SUSE-SU-2016:2473-1
Vulnerability from csaf_suse - Published: 2016-10-07 09:05 - Updated: 2016-10-07 09:05Summary
Security update for xen
Severity
Important
Notes
Title of the patch: Security update for xen
Description of the patch: This update for xen fixes several issues.
These security issues were fixed:
- CVE-2016-7092: The get_page_from_l3e function in arch/x86/mm.c in Xen allowed local 32-bit PV guest OS administrators to gain host OS privileges via vectors related to L3 recursive pagetables (bsc#995785).
- CVE-2016-7093: Xen allowed local HVM guest OS administrators to overwrite hypervisor memory and consequently gain host OS privileges by leveraging mishandling of instruction pointer truncation during emulation (bsc#995789).
- CVE-2016-7094: Buffer overflow in Xen allowed local x86 HVM guest OS administrators on guests running with shadow paging to cause a denial of service via a pagetable update (bsc#995792).
- CVE-2016-6836: Information leakage in vmxnet3_complete_packet (bsc#994761).
- CVE-2016-6888: Integer overflow in packet initialisation in VMXNET3 device driver. Aprivileged user inside guest c... (bsc#994772).
- CVE-2016-6833: Use after free while writing (bsc#994775).
- CVE-2016-6835: Buffer overflow in vmxnet_tx_pkt_parse_headers() in vmxnet3 deviceemulation. (bsc#994625).
- CVE-2016-6834: An infinite loop during packet fragmentation (bsc#994421).
- CVE-2016-6258: The PV pagetable code in arch/x86/mm.c in Xen allowed local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries (bsc#988675).
- CVE-2016-6259: Xen did not implement Supervisor Mode Access Prevention (SMAP) whitelisting in 32-bit exception and event delivery, which allowed local 32-bit PV guest OS kernels to cause a denial of service (hypervisor and VM crash) by triggering a safety check (bsc#988676).
These non-security issues were fixed:
- bsc#991934: Hypervisor crash in csched_acct
- bsc#992224: During boot of Xen Hypervisor, failed to get contiguous memory for DMA
- bsc#955104: Virsh reports error 'one or more references were leaked after disconnect from hypervisor' when 'virsh save' failed due to 'no response from client after 6 keepalive messages'
- bsc#959552: Migration of HVM guest leads into libvirt segmentation fault
- bsc#993665: Migration of xen guests finishes in: One or more references were leaked after disconnect from the hypervisor
- bsc#959330: Guest migrations using virsh results in error 'Internal error: received hangup / error event on socket'
- bsc#990500: VM virsh migration fails with keepalive error: ':virKeepAliveTimerInternal:143 : No response from client'
- bsc#953518: Unplug also SCSI disks in qemu-xen-traditional for upstream unplug protocol
- bsc#953518: xen_platform: unplug also SCSI disks in qemu-xen
- bsc#971949: xl: Support (by ignoring) xl migrate --live. xl migrations are always live
- bsc#970135: New virtualization project clock test randomly fails on Xen
- bsc#990970: Add PMU support for Intel E7-8867 v4 (fam=6, model=79)
Patchnames: SUSE-SLE-DESKTOP-12-SP1-2016-1444,SUSE-SLE-SDK-12-SP1-2016-1444,SUSE-SLE-SERVER-12-SP1-2016-1444
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.2 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.2 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for xen",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for xen fixes several issues.\n\nThese security issues were fixed:\n- CVE-2016-7092: The get_page_from_l3e function in arch/x86/mm.c in Xen allowed local 32-bit PV guest OS administrators to gain host OS privileges via vectors related to L3 recursive pagetables (bsc#995785).\n- CVE-2016-7093: Xen allowed local HVM guest OS administrators to overwrite hypervisor memory and consequently gain host OS privileges by leveraging mishandling of instruction pointer truncation during emulation (bsc#995789).\n- CVE-2016-7094: Buffer overflow in Xen allowed local x86 HVM guest OS administrators on guests running with shadow paging to cause a denial of service via a pagetable update (bsc#995792).\n- CVE-2016-6836: Information leakage in vmxnet3_complete_packet (bsc#994761).\n- CVE-2016-6888: Integer overflow in packet initialisation in VMXNET3 device driver. Aprivileged user inside guest c... (bsc#994772).\n- CVE-2016-6833: Use after free while writing (bsc#994775).\n- CVE-2016-6835: Buffer overflow in vmxnet_tx_pkt_parse_headers() in vmxnet3 deviceemulation. (bsc#994625).\n- CVE-2016-6834: An infinite loop during packet fragmentation (bsc#994421).\n- CVE-2016-6258: The PV pagetable code in arch/x86/mm.c in Xen allowed local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries (bsc#988675).\n- CVE-2016-6259: Xen did not implement Supervisor Mode Access Prevention (SMAP) whitelisting in 32-bit exception and event delivery, which allowed local 32-bit PV guest OS kernels to cause a denial of service (hypervisor and VM crash) by triggering a safety check (bsc#988676).\n\nThese non-security issues were fixed:\n- bsc#991934: Hypervisor crash in csched_acct\n- bsc#992224: During boot of Xen Hypervisor, failed to get contiguous memory for DMA\n- bsc#955104: Virsh reports error \u0027one or more references were leaked after disconnect from hypervisor\u0027 when \u0027virsh save\u0027 failed due to \u0027no response from client after 6 keepalive messages\u0027\n- bsc#959552: Migration of HVM guest leads into libvirt segmentation fault\n- bsc#993665: Migration of xen guests finishes in: One or more references were leaked after disconnect from the hypervisor\n- bsc#959330: Guest migrations using virsh results in error \u0027Internal error: received hangup / error event on socket\u0027\n- bsc#990500: VM virsh migration fails with keepalive error: \u0027:virKeepAliveTimerInternal:143 : No response from client\u0027\n- bsc#953518: Unplug also SCSI disks in qemu-xen-traditional for upstream unplug protocol\n- bsc#953518: xen_platform: unplug also SCSI disks in qemu-xen\n- bsc#971949: xl: Support (by ignoring) xl migrate --live. xl migrations are always live\n- bsc#970135: New virtualization project clock test randomly fails on Xen\n- bsc#990970: Add PMU support for Intel E7-8867 v4 (fam=6, model=79)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-DESKTOP-12-SP1-2016-1444,SUSE-SLE-SDK-12-SP1-2016-1444,SUSE-SLE-SERVER-12-SP1-2016-1444",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2016_2473-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2016:2473-1",
