4.4_06-58.1 important 6.5 AV:L/AC:M/Au:S/C:C/I:C/A:C Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00003.html https://www.suse.com/security/cve/CVE-2016-10013.html CVE-2016-10013 https://bugzilla.suse.com/1016340 SUSE Bug 1016340 Xen through 4.8.x allows local x86 PV guest OS kernel administrators to cause a denial of service (host hang or crash) by modifying the instruction stream asynchronously while performing certain kernel operations. CVE-2016-10024 openSUSE 13.2:xen-4.4.4_06-58.1 openSUSE 13.2:xen-debugsource-4.4.4_06-58.1 openSUSE 13.2:xen-devel-4.4.4_06-58.1 openSUSE 13.2:xen-doc-html-4.4.4_06-58.1 openSUSE 13.2:xen-kmp-default-4.4.4_06_k3.16.7_53-58.1 openSUSE 13.2:xen-kmp-default-debuginfo-4.4.4_06_k3.16.7_53-58.1 openSUSE 13.2:xen-kmp-desktop-4.4.4_06_k3.16.7_53-58.1 openSUSE 13.2:xen-kmp-desktop-debuginfo-4.4.4_06_k3.16.7_53-58.1 openSUSE 13.2:xen-libs-32bit-4.4.4_06-58.1 openSUSE 13.2:xen-libs-4.4.4_06-58.1 openSUSE 13.2:xen-libs-debuginfo-32bit-4.4.4_06-58.1 openSUSE 13.2:xen-libs-debuginfo-4.4.4_06-58.1 openSUSE 13.2:xen-tools-4.4.4_06-58.1 openSUSE 13.2:xen-tools-debuginfo-4.4.4_06-58.1 openSUSE 13.2:xen-tools-domU-4.4.4_06-58.1 openSUSE 13.2:xen-tools-domU-debuginfo-4.4.4_06-58.1 important 4.3 AV:L/AC:M/Au:S/C:N/I:N/A:C Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00003.html https://www.suse.com/security/cve/CVE-2016-10024.html CVE-2016-10024 https://bugzilla.suse.com/1014298 SUSE Bug 1014298 Xen 4.7.x and earlier does not properly honor CR0.TS and CR0.EM, which allows local x86 HVM guest OS users to read or modify FPU, MMX, or XMM register state information belonging to arbitrary tasks on the guest by modifying an instruction while the hypervisor is preparing to emulate it. CVE-2016-7777 openSUSE 13.2:xen-4.4.4_06-58.1 openSUSE 13.2:xen-debugsource-4.4.4_06-58.1 openSUSE 13.2:xen-devel-4.4.4_06-58.1 openSUSE 13.2:xen-doc-html-4.4.4_06-58.1 openSUSE 13.2:xen-kmp-default-4.4.4_06_k3.16.7_53-58.1 openSUSE 13.2:xen-kmp-default-debuginfo-4.4.4_06_k3.16.7_53-58.1 openSUSE 13.2:xen-kmp-desktop-4.4.4_06_k3.16.7_53-58.1 openSUSE 13.2:xen-kmp-desktop-debuginfo-4.4.4_06_k3.16.7_53-58.1 openSUSE 13.2:xen-libs-32bit-4.4.4_06-58.1 openSUSE 13.2:xen-libs-4.4.4_06-58.1 openSUSE 13.2:xen-libs-debuginfo-32bit-4.4.4_06-58.1 openSUSE 13.2:xen-libs-debuginfo-4.4.4_06-58.1 openSUSE 13.2:xen-tools-4.4.4_06-58.1 openSUSE 13.2:xen-tools-debuginfo-4.4.4_06-58.1 openSUSE 13.2:xen-tools-domU-4.4.4_06-58.1 openSUSE 13.2:xen-tools-domU-debuginfo-4.4.4_06-58.1 important 4.9 AV:N/AC:M/Au:S/C:P/I:P/A:N Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00003.html https://www.suse.com/security/cve/CVE-2016-7777.html CVE-2016-7777 https://bugzilla.suse.com/1000106 SUSE Bug 1000106 The mcf_fec_do_tx function in hw/net/mcf_fec.c in QEMU (aka