SUSE-SU-2016:2507-1
Vulnerability from csaf_suse - Published: 2016-10-12 09:34 - Updated: 2016-10-12 09:34Summary
Security update for xen
Severity
Important
Notes
Title of the patch: Security update for xen
Description of the patch: This update for xen fixes several issues.
These security issues were fixed:
- CVE-2016-7092: The get_page_from_l3e function in arch/x86/mm.c in Xen allowed local 32-bit PV guest OS administrators to gain host OS privileges via vectors related to L3 recursive pagetables (bsc#995785)
- CVE-2016-7093: Xen allowed local HVM guest OS administrators to overwrite hypervisor memory and consequently gain host OS privileges by leveraging mishandling of instruction pointer truncation during emulation (bsc#995789)
- CVE-2016-7094: Buffer overflow in Xen allowed local x86 HVM guest OS administrators on guests running with shadow paging to cause a denial of service via a pagetable update (bsc#995792)
- CVE-2016-7154: Use-after-free vulnerability in the FIFO event channel code in Xen allowed local guest OS administrators to cause a denial of service (host crash) and possibly execute arbitrary code or obtain sensitive information via an invalid guest frame number (bsc#997731)
- CVE-2016-6836: VMWARE VMXNET3 NIC device allowed privileged user inside the guest to leak information. It occured while processing transmit(tx) queue, when it reaches the end of packet (bsc#994761)
- CVE-2016-6888: A integer overflow int the VMWARE VMXNET3 NIC device support, during the initialisation of new packets in the device, could have allowed a privileged user inside guest to crash the Qemu instance resulting in DoS (bsc#994772)
- CVE-2016-6833: A use-after-free issue in the VMWARE VMXNET3 NIC device support allowed privileged user inside guest to crash the Qemu instance resulting in DoS (bsc#994775)
- CVE-2016-6835: Buffer overflow in the VMWARE VMXNET3 NIC device support, causing an OOB read access (bsc#994625)
- CVE-2016-6834: A infinite loop during packet fragmentation in the VMWARE VMXNET3 NIC device support allowed privileged user inside guest to crash the Qemu instance resulting in DoS (bsc#994421)
- CVE-2016-6258: The PV pagetable code in arch/x86/mm.c in Xen allowed local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries (bsc#988675)
These non-security issues were fixed:
- bsc#993507: virsh detach-disk failing to detach disk
- bsc#991934: Xen hypervisor crash in csched_acct
- bsc#992224: During boot of Xen Hypervisor, Failed to get contiguous memory for DMA
- bsc#970135: New virtualization project clock test randomly fails on Xen
- bsc#994136: Unplug also SCSI disks in qemu-xen-traditional for upstream unplug protocol
- bsc#994136: xen_platform: unplug also SCSI disks in qemu-xen
- bsc#971949: xl: Support (by ignoring) xl migrate --live. xl migrations are always live
- bsc#990970: Add PMU support for Intel E7-8867 v4 (fam=6, model=79)
- bsc#966467: Live Migration SLES 11 SP3 to SP4 on AMD
Patchnames: sdksp4-xen-12782,slessp4-xen-12782
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.2 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.7 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for xen",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for xen fixes several issues.\n\nThese security issues were fixed:\n- CVE-2016-7092: The get_page_from_l3e function in arch/x86/mm.c in Xen allowed local 32-bit PV guest OS administrators to gain host OS privileges via vectors related to L3 recursive pagetables (bsc#995785)\n- CVE-2016-7093: Xen allowed local HVM guest OS administrators to overwrite hypervisor memory and consequently gain host OS privileges by leveraging mishandling of instruction pointer truncation during emulation (bsc#995789)\n- CVE-2016-7094: Buffer overflow in Xen allowed local x86 HVM guest OS administrators on guests running with shadow paging to cause a denial of service via a pagetable update (bsc#995792)\n- CVE-2016-7154: Use-after-free vulnerability in the FIFO event channel code in Xen allowed local guest OS administrators to cause a denial of service (host crash) and possibly execute arbitrary code or obtain sensitive information via an invalid guest frame number (bsc#997731)\n- CVE-2016-6836: VMWARE VMXNET3 NIC device allowed privileged user inside the guest to leak information. It occured while processing transmit(tx) queue, when it reaches the end of packet (bsc#994761)\n- CVE-2016-6888: A integer overflow int the VMWARE VMXNET3 NIC device support, during the initialisation of new packets in the device, could have allowed a privileged user inside guest to crash the Qemu instance resulting in DoS (bsc#994772)\n- CVE-2016-6833: A use-after-free issue in the VMWARE VMXNET3 NIC device support allowed privileged user inside guest to crash the Qemu instance resulting in DoS (bsc#994775)\n- CVE-2016-6835: Buffer overflow in the VMWARE VMXNET3 NIC device support, causing an OOB read access (bsc#994625)\n- CVE-2016-6834: A infinite loop during packet fragmentation in the VMWARE VMXNET3 NIC device support allowed privileged user inside guest to crash the Qemu instance resulting in DoS (bsc#994421)\n- CVE-2016-6258: The PV pagetable code in arch/x86/mm.c in Xen allowed local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries (bsc#988675)\n\nThese non-security issues were fixed:\n- bsc#993507: virsh detach-disk failing to detach disk\n- bsc#991934: Xen hypervisor crash in csched_acct\n- bsc#992224: During boot of Xen Hypervisor, Failed to get contiguous memory for DMA\n- bsc#970135: New virtualization project clock test randomly fails on Xen \n- bsc#994136: Unplug also SCSI disks in qemu-xen-traditional for upstream unplug protocol\n- bsc#994136: xen_platform: unplug also SCSI disks in qemu-xen\n- bsc#971949: xl: Support (by ignoring) xl migrate --live. xl migrations are always live\n- bsc#990970: Add PMU support for Intel E7-8867 v4 (fam=6, model=79)\n- bsc#966467: Live Migration SLES 11 SP3 to SP4 on AMD\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "sdksp4-xen-12782,slessp4-xen-12782",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2016_2507-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2016:2507-1",
"url": "https://www.suse.com/support/update/announcement/2016/suse-su-20162507-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2016:2507-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2016-October/002325.html"
},
{
"category": "self",
"summary": "SUSE Bug 966467",
"url": "https://bugzilla.suse.com/966467"
},
{
"category": "self",
"summary": "SUSE Bug 970135",
"url": "https://bugzilla.suse.com/970135"
},
{
"category": "self",
"summary": "SUSE Bug 971949",
"url": "https://bugzilla.suse.com/971949"
},
{
"category": "self",
"summary": "SUSE Bug 988675",
"url": "https://bugzilla.suse.com/988675"
},
{
"category": "self",
"summary": "SUSE Bug 990970",
"url": "https://bugzilla.suse.com/990970"
},
{
"category": "self",
"summary": "SUSE Bug 991934",
"url": "https://bugzilla.suse.com/991934"
},
{
"category": "self",
"summary": "SUSE Bug 992224",
"url": "https://bugzilla.suse.com/992224"
},
{
"category": "self",
"summary": "SUSE Bug 993507",
"url": "https://bugzilla.suse.com/993507"
},
{
"category": "self",
"summary": "SUSE Bug 994136",
"url": "https://bugzilla.suse.com/994136"
},
{
"category": "self",
"summary": "SUSE Bug 994421",
"url": "https://bugzilla.suse.com/994421"
},
{
"category": "self",
"summary": "SUSE Bug 994625",
"url": "https://bugzilla.suse.com/994625"
},
{
"category": "self",
"summary": "SUSE Bug 994761",
"url": "https://bugzilla.suse.com/994761"
},
{
"category": "self",
"summary": "SUSE Bug 994772",
"url": "https://bugzilla.suse.com/994772"
},
{
"category": "self",
"summary": "SUSE Bug 994775",
"url": "https://bugzilla.suse.com/994775"
},
{
"category": "self",
"summary": "SUSE Bug 995785",
"url": "https://bugzilla.suse.com/995785"
},
{
"category": "self",
"summary": "SUSE Bug 995789",
"url": "https://bugzilla.suse.com/995789"
},
{
"category": "self",
"summary": "SUSE Bug 995792",
"url": "https://bugzilla.suse.com/995792"
},
{
"category": "self",
"summary": "SUSE Bug 997731",
"url": "https://bugzilla.suse.com/997731"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-6258 page",
"url": "https://www.suse.com/security/cve/CVE-2016-6258/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-6833 page",
"url": "https://www.suse.com/security/cve/CVE-2016-6833/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-6834 page",
"url": "https://www.suse.com/security/cve/CVE-2016-6834/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-6835 page",
"url": "https://www.suse.com/security/cve/CVE-2016-6835/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-6836 page",
"url": "https://www.suse.com/security/cve/CVE-2016-6836/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-6888 page",
"url": "https://www.suse.com/security/cve/CVE-2016-6888/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-7092 page",
"url": "https://www.suse.com/security/cve/CVE-2016-7092/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-7093 page",
"url": "https://www.suse.com/security/cve/CVE-2016-7093/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-7094 page",
"url": "https://www.suse.com/security/cve/CVE-2016-7094/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-7154 page",
"url": "https://www.suse.com/security/cve/CVE-2016-7154/"
}
],
"title": "Security update for xen",
"tracking": {
"current_release_date": "2016-10-12T09:34:10Z",
"generator": {
"date": "2016-10-12T09:34:10Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2016:2507-1",
"initial_release_date": "2016-10-12T09:34:10Z",
"revision_history": [
{
"date": "2016-10-12T09:34:10Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "xen-devel-4.4.4_08-40.2.i586",
"product": {
"name": "xen-devel-4.4.4_08-40.2.i586",
"product_id": "xen-devel-4.4.4_08-40.2.i586"