"url": "https://www.suse.com/support/update/announcement/2016/suse-su-20162473-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2016:2473-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2016-October/002317.html"
},
{
"category": "self",
"summary": "SUSE Bug 953518",
"url": "https://bugzilla.suse.com/953518"
},
{
"category": "self",
"summary": "SUSE Bug 955104",
"url": "https://bugzilla.suse.com/955104"
},
{
"category": "self",
"summary": "SUSE Bug 959330",
"url": "https://bugzilla.suse.com/959330"
},
{
"category": "self",
"summary": "SUSE Bug 959552",
"url": "https://bugzilla.suse.com/959552"
},
{
"category": "self",
"summary": "SUSE Bug 970135",
"url": "https://bugzilla.suse.com/970135"
},
{
"category": "self",
"summary": "SUSE Bug 971949",
"url": "https://bugzilla.suse.com/971949"
},
{
"category": "self",
"summary": "SUSE Bug 988675",
"url": "https://bugzilla.suse.com/988675"
},
{
"category": "self",
"summary": "SUSE Bug 988676",
"url": "https://bugzilla.suse.com/988676"
},
{
"category": "self",
"summary": "SUSE Bug 990500",
"url": "https://bugzilla.suse.com/990500"
},
{
"category": "self",
"summary": "SUSE Bug 990970",
"url": "https://bugzilla.suse.com/990970"
},
{
"category": "self",
"summary": "SUSE Bug 991934",
"url": "https://bugzilla.suse.com/991934"
},
{
"category": "self",
"summary": "SUSE Bug 992224",
"url": "https://bugzilla.suse.com/992224"
},
{
"category": "self",
"summary": "SUSE Bug 993665",
"url": "https://bugzilla.suse.com/993665"
},
{
"category": "self",
"summary": "SUSE Bug 994421",
"url": "https://bugzilla.suse.com/994421"
},
{
"category": "self",
"summary": "SUSE Bug 994625",
"url": "https://bugzilla.suse.com/994625"
},
{
"category": "self",
"summary": "SUSE Bug 994761",
"url": "https://bugzilla.suse.com/994761"
},
{
"category": "self",
"summary": "SUSE Bug 994772",
"url": "https://bugzilla.suse.com/994772"
},
{
"category": "self",
"summary": "SUSE Bug 994775",
"url": "https://bugzilla.suse.com/994775"
},
{
"category": "self",
"summary": "SUSE Bug 995785",
"url": "https://bugzilla.suse.com/995785"
},
{
"category": "self",
"summary": "SUSE Bug 995789",
"url": "https://bugzilla.suse.com/995789"
},
{
"category": "self",
"summary": "SUSE Bug 995792",
"url": "https://bugzilla.suse.com/995792"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-6258 page",
"url": "https://www.suse.com/security/cve/CVE-2016-6258/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-6259 page",
"url": "https://www.suse.com/security/cve/CVE-2016-6259/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-6833 page",
"url": "https://www.suse.com/security/cve/CVE-2016-6833/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-6834 page",
"url": "https://www.suse.com/security/cve/CVE-2016-6834/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-6835 page",
"url": "https://www.suse.com/security/cve/CVE-2016-6835/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-6836 page",
"url": "https://www.suse.com/security/cve/CVE-2016-6836/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-6888 page",
"url": "https://www.suse.com/security/cve/CVE-2016-6888/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-7092 page",
"url": "https://www.suse.com/security/cve/CVE-2016-7092/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-7093 page",
"url": "https://www.suse.com/security/cve/CVE-2016-7093/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-7094 page",
"url": "https://www.suse.com/security/cve/CVE-2016-7094/"
}
],
"title": "Security update for xen",
"tracking": {
"current_release_date": "2016-10-07T09:05:05Z",
"generator": {
"date": "2016-10-07T09:05:05Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2016:2473-1",
"initial_release_date": "2016-10-07T09:05:05Z",
"revision_history": [
{
"date": "2016-10-07T09:05:05Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "xen-4.5.3_10-20.1.x86_64",
"product": {
"name": "xen-4.5.3_10-20.1.x86_64",
"product_id": "xen-4.5.3_10-20.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-kmp-default-4.5.3_10_k3.12.62_60.62-20.1.x86_64",
"product": {
"name": "xen-kmp-default-4.5.3_10_k3.12.62_60.62-20.1.x86_64",
"product_id": "xen-kmp-default-4.5.3_10_k3.12.62_60.62-20.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.5.3_10-20.1.x86_64",
"product": {
"name": "xen-libs-4.5.3_10-20.1.x86_64",
"product_id": "xen-libs-4.5.3_10-20.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-32bit-4.5.3_10-20.1.x86_64",
"product": {
"name": "xen-libs-32bit-4.5.3_10-20.1.x86_64",
"product_id": "xen-libs-32bit-4.5.3_10-20.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-devel-4.5.3_10-20.1.x86_64",
"product": {
"name": "xen-devel-4.5.3_10-20.1.x86_64",
"product_id": "xen-devel-4.5.3_10-20.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.5.3_10-20.1.x86_64",
"product": {
"name": "xen-doc-html-4.5.3_10-20.1.x86_64",
"product_id": "xen-doc-html-4.5.3_10-20.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.5.3_10-20.1.x86_64",
"product": {
"name": "xen-tools-4.5.3_10-20.1.x86_64",
"product_id": "xen-tools-4.5.3_10-20.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.5.3_10-20.1.x86_64",
"product": {
"name": "xen-tools-domU-4.5.3_10-20.1.x86_64",
"product_id": "xen-tools-domU-4.5.3_10-20.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Desktop 12 SP1",
"product": {
"name": "SUSE Linux Enterprise Desktop 12 SP1",
"product_id": "SUSE Linux Enterprise Desktop 12 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sled:12:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 12 SP1",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 12 SP1",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-sdk:12:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP1",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.5.3_10-20.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP1",
"product_id": "SUSE Linux Enterprise Desktop 12 SP1:xen-4.5.3_10-20.1.x86_64"
},
