SUSE SLES11 Security Update : xen (SUSE-SU-2016:2507-1) (Bunker Buster)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote SUSE host is missing one or more security updates.

Description :

This update for xen fixes several issues. These security issues were
fixed :

- CVE-2016-7092: The get_page_from_l3e function in
arch/x86/mm.c in Xen allowed local 32-bit PV guest OS
administrators to gain host OS privileges via vectors
related to L3 recursive pagetables (bsc#995785)

- CVE-2016-7093: Xen allowed local HVM guest OS
administrators to overwrite hypervisor memory and
consequently gain host OS privileges by leveraging
mishandling of instruction pointer truncation during
emulation (bsc#995789)

- CVE-2016-7094: Buffer overflow in Xen allowed local x86
HVM guest OS administrators on guests running with
shadow paging to cause a denial of service via a
pagetable update (bsc#995792)

- CVE-2016-7154: Use-after-free vulnerability in the FIFO
event channel code in Xen allowed local guest OS
administrators to cause a denial of service (host crash)
and possibly execute arbitrary code or obtain sensitive
information via an invalid guest frame number
(bsc#997731)

- CVE-2016-6836: VMWARE VMXNET3 NIC device allowed
privileged user inside the guest to leak information. It
occured while processing transmit(tx) queue, when it
reaches the end of packet (bsc#994761)

- CVE-2016-6888: A integer overflow int the VMWARE VMXNET3
NIC device support, during the initialisation of new
packets in the device, could have allowed a privileged
user inside guest to crash the Qemu instance resulting
in DoS (bsc#994772)

- CVE-2016-6833: A use-after-free issue in the VMWARE
VMXNET3 NIC device support allowed privileged user
inside guest to crash the Qemu instance resulting in DoS
(bsc#994775)

- CVE-2016-6835: Buffer overflow in the VMWARE VMXNET3 NIC
device support, causing an OOB read access (bsc#994625)

- CVE-2016-6834: A infinite loop during packet
fragmentation in the VMWARE VMXNET3 NIC device support
allowed privileged user inside guest to crash the Qemu
instance resulting in DoS (bsc#994421)

- CVE-2016-6258: The PV pagetable code in arch/x86/mm.c in
Xen allowed local 32-bit PV guest OS administrators to
gain host OS privileges by leveraging fast-paths for
updating pagetable entries (bsc#988675) These
non-security issues were fixed :

- bsc#993507: virsh detach-disk failing to detach disk

- bsc#991934: Xen hypervisor crash in csched_acct

- bsc#992224: During boot of Xen Hypervisor, Failed to get
contiguous memory for DMA

- bsc#970135: New virtualization project clock test
randomly fails on Xen

- bsc#994136: Unplug also SCSI disks in
qemu-xen-traditional for upstream unplug protocol

- bsc#994136: xen_platform: unplug also SCSI disks in
qemu-xen

- bsc#971949: xl: Support (by ignoring) xl migrate --live.
xl migrations are always live

- bsc#990970: Add PMU support for Intel E7-8867 v4 (fam=6,
model=79)

- bsc#966467: Live Migration SLES 11 SP3 to SP4 on AMD

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

https://bugzilla.suse.com/966467
https://bugzilla.suse.com/970135
https://bugzilla.suse.com/971949
https://bugzilla.suse.com/988675
https://bugzilla.suse.com/990970
https://bugzilla.suse.com/991934
https://bugzilla.suse.com/992224
https://bugzilla.suse.com/993507
https://bugzilla.suse.com/994136
https://bugzilla.suse.com/994421
https://bugzilla.suse.com/994625
https://bugzilla.suse.com/994761
https://bugzilla.suse.com/994772
https://bugzilla.suse.com/994775
https://bugzilla.suse.com/995785
https://bugzilla.suse.com/995789
https://bugzilla.suse.com/995792
https://bugzilla.suse.com/997731
https://www.suse.com/security/cve/CVE-2016-6258.html
https://www.suse.com/security/cve/CVE-2016-6833.html
https://www.suse.com/security/cve/CVE-2016-6834.html
https://www.suse.com/security/cve/CVE-2016-6835.html
https://www.suse.com/security/cve/CVE-2016-6836.html
https://www.suse.com/security/cve/CVE-2016-6888.html
https://www.suse.com/security/cve/CVE-2016-7092.html
https://www.suse.com/security/cve/CVE-2016-7093.html
https://www.suse.com/security/cve/CVE-2016-7094.html
https://www.suse.com/security/cve/CVE-2016-7154.html
http://www.nessus.org/u?1084125a

Solution :

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t
patch sdksp4-xen-12782=1

SUSE Linux Enterprise Server 11-SP4:zypper in -t patch
slessp4-xen-12782=1

SUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch
dbgsp4-xen-12782=1

To bring your system up-to-date, use 'zypper patch'.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.1
(CVSS2#E:U/RL:ND/RC:C)
Public Exploit Available : false

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now