openSUSE Security Update : xen (openSUSE-2017-4)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

This updates xen to version 4.5.5 to fix the following issues :

- An unprivileged user in a guest could gain guest could
escalate privilege to that of the guest kernel, if it
had could invoke the instruction emulator. Only 64-bit
x86 HVM guest were affected. Linux guest have not been
vulnerable. (boo#1016340, CVE-2016-10013)

- An unprivileged user in a 64 bit x86 guest could gain
information from the host, crash the host or gain
privilege of the host (boo#1009107, CVE-2016-9383)

- An unprivileged guest process could (unintentionally or
maliciously) obtain or ocorrupt sensitive information of
other programs in the same guest. Only x86 HVM guests
have been affected. The attacker needs to be able to
trigger the Xen instruction emulator. (boo#1000106,
CVE-2016-7777)

- A guest on x86 systems could read small parts of
hypervisor stack data (boo#1012651, CVE-2016-9932)

- A malicious guest kernel could hang or crash the host
system (boo#1014298, CVE-2016-10024)

- The epro100 emulated network device caused a memory leak
in the host when unplugged in the guest. A privileged
user in the guest could use this to cause a DoS on the
host or potentially crash the guest process on the host
(boo#1013668, CVE-2016-9101)

- The ColdFire Fast Ethernet Controller was vulnerable to
an infinite loop that could be trigged by a privileged
user in the guest, leading to DoS (boo#1013657,
CVE-2016-9776)

- A malicious guest administrator could escalate their
privilege to that of the host. Only affects x86 HVM
guests using qemu older version 1.6.0 or using the
qemu-xen-traditional. (boo#1011652, CVE-2016-9637)

- An unprivileged guest user could escalate privilege to
that of the guest administrator on x86 HVM guests,
especially on Intel CPUs (boo#1009100, CVE-2016-9386)

- An unprivileged guest user could escalate privilege to
that of the guest administrator (on AMD CPUs) or crash
the system (on Intel CPUs) on 32-bit x86 HVM guests.
Only guest operating systems that allowed a new task to
start in VM86 mode were affected. (boo#1009103,
CVE-2016-9382)

- A malicious guest administrator could crash the host on
x86 PV guests only (boo#1009104, CVE-2016-9385)

- An unprivileged guest user was able to crash the guest.
(boo#1009108, CVE-2016-9377, CVE-2016-9378)

- A malicious guest administrator could get privilege of
the host emulator process on x86 HVM guests.
(boo#1009109, CVE-2016-9381)

- A vulnerability in pygrub allowed a malicious guest
administrator to obtain the contents of sensitive host
files, or even delete those files (boo#1009111,
CVE-2016-9379, CVE-2016-9380)

- A privileged guest user could cause an infinite loop in
the RTL8139 ethernet emulation to consume CPU cycles on
the host, causing a DoS situation (boo#1007157,
CVE-2016-8910)

- A privileged guest user could cause an infinite loop in
the intel-hda sound emulation to consume CPU cycles on
the host, causing a DoS situation (boo#1007160,
CVE-2016-8909)

- A privileged guest user could cause a crash of the
emulator process on the host by exploiting a divide by
zero vulnerability of the JAZZ RC4030 chipset emulation
(boo#1005004 CVE-2016-8667)

- A privileged guest user could cause a crash of the
emulator process on the host by exploiting a divide by
zero issue of the 16550A UART emulation (boo#1005005,
CVE-2016-8669)

- A privileged guest user could cause a memory leak in the
USB EHCI emulation, causing a DoS situation on the host
(boo#1003870, CVE-2016-7995)

- A privileged guest user could cause an infinite loop in
the USB xHCI emulation, causing a DoS situation on the
host (boo#1004016, CVE-2016-8576)

- A privileged guest user could cause an infinite loop in
the ColdFire Fash Ethernet Controller emulation, causing
a DoS situation on the host (boo#1003030, CVE-2016-7908)

- A privileged guest user could cause an infinite loop in
the AMD PC-Net II emulation, causing a DoS situation on
the host (boo#1003032, CVE-2016-7909)

- Cause a reload of clvm in the block-dmmd script to avoid
a blocking lvchange call (boo#1002496)

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=1000106
https://bugzilla.opensuse.org/show_bug.cgi?id=1002496
https://bugzilla.opensuse.org/show_bug.cgi?id=1003030
https://bugzilla.opensuse.org/show_bug.cgi?id=1003032
https://bugzilla.opensuse.org/show_bug.cgi?id=1003870
https://bugzilla.opensuse.org/show_bug.cgi?id=1004016
https://bugzilla.opensuse.org/show_bug.cgi?id=1005004
https://bugzilla.opensuse.org/show_bug.cgi?id=1005005
https://bugzilla.opensuse.org/show_bug.cgi?id=1007157
https://bugzilla.opensuse.org/show_bug.cgi?id=1007160
https://bugzilla.opensuse.org/show_bug.cgi?id=1009100
https://bugzilla.opensuse.org/show_bug.cgi?id=1009103
https://bugzilla.opensuse.org/show_bug.cgi?id=1009104
https://bugzilla.opensuse.org/show_bug.cgi?id=1009107
https://bugzilla.opensuse.org/show_bug.cgi?id=1009108
https://bugzilla.opensuse.org/show_bug.cgi?id=1009109
https://bugzilla.opensuse.org/show_bug.cgi?id=1009111
https://bugzilla.opensuse.org/show_bug.cgi?id=1011652
https://bugzilla.opensuse.org/show_bug.cgi?id=1012651
https://bugzilla.opensuse.org/show_bug.cgi?id=1013657
https://bugzilla.opensuse.org/show_bug.cgi?id=1013668
https://bugzilla.opensuse.org/show_bug.cgi?id=1014298
https://bugzilla.opensuse.org/show_bug.cgi?id=1016340

Solution :

Update the affected xen packages.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)