"product_reference": "xen-4.5.3_10-20.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-default-4.5.3_10_k3.12.62_60.62-20.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP1",
"product_id": "SUSE Linux Enterprise Desktop 12 SP1:xen-kmp-default-4.5.3_10_k3.12.62_60.62-20.1.x86_64"
},
"product_reference": "xen-kmp-default-4.5.3_10_k3.12.62_60.62-20.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.5.3_10-20.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP1",
"product_id": "SUSE Linux Enterprise Desktop 12 SP1:xen-libs-4.5.3_10-20.1.x86_64"
},
"product_reference": "xen-libs-4.5.3_10-20.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.5.3_10-20.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP1",
"product_id": "SUSE Linux Enterprise Desktop 12 SP1:xen-libs-32bit-4.5.3_10-20.1.x86_64"
},
"product_reference": "xen-libs-32bit-4.5.3_10-20.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.5.3_10-20.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP1",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP1:xen-devel-4.5.3_10-20.1.x86_64"
},
"product_reference": "xen-devel-4.5.3_10-20.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.5.3_10-20.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:xen-4.5.3_10-20.1.x86_64"
},
"product_reference": "xen-4.5.3_10-20.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.5.3_10-20.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:xen-doc-html-4.5.3_10-20.1.x86_64"
},
"product_reference": "xen-doc-html-4.5.3_10-20.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-default-4.5.3_10_k3.12.62_60.62-20.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:xen-kmp-default-4.5.3_10_k3.12.62_60.62-20.1.x86_64"
},
"product_reference": "xen-kmp-default-4.5.3_10_k3.12.62_60.62-20.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.5.3_10-20.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:xen-libs-4.5.3_10-20.1.x86_64"
},
"product_reference": "xen-libs-4.5.3_10-20.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.5.3_10-20.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:xen-libs-32bit-4.5.3_10-20.1.x86_64"
},
"product_reference": "xen-libs-32bit-4.5.3_10-20.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.5.3_10-20.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:xen-tools-4.5.3_10-20.1.x86_64"
},
"product_reference": "xen-tools-4.5.3_10-20.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.5.3_10-20.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:xen-tools-domU-4.5.3_10-20.1.x86_64"
},
"product_reference": "xen-tools-domU-4.5.3_10-20.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.5.3_10-20.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.3_10-20.1.x86_64"
},
"product_reference": "xen-4.5.3_10-20.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.5.3_10-20.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.3_10-20.1.x86_64"
},
"product_reference": "xen-doc-html-4.5.3_10-20.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-default-4.5.3_10_k3.12.62_60.62-20.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.3_10_k3.12.62_60.62-20.1.x86_64"
},
"product_reference": "xen-kmp-default-4.5.3_10_k3.12.62_60.62-20.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.5.3_10-20.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.3_10-20.1.x86_64"
},
"product_reference": "xen-libs-4.5.3_10-20.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.5.3_10-20.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.3_10-20.1.x86_64"
},
"product_reference": "xen-libs-32bit-4.5.3_10-20.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.5.3_10-20.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.3_10-20.1.x86_64"
},
"product_reference": "xen-tools-4.5.3_10-20.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.5.3_10-20.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.3_10-20.1.x86_64"
},
"product_reference": "xen-tools-domU-4.5.3_10-20.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-6258",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-6258"
}
],
"notes": [
{
"category": "general",
"text": "The PV pagetable code in arch/x86/mm.c in Xen 4.7.x and earlier allows local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:xen-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:xen-kmp-default-4.5.3_10_k3.12.62_60.62-20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:xen-libs-32bit-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:xen-libs-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-doc-html-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-kmp-default-4.5.3_10_k3.12.62_60.62-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-libs-32bit-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-libs-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-tools-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-tools-domU-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.3_10_k3.12.62_60.62-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:xen-devel-4.5.3_10-20.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-6258",
"url": "https://www.suse.com/security/cve/CVE-2016-6258"
},
{
"category": "external",
"summary": "SUSE Bug 1072198 for CVE-2016-6258",
"url": "https://bugzilla.suse.com/1072198"
},
{
"category": "external",
"summary": "SUSE Bug 1072223 for CVE-2016-6258",
"url": "https://bugzilla.suse.com/1072223"
},
{
"category": "external",
"summary": "SUSE Bug 988675 for CVE-2016-6258",
"url": "https://bugzilla.suse.com/988675"
},
{
"category": "external",
"summary": "SUSE Bug 988692 for CVE-2016-6258",