Quick Emulator) does not properly limit the buffer descriptor count when transmitting packets, which allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via vectors involving a buffer descriptor with a length of 0 and crafted values in bd.flags. CVE-2016-7908 openSUSE 13.2:xen-4.4.4_06-58.1 openSUSE 13.2:xen-debugsource-4.4.4_06-58.1 openSUSE 13.2:xen-devel-4.4.4_06-58.1 openSUSE 13.2:xen-doc-html-4.4.4_06-58.1 openSUSE 13.2:xen-kmp-default-4.4.4_06_k3.16.7_53-58.1 openSUSE 13.2:xen-kmp-default-debuginfo-4.4.4_06_k3.16.7_53-58.1 openSUSE 13.2:xen-kmp-desktop-4.4.4_06_k3.16.7_53-58.1 openSUSE 13.2:xen-kmp-desktop-debuginfo-4.4.4_06_k3.16.7_53-58.1 openSUSE 13.2:xen-libs-32bit-4.4.4_06-58.1 openSUSE 13.2:xen-libs-4.4.4_06-58.1 openSUSE 13.2:xen-libs-debuginfo-32bit-4.4.4_06-58.1 openSUSE 13.2:xen-libs-debuginfo-4.4.4_06-58.1 openSUSE 13.2:xen-tools-4.4.4_06-58.1 openSUSE 13.2:xen-tools-debuginfo-4.4.4_06-58.1 openSUSE 13.2:xen-tools-domU-4.4.4_06-58.1 openSUSE 13.2:xen-tools-domU-debuginfo-4.4.4_06-58.1 moderate 4.3 AV:L/AC:M/Au:S/C:N/I:N/A:C Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00003.html https://www.suse.com/security/cve/CVE-2016-7908.html CVE-2016-7908 https://bugzilla.suse.com/1002550 SUSE Bug 1002550 https://bugzilla.suse.com/1003030 SUSE Bug 1003030 The pcnet_rdra_addr function in hw/net/pcnet.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by setting the (1) receive or (2) transmit descriptor ring length to 0. CVE-2016-7909 openSUSE 13.2:xen-4.4.4_06-58.1 openSUSE 13.2:xen-debugsource-4.4.4_06-58.1 openSUSE 13.2:xen-devel-4.4.4_06-58.1 openSUSE 13.2:xen-doc-html-4.4.4_06-58.1 openSUSE 13.2:xen-kmp-default-4.4.4_06_k3.16.7_53-58.1 openSUSE 13.2:xen-kmp-default-debuginfo-4.4.4_06_k3.16.7_53-58.1 openSUSE 13.2:xen-kmp-desktop-4.4.4_06_k3.16.7_53-58.1 openSUSE 13.2:xen-kmp-desktop-debuginfo-4.4.4_06_k3.16.7_53-58.1 openSUSE 13.2:xen-libs-32bit-4.4.4_06-58.1 openSUSE 13.2:xen-libs-4.4.4_06-58.1 openSUSE 13.2:xen-libs-debuginfo-32bit-4.4.4_06-58.1 openSUSE 13.2:xen-libs-debuginfo-4.4.4_06-58.1 openSUSE 13.2:xen-tools-4.4.4_06-58.1 openSUSE 13.2:xen-tools-debuginfo-4.4.4_06-58.1 openSUSE 13.2:xen-tools-domU-4.4.4_06-58.1 openSUSE 13.2:xen-tools-domU-debuginfo-4.4.4_06-58.1 moderate 4.3 AV:L/AC:M/Au:S/C:N/I:N/A:C Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00003.html https://www.suse.com/security/cve/CVE-2016-7909.html CVE-2016-7909 https://bugzilla.suse.com/1002557 SUSE Bug 1002557 https://bugzilla.suse.com/1003032 SUSE Bug 1003032 The xhci_ring_fetch function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging failure to limit the number of link Transfer Request Blocks (TRB) to process. CVE-2016-8576 openSUSE 13.2:xen-4.4.4_06-58.1 openSUSE 13.2:xen-debugsource-4.4.4_06-58.1 openSUSE 13.2:xen-devel-4.4.4_06-58.1 