{"affected":[{"ecosystem_specific":{"binaries":[{"xen":"4.2.5_21-35.1","xen-doc-html":"4.2.5_21-35.1","xen-doc-pdf":"4.2.5_21-35.1","xen-kmp-default":"4.2.5_21_3.0.101_0.47.96-35.1","xen-libs":"4.2.5_21-35.1","xen-libs-32bit":"4.2.5_21-35.1","xen-tools":"4.2.5_21-35.1","xen-tools-domU":"4.2.5_21-35.1"}]},"package":{"ecosystem":"SUSE:OpenStack Cloud 5","name":"xen","purl":"pkg:rpm/suse/xen&distro=SUSE%20OpenStack%20Cloud%205"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.2.5_21-35.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"xen":"4.2.5_21-35.1","xen-doc-html":"4.2.5_21-35.1","xen-doc-pdf":"4.2.5_21-35.1","xen-kmp-default":"4.2.5_21_3.0.101_0.47.96-35.1","xen-libs":"4.2.5_21-35.1","xen-libs-32bit":"4.2.5_21-35.1","xen-tools":"4.2.5_21-35.1","xen-tools-domU":"4.2.5_21-35.1"}]},"package":{"ecosystem":"SUSE:Manager 2.1","name":"xen","purl":"pkg:rpm/suse/xen&distro=SUSE%20Manager%202.1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.2.5_21-35.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"xen":"4.2.5_21-35.1","xen-doc-html":"4.2.5_21-35.1","xen-doc-pdf":"4.2.5_21-35.1","xen-kmp-default":"4.2.5_21_3.0.101_0.47.96-35.1","xen-libs":"4.2.5_21-35.1","xen-libs-32bit":"4.2.5_21-35.1","xen-tools":"4.2.5_21-35.1","xen-tools-domU":"4.2.5_21-35.1"}]},"package":{"ecosystem":"SUSE:Manager Proxy 2.1","name":"xen","purl":"pkg:rpm/suse/xen&distro=SUSE%20Manager%20Proxy%202.1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.2.5_21-35.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"xen-kmp-default":"4.2.5_21_3.0.101_0.47.96-35.1","xen-kmp-pae":"4.2.5_21_3.0.101_0.47.96-35.1","xen-libs":"4.2.5_21-35.1","xen-tools-domU":"4.2.5_21-35.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Point of Sale 11 SP3","name":"xen","purl":"pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.2.5_21-35.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"xen":"4.2.5_21-35.1","xen-doc-html":"4.2.5_21-35.1","xen-doc-pdf":"4.2.5_21-35.1","xen-kmp-default":"4.2.5_21_3.0.101_0.47.96-35.1","xen-kmp-pae":"4.2.5_21_3.0.101_0.47.96-35.1","xen-libs":"4.2.5_21-35.1","xen-libs-32bit":"4.2.5_21-35.1","xen-tools":"4.2.5_21-35.1","xen-tools-domU":"4.2.5_21-35.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 11 SP3-LTSS","name":"xen","purl":"pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.2.5_21-35.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"\nThis update for xen fixes several issues.\n\nThese security issues were fixed:\n\n- CVE-2016-10155: The virtual hardware watchdog 'wdt_i6300esb' was vulnerable to a memory leakage issue allowing a privileged user to cause a DoS and/or potentially crash the Qemu process on the host (bsc#1024183)\n- CVE-2017-2620: In CIRRUS_BLTMODE_MEMSYSSRC mode the bitblit copy routine cirrus_bitblt_cputovideo failed to check the memory region, allowing for an out-of-bounds write that allows for privilege escalation (bsc#1024834)\n- CVE-2017-2615: An error in the bitblt copy operation could have allowed a malicious guest administrator to cause an out of bounds memory access, possibly leading to information disclosure or privilege escalation (bsc#1023004)\n- CVE-2014-8106: A heap-based buffer overflow in the Cirrus VGA emulator allowed local guest users to execute arbitrary code via vectors related to blit regions (bsc#907805)\n- CVE-2016-9911: The USB EHCI Emulation support was vulnerable to a memory leakage issue while processing packet data in 'ehci_init_transfer'. A guest user/process could have used this issue to leak host memory, resulting in DoS for the host (bsc#1014507)\n- CVE-2016-9921: The Cirrus CLGD 54xx VGA Emulator support was vulnerable to a divide by zero issue while copying VGA data. A privileged user inside guest could have used this flaw to crash the process instance on the host, resulting in DoS (bsc#1015169)\n- CVE-2016-9922: The Cirrus CLGD 54xx VGA Emulator support was vulnerable to a divide by zero issue while copying VGA data. A privileged user inside guest could have used this flaw to crash the process instance on the host, resulting in DoS (bsc#1015169)\n- CVE-2016-10013: Xen allowed local 64-bit x86 HVM guest OS users to gain privileges by leveraging mishandling of SYSCALL singlestep during emulation (bsc#1016340).