SB2015032703 - SUSE Linux update for Xen

Description

This security bulletin contains information about 8 secuirty vulnerabilities.

1) Information disclosure (CVE-ID: CVE-2014-3615)

The vulnerability allows a local non-authenticated attacker to gain access to sensitive information.

The VGA emulator in QEMU allows local guest users to read host memory by setting the display to a high resolution.

2) Input validation error (CVE-ID: CVE-2014-9065)

The vulnerability allows a local #AU# to perform a denial of service (DoS) attack.

common/spinlock.c in Xen 4.4.x and earlier does not properly handle read and write locks, which allows local x86 guest users to cause a denial of service (write denial or NMI watchdog timeout and host crash) via a large number of read requests, a different vulnerability to CVE-2014-9066.

3) Input validation error (CVE-ID: CVE-2014-9066)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

Xen 4.4.x and earlier, when using a large number of VCPUs, does not properly handle read and write locks, which allows local x86 guest users to cause a denial of service (write denial or NMI watchdog timeout and host crash) via a large number of read requests, a different vulnerability than CVE-2014-9065.

4) Input validation error (CVE-ID: CVE-2015-0361)

The vulnerability allows remote domains to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can cause a denial of service (system crash) via a crafted hypercall during HVM guest teardown.

5) Information disclosure (CVE-ID: CVE-2015-2044)

The vulnerability allows a local non-authenticated attacker to gain access to sensitive information.

The emulation routines for unspecified X86 devices in Xen 3.2.x through 4.5.x does not properly initialize data, which allow local HVM guest users to obtain sensitive information via vectors involving an unsupported access size.

6) Information disclosure (CVE-ID: CVE-2015-2045)

The vulnerability allows a local non-authenticated attacker to gain access to sensitive information.

The HYPERVISOR_xen_version hypercall in Xen 3.2.x through 4.5.x does not properly initialize data structures, which allows local guest users to obtain sensitive information via unspecified vectors.

7) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2015-2151)

The vulnerability allows a local non-authenticated attacker to execute arbitrary code.

The x86 emulator in Xen 3.2.x through 4.5.x does not properly ignore segment overrides for instructions with register operands, which allows local guest users to obtain sensitive information, cause a denial of service (memory corruption), or possibly execute arbitrary code via unspecified vectors.

8) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2015-2152)

The vulnerability allows a remote non-authenticated attacker to manipulate data.

Xen 4.5.x and earlier enables certain default backends when emulating a VGA device for an x86 HVM guest qemu even when the configuration disables them, which allows local guest users to obtain access to the VGA console by (1) setting the DISPLAY environment variable, when compiled with SDL support, or connecting to the VNC server on (2) ::1 or (3) 127.0.0.1, when not compiled with SDL support.

Remediation

Install update from vendor's website.

References

• https://lists.opensuse.org/opensuse-security-announce/2015-03/msg00031.html