openSUSE 13.2:xen-doc-html-4.4.4_06-58.1 openSUSE 13.2:xen-kmp-default-4.4.4_06_k3.16.7_53-58.1 openSUSE 13.2:xen-kmp-default-debuginfo-4.4.4_06_k3.16.7_53-58.1 openSUSE 13.2:xen-kmp-desktop-4.4.4_06_k3.16.7_53-58.1 openSUSE 13.2:xen-kmp-desktop-debuginfo-4.4.4_06_k3.16.7_53-58.1 openSUSE 13.2:xen-libs-32bit-4.4.4_06-58.1 openSUSE 13.2:xen-libs-4.4.4_06-58.1 openSUSE 13.2:xen-libs-debuginfo-32bit-4.4.4_06-58.1 openSUSE 13.2:xen-libs-debuginfo-4.4.4_06-58.1 openSUSE 13.2:xen-tools-4.4.4_06-58.1 openSUSE 13.2:xen-tools-debuginfo-4.4.4_06-58.1 openSUSE 13.2:xen-tools-domU-4.4.4_06-58.1 openSUSE 13.2:xen-tools-domU-debuginfo-4.4.4_06-58.1 moderate 4.3 AV:L/AC:M/Au:S/C:N/I:N/A:C Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00003.html https://www.suse.com/security/cve/CVE-2016-8576.html CVE-2016-8576 https://bugzilla.suse.com/1003878 SUSE Bug 1003878 https://bugzilla.suse.com/1004016 SUSE Bug 1004016 The rc4030_write function in hw/dma/rc4030.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via a large interval timer reload value. CVE-2016-8667 openSUSE 13.2:xen-4.4.4_06-58.1 openSUSE 13.2:xen-debugsource-4.4.4_06-58.1 openSUSE 13.2:xen-devel-4.4.4_06-58.1 openSUSE 13.2:xen-doc-html-4.4.4_06-58.1 openSUSE 13.2:xen-kmp-default-4.4.4_06_k3.16.7_53-58.1 openSUSE 13.2:xen-kmp-default-debuginfo-4.4.4_06_k3.16.7_53-58.1 openSUSE 13.2:xen-kmp-desktop-4.4.4_06_k3.16.7_53-58.1 openSUSE 13.2:xen-kmp-desktop-debuginfo-4.4.4_06_k3.16.7_53-58.1 openSUSE 13.2:xen-libs-32bit-4.4.4_06-58.1 openSUSE 13.2:xen-libs-4.4.4_06-58.1 openSUSE 13.2:xen-libs-debuginfo-32bit-4.4.4_06-58.1 openSUSE 13.2:xen-libs-debuginfo-4.4.4_06-58.1 openSUSE 13.2:xen-tools-4.4.4_06-58.1 openSUSE 13.2:xen-tools-debuginfo-4.4.4_06-58.1 openSUSE 13.2:xen-tools-domU-4.4.4_06-58.1 openSUSE 13.2:xen-tools-domU-debuginfo-4.4.4_06-58.1 moderate 4.3 AV:L/AC:M/Au:S/C:N/I:N/A:C Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00003.html https://www.suse.com/security/cve/CVE-2016-8667.html CVE-2016-8667 https://bugzilla.suse.com/1004702 SUSE Bug 1004702 https://bugzilla.suse.com/1005004 SUSE Bug 1005004 The serial_update_parameters function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving a value of divider greater than baud base. CVE-2016-8669 openSUSE 13.2:xen-4.4.4_06-58.1 openSUSE 13.2:xen-debugsource-4.4.4_06-58.1 openSUSE 13.2:xen-devel-4.4.4_06-58.1 openSUSE 13.2:xen-doc-html-4.4.4_06-58.1 openSUSE 13.2:xen-kmp-default-4.4.4_06_k3.16.7_53-58.1 openSUSE 13.2:xen-kmp-default-debuginfo-4.4.4_06_k3.16.7_53-58.1 openSUSE 13.2:xen-kmp-desktop-4.4.4_06_k3.16.7_53-58.1 openSUSE 13.2:xen-kmp-desktop-debuginfo-4.4.4_06_k3.16.7_53-58.1 openSUSE 13.2:xen-libs-32bit-4.4.4_06-58.1 openSUSE 13.2:xen-libs-4.4.4_06-58.1 openSUSE 13.2:xen-libs-debuginfo-32bit-4.4.4_06-58.1 openSUSE 