"url": "https://bugzilla.suse.com/988692"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:xen-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:xen-kmp-default-4.5.3_10_k3.12.62_60.62-20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:xen-libs-32bit-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:xen-libs-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-doc-html-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-kmp-default-4.5.3_10_k3.12.62_60.62-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-libs-32bit-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-libs-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-tools-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-tools-domU-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.3_10_k3.12.62_60.62-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:xen-devel-4.5.3_10-20.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:xen-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:xen-kmp-default-4.5.3_10_k3.12.62_60.62-20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:xen-libs-32bit-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:xen-libs-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-doc-html-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-kmp-default-4.5.3_10_k3.12.62_60.62-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-libs-32bit-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-libs-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-tools-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-tools-domU-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.3_10_k3.12.62_60.62-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:xen-devel-4.5.3_10-20.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-10-07T09:05:05Z",
"details": "important"
}
],
"title": "CVE-2016-6258"
},
{
"cve": "CVE-2016-6259",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-6259"
}
],
"notes": [
{
"category": "general",
"text": "Xen 4.5.x through 4.7.x do not implement Supervisor Mode Access Prevention (SMAP) whitelisting in 32-bit exception and event delivery, which allows local 32-bit PV guest OS kernels to cause a denial of service (hypervisor and VM crash) by triggering a safety check.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:xen-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:xen-kmp-default-4.5.3_10_k3.12.62_60.62-20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:xen-libs-32bit-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:xen-libs-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-doc-html-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-kmp-default-4.5.3_10_k3.12.62_60.62-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-libs-32bit-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-libs-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-tools-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-tools-domU-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.3_10_k3.12.62_60.62-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:xen-devel-4.5.3_10-20.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-6259",
"url": "https://www.suse.com/security/cve/CVE-2016-6259"
},
{
"category": "external",
"summary": "SUSE Bug 988676 for CVE-2016-6259",
"url": "https://bugzilla.suse.com/988676"
},
{
"category": "external",
"summary": "SUSE Bug 988694 for CVE-2016-6259",
"url": "https://bugzilla.suse.com/988694"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:xen-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:xen-kmp-default-4.5.3_10_k3.12.62_60.62-20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:xen-libs-32bit-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:xen-libs-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-doc-html-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-kmp-default-4.5.3_10_k3.12.62_60.62-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-libs-32bit-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-libs-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-tools-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-tools-domU-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.3_10_k3.12.62_60.62-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:xen-devel-4.5.3_10-20.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:xen-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:xen-kmp-default-4.5.3_10_k3.12.62_60.62-20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:xen-libs-32bit-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:xen-libs-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-doc-html-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-kmp-default-4.5.3_10_k3.12.62_60.62-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-libs-32bit-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-libs-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-tools-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-tools-domU-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.3_10_k3.12.62_60.62-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:xen-devel-4.5.3_10-20.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-10-07T09:05:05Z",
"details": "moderate"
}
],
"title": "CVE-2016-6259"
},
{
"cve": "CVE-2016-6833",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-6833"
}
],
"notes": [
{
"category": "general",
"text": "Use-after-free vulnerability in the vmxnet3_io_bar0_write function in hw/net/vmxnet3.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (QEMU instance crash) by leveraging failure to check if the device is active.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:xen-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:xen-kmp-default-4.5.3_10_k3.12.62_60.62-20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:xen-libs-32bit-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:xen-libs-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-doc-html-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-kmp-default-4.5.3_10_k3.12.62_60.62-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-libs-32bit-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-libs-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-tools-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-tools-domU-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.3_10_k3.12.62_60.62-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:xen-devel-4.5.3_10-20.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-6833",
"url": "https://www.suse.com/security/cve/CVE-2016-6833"
},
{
"category": "external",
"summary": "SUSE Bug 994774 for CVE-2016-6833",
"url": "https://bugzilla.suse.com/994774"
},
{
"category": "external",
"summary": "SUSE Bug 994775 for CVE-2016-6833",