\n- CVE-2016-9932: CMPXCHG8B emulation on x86 systems allowed local HVM guest OS users to obtain sensitive information from host stack memory via a 'supposedly-ignored' operand size prefix (bsc#1012651).\n- CVE-2016-9101: A memory leak in hw/net/eepro100.c allowed local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by repeatedly unplugging an i8255x (PRO100) NIC device (bsc#1013668)\n- CVE-2016-9776: The ColdFire Fast Ethernet Controller emulator support was vulnerable to an infinite loop issue while receiving packets in 'mcf_fec_receive'. A privileged user/process inside guest could have used this issue to crash the Qemu process on the host leading to DoS (bsc#1013657)\n- A malicious guest could have, by frequently rebooting over extended periods of time, run the host system out of memory, resulting in a Denial of Service (DoS) (bsc#1022871)\n- CVE-2016-10024: Xen allowed local x86 PV guest OS kernel administrators to cause a denial of service (host hang or crash) by modifying the instruction stream asynchronously while performing certain kernel operations (bsc#1014298)\n\nThis non-security issue was fixed:\n\n- bsc#1002496: Added support for reloading clvm in block-dmmd block-dmmd\n","id":"SUSE-SU-2017:0718-1","modified":"2017-03-17T07:43:02Z","published":"2017-03-17T07:43:02Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2017/suse-su-20170718-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1002496"},{"type":"REPORT","url":"https://bugzilla.suse.com/1012651"},{"type":"REPORT","url":"https://bugzilla.suse.com/1013657"},{"type":"REPORT","url":"https://bugzilla.suse.com/1013668"},{"type":"REPORT","url":"https://bugzilla.suse.com/1014298"},{"type":"REPORT","url":"https://bugzilla.suse.com/1014507"},{"type":"REPORT","url":"https://bugzilla.suse.com/1015169"},{"type":"REPORT","url":"https://bugzilla.suse.com/1016340"},{"type":"REPORT","url":"https://bugzilla.suse.com/1022871"},{"type":"REPORT","url":"https://bugzilla.suse.com/1023004"},{"type":"REPORT","url":"https://bugzilla.suse.com/1024183"},{"type":"REPORT","url":"https://bugzilla.suse.com/1024834"},{"type":"REPORT","url":"https://bugzilla.suse.com/907805"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2014-8106"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-10013"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-10024"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-10155"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-9101"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-9776"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-9911"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-9921"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-9922"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-9932"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-2615"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-2620"}],"related":["CVE-2014-8106","CVE-2016-10013","CVE-2016-10024","CVE-2016-10155","CVE-2016-9101","CVE-2016-9776","CVE-2016-9911","CVE-2016-9921","CVE-2016-9922","CVE-2016-9932","CVE-2017-2615","CVE-2017-2620"],"summary":"Security update for xen","upstream":["CVE-2014-8106","CVE-2016-10013","CVE-2016-10024","CVE-2016-10155","CVE-2016-9101","CVE-2016-9776","CVE-2016-9911","CVE-2016-9921","CVE-2016-9922","CVE-2016-9932","CVE-2017-2615","CVE-2017-2620"]}