13.2:xen-libs-debuginfo-4.4.4_06-58.1 openSUSE 13.2:xen-tools-4.4.4_06-58.1 openSUSE 13.2:xen-tools-debuginfo-4.4.4_06-58.1 openSUSE 13.2:xen-tools-domU-4.4.4_06-58.1 openSUSE 13.2:xen-tools-domU-debuginfo-4.4.4_06-58.1 moderate 4.3 AV:L/AC:M/Au:S/C:N/I:N/A:C Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00003.html https://www.suse.com/security/cve/CVE-2016-8669.html CVE-2016-8669 https://bugzilla.suse.com/1004707 SUSE Bug 1004707 https://bugzilla.suse.com/1005005 SUSE Bug 1005005 The intel_hda_xfer function in hw/audio/intel-hda.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via an entry with the same value for buffer length and pointer position. CVE-2016-8909 openSUSE 13.2:xen-4.4.4_06-58.1 openSUSE 13.2:xen-debugsource-4.4.4_06-58.1 openSUSE 13.2:xen-devel-4.4.4_06-58.1 openSUSE 13.2:xen-doc-html-4.4.4_06-58.1 openSUSE 13.2:xen-kmp-default-4.4.4_06_k3.16.7_53-58.1 openSUSE 13.2:xen-kmp-default-debuginfo-4.4.4_06_k3.16.7_53-58.1 openSUSE 13.2:xen-kmp-desktop-4.4.4_06_k3.16.7_53-58.1 openSUSE 13.2:xen-kmp-desktop-debuginfo-4.4.4_06_k3.16.7_53-58.1 openSUSE 13.2:xen-libs-32bit-4.4.4_06-58.1 openSUSE 13.2:xen-libs-4.4.4_06-58.1 openSUSE 13.2:xen-libs-debuginfo-32bit-4.4.4_06-58.1 openSUSE 13.2:xen-libs-debuginfo-4.4.4_06-58.1 openSUSE 13.2:xen-tools-4.4.4_06-58.1 openSUSE 13.2:xen-tools-debuginfo-4.4.4_06-58.1 openSUSE 13.2:xen-tools-domU-4.4.4_06-58.1 openSUSE 13.2:xen-tools-domU-debuginfo-4.4.4_06-58.1 moderate 2.1 AV:N/AC:H/Au:S/C:N/I:N/A:P Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00003.html https://www.suse.com/security/cve/CVE-2016-8909.html CVE-2016-8909 https://bugzilla.suse.com/1006536 SUSE Bug 1006536 https://bugzilla.suse.com/1007160 SUSE Bug 1007160 The rtl8139_cplus_transmit function in hw/net/rtl8139.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) by leveraging failure to limit the ring descriptor count. CVE-2016-8910 openSUSE 13.2:xen-4.4.4_06-58.1 openSUSE 13.2:xen-debugsource-4.4.4_06-58.1 openSUSE 13.2:xen-devel-4.4.4_06-58.1 openSUSE 13.2:xen-doc-html-4.4.4_06-58.1 openSUSE 13.2:xen-kmp-default-4.4.4_06_k3.16.7_53-58.1 openSUSE 13.2:xen-kmp-default-debuginfo-4.4.4_06_k3.16.7_53-58.1 openSUSE 13.2:xen-kmp-desktop-4.4.4_06_k3.16.7_53-58.1 openSUSE 13.2:xen-kmp-desktop-debuginfo-4.4.4_06_k3.16.7_53-58.1 openSUSE 13.2:xen-libs-32bit-4.4.4_06-58.1 openSUSE 13.2:xen-libs-4.4.4_06-58.1 openSUSE 13.2:xen-libs-debuginfo-32bit-4.4.4_06-58.1 openSUSE 13.2:xen-libs-debuginfo-4.4.4_06-58.1 openSUSE 13.2:xen-tools-4.4.4_06-58.1 openSUSE 13.2:xen-tools-debuginfo-4.4.4_06-58.1 openSUSE 13.2:xen-tools-domU-4.4.4_06-58.1 openSUSE 13.2:xen-tools-domU-debuginfo-4.4.4_06-58.1 moderate 3.4 AV:N/AC:M/Au:S/C:N/I:N/A:P Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00003.html https://www.suse.com/security/cve/CVE-2016-8910.html