"url": "https://bugzilla.suse.com/994775"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:xen-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:xen-kmp-default-4.5.3_10_k3.12.62_60.62-20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:xen-libs-32bit-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:xen-libs-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-doc-html-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-kmp-default-4.5.3_10_k3.12.62_60.62-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-libs-32bit-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-libs-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-tools-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-tools-domU-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.3_10_k3.12.62_60.62-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:xen-devel-4.5.3_10-20.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:xen-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:xen-kmp-default-4.5.3_10_k3.12.62_60.62-20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:xen-libs-32bit-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:xen-libs-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-doc-html-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-kmp-default-4.5.3_10_k3.12.62_60.62-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-libs-32bit-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-libs-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-tools-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-tools-domU-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.3_10_k3.12.62_60.62-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:xen-devel-4.5.3_10-20.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-10-07T09:05:05Z",
"details": "moderate"
}
],
"title": "CVE-2016-6833"
},
{
"cve": "CVE-2016-6834",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-6834"
}
],
"notes": [
{
"category": "general",
"text": "The net_tx_pkt_do_sw_fragmentation function in hw/net/net_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a zero length for the current fragment length.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:xen-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:xen-kmp-default-4.5.3_10_k3.12.62_60.62-20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:xen-libs-32bit-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:xen-libs-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-doc-html-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-kmp-default-4.5.3_10_k3.12.62_60.62-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-libs-32bit-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-libs-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-tools-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-tools-domU-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.3_10_k3.12.62_60.62-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:xen-devel-4.5.3_10-20.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-6834",
"url": "https://www.suse.com/security/cve/CVE-2016-6834"
},
{
"category": "external",
"summary": "SUSE Bug 994418 for CVE-2016-6834",
"url": "https://bugzilla.suse.com/994418"
},
{
"category": "external",
"summary": "SUSE Bug 994421 for CVE-2016-6834",
"url": "https://bugzilla.suse.com/994421"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:xen-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:xen-kmp-default-4.5.3_10_k3.12.62_60.62-20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:xen-libs-32bit-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:xen-libs-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-doc-html-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-kmp-default-4.5.3_10_k3.12.62_60.62-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-libs-32bit-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-libs-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-tools-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-tools-domU-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.3_10_k3.12.62_60.62-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:xen-devel-4.5.3_10-20.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:xen-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:xen-kmp-default-4.5.3_10_k3.12.62_60.62-20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:xen-libs-32bit-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:xen-libs-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-doc-html-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-kmp-default-4.5.3_10_k3.12.62_60.62-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-libs-32bit-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-libs-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-tools-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-tools-domU-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.3_10_k3.12.62_60.62-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:xen-devel-4.5.3_10-20.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-10-07T09:05:05Z",
"details": "low"
}
],
"title": "CVE-2016-6834"
},
{
"cve": "CVE-2016-6835",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-6835"
}
],
"notes": [
{
"category": "general",
"text": "The vmxnet_tx_pkt_parse_headers function in hw/net/vmxnet_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (buffer over-read) by leveraging failure to check IP header length.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:xen-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:xen-kmp-default-4.5.3_10_k3.12.62_60.62-20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:xen-libs-32bit-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:xen-libs-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-doc-html-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-kmp-default-4.5.3_10_k3.12.62_60.62-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-libs-32bit-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-libs-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-tools-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-tools-domU-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.3_10_k3.12.62_60.62-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:xen-devel-4.5.3_10-20.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-6835",
