[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

SUSE-SU-2016:1318-1 -- Suse xen

ID: oval:org.secpod.oval:def:400737Date: (C)2016-12-27   (M)2023-02-20
Class: PATCHFamily: unix




xen was updated to fix 46 security issues. These security issues were fixed: - CVE-2013-4527: Buffer overflow in hw/timer/hpet.c might have allowed remote attackers to execute arbitrary code via vectors related to the number of timers . - CVE-2013-4529: Buffer overflow in hw/pci/pcie_aer.c allowed remote attackers to cause a denial of service and possibly execute arbitrary code via a large log_num value in a savevm image . - CVE-2013-4530: Buffer overflow in hw/ssi/pl022.c allowed remote attackers to cause a denial of service or possibly execute arbitrary code via crafted tx_fifo_head and rx_fifo_head values in a savevm image . - CVE-2013-4533: Buffer overflow in the pxa2xx_ssp_load function in hw/arm/pxa2xx.c allowed remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted s->rx_level value in a savevm image . - CVE-2013-4534: Buffer overflow in hw/intc/openpic.c allowed remote attackers to cause a denial of service or possibly execute arbitrary code via vectors related to IRQDest elements . - CVE-2013-4537: The ssi_sd_transfer function in hw/sd/ssi-sd.c allowed remote attackers to execute arbitrary code via a crafted arglen value in a savevm image . - CVE-2013-4538: Multiple buffer overflows in the ssd0323_load function in hw/display/ssd0323.c allowed remote attackers to cause a denial of service or possibly execute arbitrary code via crafted cmd_len, row, or col values; row_start and row_end values; or col_star and col_end values in a savevm image . - CVE-2013-4539: Multiple buffer overflows in the tsc210x_load function in hw/input/tsc210x.c might have allowed remote attackers to execute arbitrary code via a crafted precision, nextprecision, function, or nextfunction value in a savevm image . - CVE-2014-0222: Integer overflow in the qcow_open function in block/qcow.c allowed remote attackers to cause a denial of service via a large L2 table in a QCOW version 1 image . - CVE-2014-3640: The sosendto function in slirp/udp.c allowed local users to cause a denial of service by sending a udp packet with a value of 0 in the source port and address, which triggers access of an uninitialized socket . - CVE-2014-3689: The vmware-vga driver allowed local guest users to write to qemu memory locations and gain privileges via unspecified parameters related to rectangle handling . - CVE-2014-7815: The set_pixel_format function in ui/vnc.c allowed remote attackers to cause a denial of service via a small bytes_per_pixel value . - CVE-2014-9718: The BMDMA and AHCI HBA interfaces in the IDE functionality had multiple interpretations of a function"s return value, which allowed guest OS users to cause a host OS denial of service via a PRDT with zero complete sectors, related to the bmdma_prepare_buf and ahci_dma_prepare_buf functions . - CVE-2015-1779: The VNC websocket frame decoder allowed remote attackers to cause a denial of service via a large websocket payload or HTTP headers section . - CVE-2015-5278: Infinite loop in ne2000_receive function . - CVE-2015-6855: hw/ide/core.c did not properly restrict the commands accepted by an ATAPI device, which allowed guest users to cause a denial of service or possibly have unspecified other impact via certain IDE commands, as demonstrated by a WIN_READ_NATIVE_MAX command to an empty drive, which triggers a divide-by-zero error and instance crash . - CVE-2015-7512: Buffer overflow in the pcnet_receive function in hw/net/pcnet.c, when a guest NIC has a larger MTU, allowed remote attackers to cause a denial of service or execute arbitrary code via a large packet . - CVE-2015-7549: pci: NULL pointer dereference issue . - CVE-2015-8345: eepro100: infinite loop in processing command block list . - CVE-2015-8504: VNC: floating point exception . - CVE-2015-8550: Paravirtualized drivers were incautious about shared memory contents . - CVE-2015-8554: qemu-dm buffer overrun in MSI-X handling . - CVE-2015-8555: Information leak in legacy x86 FPU/XMM initialization . - CVE-2015-8558: Infinite loop in ehci_advance_state resulted in DoS . - CVE-2015-8567: vmxnet3: host memory leakage . - CVE-2015-8568: vmxnet3: host memory leakage . - CVE-2015-8613: SCSI: stack based buffer overflow in megasas_ctrl_get_info . - CVE-2015-8619: Stack based OOB write in hmp_sendkey routine . - CVE-2015-8743: ne2000: OOB memory access in ioport r/w functions . - CVE-2015-8744: vmxnet3: Incorrect l2 header validation lead to a crash via assert call . - CVE-2015-8745: Reading IMR registers lead to a crash via assert call . - CVE-2015-8817: OOB access in address_space_rw lead to segmentation fault . - CVE-2015-8818: OOB access in address_space_rw lead to segmentation fault . - CVE-2016-1568: AHCI use-after-free vulnerability in aio port commands . - CVE-2016-1570: The PV superpage functionality in arch/x86/mm.c allowed local PV guests to obtain sensitive information, cause a denial of service, gain privileges, or have unspecified other impact via a crafted page identifier to the MMUEXT_MARK_SUPER or MMUEXT_UNMARK_SUPER sub-op in the HYPERVISOR_mmuext_op hypercall or unknown vectors related to page table updates . - CVE-2016-1571: VMX: intercept issue with INVLPG on non-canonical address . - CVE-2016-1714: nvram: OOB r/w access in processing firmware configurations . - CVE-2016-1922: NULL pointer dereference in vapic_write . - CVE-2016-1981: e1000 infinite loop in start_xmit and e1000_receive_iov routines . - CVE-2016-2198: EHCI NULL pointer dereference in ehci_caps_write . - CVE-2016-2270: Xen allowed local guest administrators to cause a denial of service via vectors related to multiple mappings of MMIO pages with different cachability settings . - CVE-2016-2271: VMX when using an Intel or Cyrix CPU, allowed local HVM guest users to cause a denial of service via vectors related to a non-canonical RIP . - CVE-2016-2391: usb: multiple eof_timers in ohci module lead to NULL pointer dereference . - CVE-2016-2392: NULL pointer dereference in remote NDIS control message handling . - CVE-2016-2538: Integer overflow in remote NDIS control message handling . - XSA-166: ioreq handling possibly susceptible to multiple read issue . These non-security issues were fixed: - bsc#954872: script block-dmmd not working as expected - bsc#963923: domain weights not honored when sched-credit tslice is reduced - bsc#959695: Missing docs for xen