CVE-2016-8910 https://bugzilla.suse.com/1006538 SUSE Bug 1006538 https://bugzilla.suse.com/1007157 SUSE Bug 1007157 https://bugzilla.suse.com/1024178 SUSE Bug 1024178 The pygrub boot loader emulator in Xen, when S-expression output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via string quotes and S-expressions in the bootloader configuration file. CVE-2016-9379 openSUSE 13.2:xen-4.4.4_06-58.1 openSUSE 13.2:xen-debugsource-4.4.4_06-58.1 openSUSE 13.2:xen-devel-4.4.4_06-58.1 openSUSE 13.2:xen-doc-html-4.4.4_06-58.1 openSUSE 13.2:xen-kmp-default-4.4.4_06_k3.16.7_53-58.1 openSUSE 13.2:xen-kmp-default-debuginfo-4.4.4_06_k3.16.7_53-58.1 openSUSE 13.2:xen-kmp-desktop-4.4.4_06_k3.16.7_53-58.1 openSUSE 13.2:xen-kmp-desktop-debuginfo-4.4.4_06_k3.16.7_53-58.1 openSUSE 13.2:xen-libs-32bit-4.4.4_06-58.1 openSUSE 13.2:xen-libs-4.4.4_06-58.1 openSUSE 13.2:xen-libs-debuginfo-32bit-4.4.4_06-58.1 openSUSE 13.2:xen-libs-debuginfo-4.4.4_06-58.1 openSUSE 13.2:xen-tools-4.4.4_06-58.1 openSUSE 13.2:xen-tools-debuginfo-4.4.4_06-58.1 openSUSE 13.2:xen-tools-domU-4.4.4_06-58.1 openSUSE 13.2:xen-tools-domU-debuginfo-4.4.4_06-58.1 important 6.5 AV:L/AC:M/Au:S/C:C/I:C/A:C Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00003.html https://www.suse.com/security/cve/CVE-2016-9379.html CVE-2016-9379 https://bugzilla.suse.com/1009111 SUSE Bug 1009111 The pygrub boot loader emulator in Xen, when nul-delimited output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via NUL bytes in the bootloader configuration file. CVE-2016-9380 openSUSE 13.2:xen-4.4.4_06-58.1 openSUSE 13.2:xen-debugsource-4.4.4_06-58.1 openSUSE 13.2:xen-devel-4.4.4_06-58.1 openSUSE 13.2:xen-doc-html-4.4.4_06-58.1 openSUSE 13.2:xen-kmp-default-4.4.4_06_k3.16.7_53-58.1 openSUSE 13.2:xen-kmp-default-debuginfo-4.4.4_06_k3.16.7_53-58.1 openSUSE 13.2:xen-kmp-desktop-4.4.4_06_k3.16.7_53-58.1 openSUSE 13.2:xen-kmp-desktop-debuginfo-4.4.4_06_k3.16.7_53-58.1 openSUSE 13.2:xen-libs-32bit-4.4.4_06-58.1 openSUSE 13.2:xen-libs-4.4.4_06-58.1 openSUSE 13.2:xen-libs-debuginfo-32bit-4.4.4_06-58.1 openSUSE 13.2:xen-libs-debuginfo-4.4.4_06-58.1 openSUSE 13.2:xen-tools-4.4.4_06-58.1 openSUSE 13.2:xen-tools-debuginfo-4.4.4_06-58.1 openSUSE 13.2:xen-tools-domU-4.4.4_06-58.1 openSUSE 13.2:xen-tools-domU-debuginfo-4.4.4_06-58.1 important 6.5 AV:L/AC:M/Au:S/C:C/I:C/A:C Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00003.html https://www.suse.com/security/cve/CVE-2016-9380.html CVE-2016-9380 https://bugzilla.suse.com/1009111 SUSE Bug 1009111 Race condition in QEMU in Xen allows local x86 HVM guest OS administrators to gain privileges by changing certain data on shared rings, aka a "double fetch" vulnerability. CVE-2016-9381 openSUSE 13.2:xen-4.4.4_06-58.1 openSUSE 13.2:xen-debugsource-4.4.4_06-58.1 