"url": "https://www.suse.com/security/cve/CVE-2016-6835"
},
{
"category": "external",
"summary": "SUSE Bug 994605 for CVE-2016-6835",
"url": "https://bugzilla.suse.com/994605"
},
{
"category": "external",
"summary": "SUSE Bug 994625 for CVE-2016-6835",
"url": "https://bugzilla.suse.com/994625"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:xen-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:xen-kmp-default-4.5.3_10_k3.12.62_60.62-20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:xen-libs-32bit-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:xen-libs-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-doc-html-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-kmp-default-4.5.3_10_k3.12.62_60.62-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-libs-32bit-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-libs-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-tools-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-tools-domU-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.3_10_k3.12.62_60.62-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:xen-devel-4.5.3_10-20.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:xen-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:xen-kmp-default-4.5.3_10_k3.12.62_60.62-20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:xen-libs-32bit-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:xen-libs-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-doc-html-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-kmp-default-4.5.3_10_k3.12.62_60.62-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-libs-32bit-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-libs-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-tools-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-tools-domU-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.3_10_k3.12.62_60.62-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:xen-devel-4.5.3_10-20.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-10-07T09:05:05Z",
"details": "low"
}
],
"title": "CVE-2016-6835"
},
{
"cve": "CVE-2016-6836",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-6836"
}
],
"notes": [
{
"category": "general",
"text": "The vmxnet3_complete_packet function in hw/net/vmxnet3.c in QEMU (aka Quick Emulator) allows local guest OS administrators to obtain sensitive host memory information by leveraging failure to initialize the txcq_descr object.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:xen-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:xen-kmp-default-4.5.3_10_k3.12.62_60.62-20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:xen-libs-32bit-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:xen-libs-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-doc-html-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-kmp-default-4.5.3_10_k3.12.62_60.62-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-libs-32bit-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-libs-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-tools-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-tools-domU-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.3_10_k3.12.62_60.62-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:xen-devel-4.5.3_10-20.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-6836",
"url": "https://www.suse.com/security/cve/CVE-2016-6836"
},
{
"category": "external",
"summary": "SUSE Bug 994760 for CVE-2016-6836",
"url": "https://bugzilla.suse.com/994760"
},
{
"category": "external",
"summary": "SUSE Bug 994761 for CVE-2016-6836",
"url": "https://bugzilla.suse.com/994761"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:xen-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:xen-kmp-default-4.5.3_10_k3.12.62_60.62-20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:xen-libs-32bit-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:xen-libs-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-doc-html-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-kmp-default-4.5.3_10_k3.12.62_60.62-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-libs-32bit-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-libs-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-tools-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-tools-domU-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.3_10_k3.12.62_60.62-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:xen-devel-4.5.3_10-20.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:xen-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:xen-kmp-default-4.5.3_10_k3.12.62_60.62-20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:xen-libs-32bit-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:xen-libs-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-doc-html-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-kmp-default-4.5.3_10_k3.12.62_60.62-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-libs-32bit-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-libs-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-tools-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-tools-domU-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.3_10_k3.12.62_60.62-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:xen-devel-4.5.3_10-20.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-10-07T09:05:05Z",
"details": "low"
}
],
"title": "CVE-2016-6836"
},
{
"cve": "CVE-2016-6888",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-6888"
}
],
"notes": [
{
"category": "general",
"text": "Integer overflow in the net_tx_pkt_init function in hw/net/net_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (QEMU process crash) via the maximum fragmentation count, which triggers an unchecked multiplication and NULL pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:xen-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:xen-kmp-default-4.5.3_10_k3.12.62_60.62-20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:xen-libs-32bit-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:xen-libs-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-doc-html-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-kmp-default-4.5.3_10_k3.12.62_60.62-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-libs-32bit-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-libs-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-tools-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-tools-domU-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.3_10_k3.12.62_60.62-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:xen-devel-4.5.3_10-20.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-6888",