Platform:
SUSE Linux Enterprise Desktop 12
SUSE Linux Enterprise Server 12
Product:
xen
Reference:
SUSE-SU-2016:1318-1
CVE-2013-4527
CVE-2013-4529
CVE-2013-4530
CVE-2013-4533
CVE-2013-4534
CVE-2013-4537
CVE-2013-4538
CVE-2013-4539
CVE-2014-0222
CVE-2014-3640
CVE-2014-3689
CVE-2014-7815
CVE-2014-9718
CVE-2015-1779
CVE-2015-5278
CVE-2015-6855
CVE-2015-7512
CVE-2015-7549
CVE-2015-8345
CVE-2015-8504
CVE-2015-8550
CVE-2015-8554
CVE-2015-8555
CVE-2015-8558
CVE-2015-8567
CVE-2015-8568
CVE-2015-8613
CVE-2015-8619
CVE-2015-8743
CVE-2015-8744
CVE-2015-8745
CVE-2015-8817
CVE-2015-8818
CVE-2016-1568
CVE-2016-1570
CVE-2016-1571
CVE-2016-1714
CVE-2016-1922
CVE-2016-1981
CVE-2016-2198
CVE-2016-2270
CVE-2016-2271
CVE-2016-2391
CVE-2016-2392
CVE-2016-2538
CVE    45
CVE-2016-1922
CVE-2016-1568
CVE-2016-1714
CVE-2016-2198
...
CPE    4
cpe:/o:suse:suse_linux_enterprise_server:12
cpe:/a:xen:xen:4.4.0
cpe:/o:suse:suse_linux_enterprise_desktop:12
cpe:/a:xen:xen
...

© SecPod Technologies