openSUSE 13.2:xen-devel-4.4.4_06-58.1 openSUSE 13.2:xen-doc-html-4.4.4_06-58.1 openSUSE 13.2:xen-kmp-default-4.4.4_06_k3.16.7_53-58.1 openSUSE 13.2:xen-kmp-default-debuginfo-4.4.4_06_k3.16.7_53-58.1 openSUSE 13.2:xen-kmp-desktop-4.4.4_06_k3.16.7_53-58.1 openSUSE 13.2:xen-kmp-desktop-debuginfo-4.4.4_06_k3.16.7_53-58.1 openSUSE 13.2:xen-libs-32bit-4.4.4_06-58.1 openSUSE 13.2:xen-libs-4.4.4_06-58.1 openSUSE 13.2:xen-libs-debuginfo-32bit-4.4.4_06-58.1 openSUSE 13.2:xen-libs-debuginfo-4.4.4_06-58.1 openSUSE 13.2:xen-tools-4.4.4_06-58.1 openSUSE 13.2:xen-tools-debuginfo-4.4.4_06-58.1 openSUSE 13.2:xen-tools-domU-4.4.4_06-58.1 openSUSE 13.2:xen-tools-domU-debuginfo-4.4.4_06-58.1 important 6.0 AV:L/AC:H/Au:S/C:C/I:C/A:C Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00003.html https://www.suse.com/security/cve/CVE-2016-9381.html CVE-2016-9381 https://bugzilla.suse.com/1009109 SUSE Bug 1009109 Xen 4.0.x through 4.7.x mishandle x86 task switches to VM86 mode, which allows local 32-bit x86 HVM guest OS users to gain privileges or cause a denial of service (guest OS crash) by leveraging a guest operating system that uses hardware task switching and allows a new task to start in VM86 mode. CVE-2016-9382 openSUSE 13.2:xen-4.4.4_06-58.1 openSUSE 13.2:xen-debugsource-4.4.4_06-58.1 openSUSE 13.2:xen-devel-4.4.4_06-58.1 openSUSE 13.2:xen-doc-html-4.4.4_06-58.1 openSUSE 13.2:xen-kmp-default-4.4.4_06_k3.16.7_53-58.1 openSUSE 13.2:xen-kmp-default-debuginfo-4.4.4_06_k3.16.7_53-58.1 openSUSE 13.2:xen-kmp-desktop-4.4.4_06_k3.16.7_53-58.1 openSUSE 13.2:xen-kmp-desktop-debuginfo-4.4.4_06_k3.16.7_53-58.1 openSUSE 13.2:xen-libs-32bit-4.4.4_06-58.1 openSUSE 13.2:xen-libs-4.4.4_06-58.1 openSUSE 13.2:xen-libs-debuginfo-32bit-4.4.4_06-58.1 openSUSE 13.2:xen-libs-debuginfo-4.4.4_06-58.1 openSUSE 13.2:xen-tools-4.4.4_06-58.1 openSUSE 13.2:xen-tools-debuginfo-4.4.4_06-58.1 openSUSE 13.2:xen-tools-domU-4.4.4_06-58.1 openSUSE 13.2:xen-tools-domU-debuginfo-4.4.4_06-58.1 important 6.5 AV:L/AC:M/Au:S/C:C/I:C/A:C Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00003.html https://www.suse.com/security/cve/CVE-2016-9382.html CVE-2016-9382 https://bugzilla.suse.com/1009103 SUSE Bug 1009103 Xen, when running on a 64-bit hypervisor, allows local x86 guest OS users to modify arbitrary memory and consequently obtain sensitive information, cause a denial of service (host crash), or execute arbitrary code on the host by leveraging broken emulation of bit test instructions. CVE-2016-9383 openSUSE 13.2:xen-4.4.4_06-58.1 openSUSE 13.2:xen-debugsource-4.4.4_06-58.1 openSUSE 13.2:xen-devel-4.4.4_06-58.1 openSUSE 13.2:xen-doc-html-4.4.4_06-58.1 openSUSE 13.2:xen-kmp-default-4.4.4_06_k3.16.7_53-58.1 openSUSE 13.2:xen-kmp-default-debuginfo-4.4.4_06_k3.16.7_53-58.1 openSUSE 