"url": "https://www.suse.com/security/cve/CVE-2016-6888"
},
{
"category": "external",
"summary": "SUSE Bug 994771 for CVE-2016-6888",
"url": "https://bugzilla.suse.com/994771"
},
{
"category": "external",
"summary": "SUSE Bug 994772 for CVE-2016-6888",
"url": "https://bugzilla.suse.com/994772"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:xen-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:xen-kmp-default-4.5.3_10_k3.12.62_60.62-20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:xen-libs-32bit-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:xen-libs-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-doc-html-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-kmp-default-4.5.3_10_k3.12.62_60.62-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-libs-32bit-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-libs-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-tools-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-tools-domU-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.3_10_k3.12.62_60.62-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:xen-devel-4.5.3_10-20.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:xen-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:xen-kmp-default-4.5.3_10_k3.12.62_60.62-20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:xen-libs-32bit-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:xen-libs-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-doc-html-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-kmp-default-4.5.3_10_k3.12.62_60.62-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-libs-32bit-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-libs-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-tools-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-tools-domU-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.3_10_k3.12.62_60.62-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:xen-devel-4.5.3_10-20.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-10-07T09:05:05Z",
"details": "low"
}
],
"title": "CVE-2016-6888"
},
{
"cve": "CVE-2016-7092",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-7092"
}
],
"notes": [
{
"category": "general",
"text": "The get_page_from_l3e function in arch/x86/mm.c in Xen allows local 32-bit PV guest OS administrators to gain host OS privileges via vectors related to L3 recursive pagetables.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:xen-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:xen-kmp-default-4.5.3_10_k3.12.62_60.62-20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:xen-libs-32bit-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:xen-libs-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-doc-html-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-kmp-default-4.5.3_10_k3.12.62_60.62-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-libs-32bit-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-libs-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-tools-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-tools-domU-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.3_10_k3.12.62_60.62-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:xen-devel-4.5.3_10-20.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-7092",
"url": "https://www.suse.com/security/cve/CVE-2016-7092"
},
{
"category": "external",
"summary": "SUSE Bug 995785 for CVE-2016-7092",
"url": "https://bugzilla.suse.com/995785"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:xen-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:xen-kmp-default-4.5.3_10_k3.12.62_60.62-20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:xen-libs-32bit-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:xen-libs-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-doc-html-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-kmp-default-4.5.3_10_k3.12.62_60.62-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-libs-32bit-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-libs-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-tools-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-tools-domU-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.3_10_k3.12.62_60.62-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:xen-devel-4.5.3_10-20.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:xen-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:xen-kmp-default-4.5.3_10_k3.12.62_60.62-20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:xen-libs-32bit-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:xen-libs-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-doc-html-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-kmp-default-4.5.3_10_k3.12.62_60.62-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-libs-32bit-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-libs-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-tools-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-tools-domU-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.3_10_k3.12.62_60.62-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:xen-devel-4.5.3_10-20.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-10-07T09:05:05Z",
"details": "important"
}
],
"title": "CVE-2016-7092"
},
{
"cve": "CVE-2016-7093",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-7093"
}
],
"notes": [
{
"category": "general",