}
},
{
"category": "product_version",
"name": "xen-kmp-default-4.4.4_08_3.0.101_80-40.2.i586",
"product": {
"name": "xen-kmp-default-4.4.4_08_3.0.101_80-40.2.i586",
"product_id": "xen-kmp-default-4.4.4_08_3.0.101_80-40.2.i586"
}
},
{
"category": "product_version",
"name": "xen-kmp-pae-4.4.4_08_3.0.101_80-40.2.i586",
"product": {
"name": "xen-kmp-pae-4.4.4_08_3.0.101_80-40.2.i586",
"product_id": "xen-kmp-pae-4.4.4_08_3.0.101_80-40.2.i586"
}
},
{
"category": "product_version",
"name": "xen-libs-4.4.4_08-40.2.i586",
"product": {
"name": "xen-libs-4.4.4_08-40.2.i586",
"product_id": "xen-libs-4.4.4_08-40.2.i586"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.4.4_08-40.2.i586",
"product": {
"name": "xen-tools-domU-4.4.4_08-40.2.i586",
"product_id": "xen-tools-domU-4.4.4_08-40.2.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-devel-4.4.4_08-40.2.x86_64",
"product": {
"name": "xen-devel-4.4.4_08-40.2.x86_64",
"product_id": "xen-devel-4.4.4_08-40.2.x86_64"
}
},
{
"category": "product_version",
"name": "xen-4.4.4_08-40.2.x86_64",
"product": {
"name": "xen-4.4.4_08-40.2.x86_64",
"product_id": "xen-4.4.4_08-40.2.x86_64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.4.4_08-40.2.x86_64",
"product": {
"name": "xen-doc-html-4.4.4_08-40.2.x86_64",
"product_id": "xen-doc-html-4.4.4_08-40.2.x86_64"
}
},
{
"category": "product_version",
"name": "xen-kmp-default-4.4.4_08_3.0.101_80-40.2.x86_64",
"product": {
"name": "xen-kmp-default-4.4.4_08_3.0.101_80-40.2.x86_64",
"product_id": "xen-kmp-default-4.4.4_08_3.0.101_80-40.2.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.4.4_08-40.2.x86_64",
"product": {
"name": "xen-libs-4.4.4_08-40.2.x86_64",
"product_id": "xen-libs-4.4.4_08-40.2.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-32bit-4.4.4_08-40.2.x86_64",
"product": {
"name": "xen-libs-32bit-4.4.4_08-40.2.x86_64",
"product_id": "xen-libs-32bit-4.4.4_08-40.2.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.4.4_08-40.2.x86_64",
"product": {
"name": "xen-tools-4.4.4_08-40.2.x86_64",
"product_id": "xen-tools-4.4.4_08-40.2.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.4.4_08-40.2.x86_64",
"product": {
"name": "xen-tools-domU-4.4.4_08-40.2.x86_64",
"product_id": "xen-tools-domU-4.4.4_08-40.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 11 SP4",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_identification_helper": {
"cpe": "cpe:/a:suse:sle-sdk:11:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 11 SP4",
"product": {
"name": "SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_sles:11:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:11:sp4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.4.4_08-40.2.i586 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_08-40.2.i586"
},
"product_reference": "xen-devel-4.4.4_08-40.2.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.4.4_08-40.2.x86_64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_08-40.2.x86_64"
},
"product_reference": "xen-devel-4.4.4_08-40.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.4.4_08-40.2.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:xen-4.4.4_08-40.2.x86_64"
},
"product_reference": "xen-4.4.4_08-40.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.4.4_08-40.2.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.4_08-40.2.x86_64"
},
"product_reference": "xen-doc-html-4.4.4_08-40.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-default-4.4.4_08_3.0.101_80-40.2.i586 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.i586"
},
"product_reference": "xen-kmp-default-4.4.4_08_3.0.101_80-40.2.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-default-4.4.4_08_3.0.101_80-40.2.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.x86_64"
},
"product_reference": "xen-kmp-default-4.4.4_08_3.0.101_80-40.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-pae-4.4.4_08_3.0.101_80-40.2.i586 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.4_08_3.0.101_80-40.2.i586"
},
"product_reference": "xen-kmp-pae-4.4.4_08_3.0.101_80-40.2.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.4.4_08-40.2.i586 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_08-40.2.i586"
},
"product_reference": "xen-libs-4.4.4_08-40.2.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.4.4_08-40.2.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_08-40.2.x86_64"
},
"product_reference": "xen-libs-4.4.4_08-40.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.4.4_08-40.2.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:xen-libs-32bit-4.4.4_08-40.2.x86_64"
},
"product_reference": "xen-libs-32bit-4.4.4_08-40.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.4.4_08-40.2.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:xen-tools-4.4.4_08-40.2.x86_64"
},
"product_reference": "xen-tools-4.4.4_08-40.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.4.4_08-40.2.i586 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_08-40.2.i586"