13.2:xen-kmp-desktop-4.4.4_06_k3.16.7_53-58.1 openSUSE 13.2:xen-kmp-desktop-debuginfo-4.4.4_06_k3.16.7_53-58.1 openSUSE 13.2:xen-libs-32bit-4.4.4_06-58.1 openSUSE 13.2:xen-libs-4.4.4_06-58.1 openSUSE 13.2:xen-libs-debuginfo-32bit-4.4.4_06-58.1 openSUSE 13.2:xen-libs-debuginfo-4.4.4_06-58.1 openSUSE 13.2:xen-tools-4.4.4_06-58.1 openSUSE 13.2:xen-tools-debuginfo-4.4.4_06-58.1 openSUSE 13.2:xen-tools-domU-4.4.4_06-58.1 openSUSE 13.2:xen-tools-domU-debuginfo-4.4.4_06-58.1 important 6.5 AV:L/AC:M/Au:S/C:C/I:C/A:C Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00003.html https://www.suse.com/security/cve/CVE-2016-9383.html CVE-2016-9383 https://bugzilla.suse.com/1009107 SUSE Bug 1009107 The x86 segment base write emulation functionality in Xen 4.4.x through 4.7.x allows local x86 PV guest OS administrators to cause a denial of service (host crash) by leveraging lack of canonical address checks. CVE-2016-9385 openSUSE 13.2:xen-4.4.4_06-58.1 openSUSE 13.2:xen-debugsource-4.4.4_06-58.1 openSUSE 13.2:xen-devel-4.4.4_06-58.1 openSUSE 13.2:xen-doc-html-4.4.4_06-58.1 openSUSE 13.2:xen-kmp-default-4.4.4_06_k3.16.7_53-58.1 openSUSE 13.2:xen-kmp-default-debuginfo-4.4.4_06_k3.16.7_53-58.1 openSUSE 13.2:xen-kmp-desktop-4.4.4_06_k3.16.7_53-58.1 openSUSE 13.2:xen-kmp-desktop-debuginfo-4.4.4_06_k3.16.7_53-58.1 openSUSE 13.2:xen-libs-32bit-4.4.4_06-58.1 openSUSE 13.2:xen-libs-4.4.4_06-58.1 openSUSE 13.2:xen-libs-debuginfo-32bit-4.4.4_06-58.1 openSUSE 13.2:xen-libs-debuginfo-4.4.4_06-58.1 openSUSE 13.2:xen-tools-4.4.4_06-58.1 openSUSE 13.2:xen-tools-debuginfo-4.4.4_06-58.1 openSUSE 13.2:xen-tools-domU-4.4.4_06-58.1 openSUSE 13.2:xen-tools-domU-debuginfo-4.4.4_06-58.1 important 4.3 AV:L/AC:M/Au:S/C:N/I:N/A:C Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00003.html https://www.suse.com/security/cve/CVE-2016-9385.html CVE-2016-9385 https://bugzilla.suse.com/1009104 SUSE Bug 1009104 The x86 emulator in Xen does not properly treat x86 NULL segments as unusable when accessing memory, which might allow local HVM guest users to gain privileges via vectors involving "unexpected" base/limit values. CVE-2016-9386 openSUSE 13.2:xen-4.4.4_06-58.1 openSUSE 13.2:xen-debugsource-4.4.4_06-58.1 openSUSE 13.2:xen-devel-4.4.4_06-58.1 openSUSE 13.2:xen-doc-html-4.4.4_06-58.1 openSUSE 13.2:xen-kmp-default-4.4.4_06_k3.16.7_53-58.1 openSUSE 13.2:xen-kmp-default-debuginfo-4.4.4_06_k3.16.7_53-58.1 openSUSE 13.2:xen-kmp-desktop-4.4.4_06_k3.16.7_53-58.1 openSUSE 13.2:xen-kmp-desktop-debuginfo-4.4.4_06_k3.16.7_53-58.1 openSUSE 13.2:xen-libs-32bit-4.4.4_06-58.1 openSUSE 13.2:xen-libs-4.4.4_06-58.1 openSUSE 13.2:xen-libs-debuginfo-32bit-4.4.4_06-58.1 openSUSE 13.2:xen-libs-debuginfo-4.4.4_06-58.1 openSUSE 13.2:xen-tools-4.4.4_06-58.1 openSUSE 13.2:xen-tools-debuginfo-4.4.4_06-58.1 openSUSE 