"text": "Xen 4.5.3, 4.6.3, and 4.7.x allow local HVM guest OS administrators to overwrite hypervisor memory and consequently gain host OS privileges by leveraging mishandling of instruction pointer truncation during emulation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:xen-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:xen-kmp-default-4.5.3_10_k3.12.62_60.62-20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:xen-libs-32bit-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:xen-libs-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-doc-html-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-kmp-default-4.5.3_10_k3.12.62_60.62-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-libs-32bit-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-libs-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-tools-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-tools-domU-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.3_10_k3.12.62_60.62-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:xen-devel-4.5.3_10-20.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-7093",
"url": "https://www.suse.com/security/cve/CVE-2016-7093"
},
{
"category": "external",
"summary": "SUSE Bug 995789 for CVE-2016-7093",
"url": "https://bugzilla.suse.com/995789"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:xen-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:xen-kmp-default-4.5.3_10_k3.12.62_60.62-20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:xen-libs-32bit-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:xen-libs-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-doc-html-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-kmp-default-4.5.3_10_k3.12.62_60.62-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-libs-32bit-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-libs-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-tools-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-tools-domU-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.3_10_k3.12.62_60.62-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:xen-devel-4.5.3_10-20.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:xen-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:xen-kmp-default-4.5.3_10_k3.12.62_60.62-20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:xen-libs-32bit-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:xen-libs-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-doc-html-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-kmp-default-4.5.3_10_k3.12.62_60.62-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-libs-32bit-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-libs-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-tools-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-tools-domU-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.3_10_k3.12.62_60.62-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:xen-devel-4.5.3_10-20.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-10-07T09:05:05Z",
"details": "important"
}
],
"title": "CVE-2016-7093"
},
{
"cve": "CVE-2016-7094",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-7094"
}
],
"notes": [
{
"category": "general",
"text": "Buffer overflow in Xen 4.7.x and earlier allows local x86 HVM guest OS administrators on guests running with shadow paging to cause a denial of service via a pagetable update.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:xen-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:xen-kmp-default-4.5.3_10_k3.12.62_60.62-20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:xen-libs-32bit-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:xen-libs-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-doc-html-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-kmp-default-4.5.3_10_k3.12.62_60.62-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-libs-32bit-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-libs-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-tools-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-tools-domU-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.3_10_k3.12.62_60.62-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:xen-devel-4.5.3_10-20.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-7094",
"url": "https://www.suse.com/security/cve/CVE-2016-7094"
},
{
"category": "external",
"summary": "SUSE Bug 995792 for CVE-2016-7094",
"url": "https://bugzilla.suse.com/995792"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:xen-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:xen-kmp-default-4.5.3_10_k3.12.62_60.62-20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:xen-libs-32bit-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:xen-libs-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-doc-html-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-kmp-default-4.5.3_10_k3.12.62_60.62-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-libs-32bit-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-libs-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-tools-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-tools-domU-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.3_10_k3.12.62_60.62-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:xen-devel-4.5.3_10-20.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:xen-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:xen-kmp-default-4.5.3_10_k3.12.62_60.62-20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:xen-libs-32bit-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:xen-libs-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-doc-html-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-kmp-default-4.5.3_10_k3.12.62_60.62-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-libs-32bit-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-libs-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-tools-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:xen-tools-domU-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.3_10_k3.12.62_60.62-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.3_10-20.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:xen-devel-4.5.3_10-20.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-10-07T09:05:05Z",
"details": "moderate"
}
],
"title": "CVE-2016-7094"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…