},
"product_reference": "xen-tools-domU-4.4.4_08-40.2.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.4.4_08-40.2.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_08-40.2.x86_64"
},
"product_reference": "xen-tools-domU-4.4.4_08-40.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.4.4_08-40.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-4.4.4_08-40.2.x86_64"
},
"product_reference": "xen-4.4.4_08-40.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.4.4_08-40.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-doc-html-4.4.4_08-40.2.x86_64"
},
"product_reference": "xen-doc-html-4.4.4_08-40.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-default-4.4.4_08_3.0.101_80-40.2.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.i586"
},
"product_reference": "xen-kmp-default-4.4.4_08_3.0.101_80-40.2.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-default-4.4.4_08_3.0.101_80-40.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.x86_64"
},
"product_reference": "xen-kmp-default-4.4.4_08_3.0.101_80-40.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-pae-4.4.4_08_3.0.101_80-40.2.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-pae-4.4.4_08_3.0.101_80-40.2.i586"
},
"product_reference": "xen-kmp-pae-4.4.4_08_3.0.101_80-40.2.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.4.4_08-40.2.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_08-40.2.i586"
},
"product_reference": "xen-libs-4.4.4_08-40.2.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.4.4_08-40.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_08-40.2.x86_64"
},
"product_reference": "xen-libs-4.4.4_08-40.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.4.4_08-40.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-32bit-4.4.4_08-40.2.x86_64"
},
"product_reference": "xen-libs-32bit-4.4.4_08-40.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.4.4_08-40.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-4.4.4_08-40.2.x86_64"
},
"product_reference": "xen-tools-4.4.4_08-40.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.4.4_08-40.2.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_08-40.2.i586"
},
"product_reference": "xen-tools-domU-4.4.4_08-40.2.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.4.4_08-40.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_08-40.2.x86_64"
},
"product_reference": "xen-tools-domU-4.4.4_08-40.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-6258",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-6258"
}
],
"notes": [
{
"category": "general",
"text": "The PV pagetable code in arch/x86/mm.c in Xen 4.7.x and earlier allows local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4:xen-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-32bit-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-doc-html-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-pae-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-32bit-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_08-40.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-6258",
"url": "https://www.suse.com/security/cve/CVE-2016-6258"
},
{
"category": "external",
"summary": "SUSE Bug 1072198 for CVE-2016-6258",
"url": "https://bugzilla.suse.com/1072198"
},
{
"category": "external",
"summary": "SUSE Bug 1072223 for CVE-2016-6258",
"url": "https://bugzilla.suse.com/1072223"
},
{
"category": "external",
"summary": "SUSE Bug 988675 for CVE-2016-6258",
"url": "https://bugzilla.suse.com/988675"
},
{
"category": "external",
"summary": "SUSE Bug 988692 for CVE-2016-6258",
"url": "https://bugzilla.suse.com/988692"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4:xen-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-32bit-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-doc-html-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-pae-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-32bit-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_08-40.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4:xen-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-32bit-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-doc-html-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-pae-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-32bit-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_08-40.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-10-12T09:34:10Z",
"details": "important"
}
],
"title": "CVE-2016-6258"
},
{
"cve": "CVE-2016-6833",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-6833"
}
],
"notes": [
{
"category": "general",