13.2:xen-tools-domU-4.4.4_06-58.1 openSUSE 13.2:xen-tools-domU-debuginfo-4.4.4_06-58.1 important 6.5 AV:L/AC:M/Au:S/C:C/I:C/A:C Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00003.html https://www.suse.com/security/cve/CVE-2016-9386.html CVE-2016-9386 https://bugzilla.suse.com/1009100 SUSE Bug 1009100 The (1) ioport_read and (2) ioport_write functions in Xen, when qemu is used as a device model within Xen, might allow local x86 HVM guest OS administrators to gain qemu process privileges via vectors involving an out-of-range ioport access. CVE-2016-9637 openSUSE 13.2:xen-4.4.4_06-58.1 openSUSE 13.2:xen-debugsource-4.4.4_06-58.1 openSUSE 13.2:xen-devel-4.4.4_06-58.1 openSUSE 13.2:xen-doc-html-4.4.4_06-58.1 openSUSE 13.2:xen-kmp-default-4.4.4_06_k3.16.7_53-58.1 openSUSE 13.2:xen-kmp-default-debuginfo-4.4.4_06_k3.16.7_53-58.1 openSUSE 13.2:xen-kmp-desktop-4.4.4_06_k3.16.7_53-58.1 openSUSE 13.2:xen-kmp-desktop-debuginfo-4.4.4_06_k3.16.7_53-58.1 openSUSE 13.2:xen-libs-32bit-4.4.4_06-58.1 openSUSE 13.2:xen-libs-4.4.4_06-58.1 openSUSE 13.2:xen-libs-debuginfo-32bit-4.4.4_06-58.1 openSUSE 13.2:xen-libs-debuginfo-4.4.4_06-58.1 openSUSE 13.2:xen-tools-4.4.4_06-58.1 openSUSE 13.2:xen-tools-debuginfo-4.4.4_06-58.1 openSUSE 13.2:xen-tools-domU-4.4.4_06-58.1 openSUSE 13.2:xen-tools-domU-debuginfo-4.4.4_06-58.1 important 6.4 AV:A/AC:H/Au:S/C:C/I:C/A:C Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00003.html https://www.suse.com/security/cve/CVE-2016-9637.html CVE-2016-9637 https://bugzilla.suse.com/1011652 SUSE Bug 1011652 CMPXCHG8B emulation in Xen 3.3.x through 4.7.x on x86 systems allows local HVM guest OS users to obtain sensitive information from host stack memory via a "supposedly-ignored" operand size prefix. CVE-2016-9932 openSUSE 13.2:xen-4.4.4_06-58.1 openSUSE 13.2:xen-debugsource-4.4.4_06-58.1 openSUSE 13.2:xen-devel-4.4.4_06-58.1 openSUSE 13.2:xen-doc-html-4.4.4_06-58.1 openSUSE 13.2:xen-kmp-default-4.4.4_06_k3.16.7_53-58.1 openSUSE 13.2:xen-kmp-default-debuginfo-4.4.4_06_k3.16.7_53-58.1 openSUSE 13.2:xen-kmp-desktop-4.4.4_06_k3.16.7_53-58.1 openSUSE 13.2:xen-kmp-desktop-debuginfo-4.4.4_06_k3.16.7_53-58.1 openSUSE 13.2:xen-libs-32bit-4.4.4_06-58.1 openSUSE 13.2:xen-libs-4.4.4_06-58.1 openSUSE 13.2:xen-libs-debuginfo-32bit-4.4.4_06-58.1 openSUSE 13.2:xen-libs-debuginfo-4.4.4_06-58.1 openSUSE 13.2:xen-tools-4.4.4_06-58.1 openSUSE 13.2:xen-tools-debuginfo-4.4.4_06-58.1 openSUSE 13.2:xen-tools-domU-4.4.4_06-58.1 openSUSE 13.2:xen-tools-domU-debuginfo-4.4.4_06-58.1 important 0.9 AV:L/AC:H/Au:S/C:P/I:N/A:N Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00003.html https://www.suse.com/security/cve/CVE-2016-9932.html CVE-2016-9932 https://bugzilla.suse.com/1012651 SUSE Bug 1012651 https://bugzilla.suse.com/1016340 SUSE Bug 1016340