"text": "Use-after-free vulnerability in the vmxnet3_io_bar0_write function in hw/net/vmxnet3.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (QEMU instance crash) by leveraging failure to check if the device is active.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4:xen-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-32bit-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-doc-html-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-pae-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-32bit-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_08-40.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-6833",
"url": "https://www.suse.com/security/cve/CVE-2016-6833"
},
{
"category": "external",
"summary": "SUSE Bug 994774 for CVE-2016-6833",
"url": "https://bugzilla.suse.com/994774"
},
{
"category": "external",
"summary": "SUSE Bug 994775 for CVE-2016-6833",
"url": "https://bugzilla.suse.com/994775"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4:xen-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-32bit-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-doc-html-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-pae-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-32bit-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_08-40.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4:xen-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-32bit-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-doc-html-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-pae-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-32bit-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_08-40.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-10-12T09:34:10Z",
"details": "moderate"
}
],
"title": "CVE-2016-6833"
},
{
"cve": "CVE-2016-6834",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-6834"
}
],
"notes": [
{
"category": "general",
"text": "The net_tx_pkt_do_sw_fragmentation function in hw/net/net_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a zero length for the current fragment length.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4:xen-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-32bit-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-doc-html-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-pae-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-32bit-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_08-40.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-6834",
"url": "https://www.suse.com/security/cve/CVE-2016-6834"
},
{
"category": "external",
"summary": "SUSE Bug 994418 for CVE-2016-6834",
"url": "https://bugzilla.suse.com/994418"
},
{
"category": "external",
"summary": "SUSE Bug 994421 for CVE-2016-6834",
"url": "https://bugzilla.suse.com/994421"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4:xen-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-32bit-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-doc-html-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-pae-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-32bit-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_08-40.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4:xen-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-32bit-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-doc-html-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-pae-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-32bit-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_08-40.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-10-12T09:34:10Z",
"details": "low"
}
],
"title": "CVE-2016-6834"
},
{
"cve": "CVE-2016-6835",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-6835"
}
],
"notes": [
{
"category": "general",
"text": "The vmxnet_tx_pkt_parse_headers function in hw/net/vmxnet_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (buffer over-read) by leveraging failure to check IP header length.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4:xen-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-32bit-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-doc-html-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-pae-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-32bit-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_08-40.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-6835",
"url": "https://www.suse.com/security/cve/CVE-2016-6835"
},
{
"category": "external",
"summary": "SUSE Bug 994605 for CVE-2016-6835",
"url": "https://bugzilla.suse.com/994605"
},
{
"category": "external",
"summary": "SUSE Bug 994625 for CVE-2016-6835",
"url": "https://bugzilla.suse.com/994625"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4:xen-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-32bit-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-doc-html-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-pae-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-32bit-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_08-40.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4:xen-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-32bit-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-doc-html-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-pae-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-32bit-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_08-40.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-10-12T09:34:10Z",
"details": "low"
}
],
"title": "CVE-2016-6835"
},
{
"cve": "CVE-2016-6836",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-6836"
}
],
"notes": [
{
"category": "general",
"text": "The vmxnet3_complete_packet function in hw/net/vmxnet3.c in QEMU (aka Quick Emulator) allows local guest OS administrators to obtain sensitive host memory information by leveraging failure to initialize the txcq_descr object.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4:xen-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-32bit-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-doc-html-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-pae-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-32bit-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_08-40.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-6836",
"url": "https://www.suse.com/security/cve/CVE-2016-6836"
},
{
"category": "external",
"summary": "SUSE Bug 994760 for CVE-2016-6836",
"url": "https://bugzilla.suse.com/994760"
},
{
"category": "external",
"summary": "SUSE Bug 994761 for CVE-2016-6836",
"url": "https://bugzilla.suse.com/994761"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4:xen-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-32bit-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-doc-html-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-pae-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-32bit-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_08-40.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4:xen-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-32bit-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-doc-html-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-pae-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-32bit-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_08-40.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-10-12T09:34:10Z",
"details": "low"
}
],
"title": "CVE-2016-6836"
},
{
"cve": "CVE-2016-6888",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-6888"
}
],
"notes": [
{
"category": "general",
"text": "Integer overflow in the net_tx_pkt_init function in hw/net/net_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (QEMU process crash) via the maximum fragmentation count, which triggers an unchecked multiplication and NULL pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4:xen-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-32bit-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-doc-html-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-pae-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-32bit-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_08-40.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-6888",
"url": "https://www.suse.com/security/cve/CVE-2016-6888"
},
{
"category": "external",
"summary": "SUSE Bug 994771 for CVE-2016-6888",
"url": "https://bugzilla.suse.com/994771"
},
{
"category": "external",
"summary": "SUSE Bug 994772 for CVE-2016-6888",
"url": "https://bugzilla.suse.com/994772"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4:xen-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-32bit-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-doc-html-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-pae-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-32bit-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_08-40.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4:xen-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-32bit-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-doc-html-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-pae-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-32bit-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_08-40.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-10-12T09:34:10Z",
"details": "low"
}
],
"title": "CVE-2016-6888"
},
{
"cve": "CVE-2016-7092",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-7092"
}
],
"notes": [
{
"category": "general",
"text": "The get_page_from_l3e function in arch/x86/mm.c in Xen allows local 32-bit PV guest OS administrators to gain host OS privileges via vectors related to L3 recursive pagetables.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4:xen-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-32bit-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-doc-html-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-pae-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-32bit-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_08-40.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-7092",
"url": "https://www.suse.com/security/cve/CVE-2016-7092"
},
{
"category": "external",
"summary": "SUSE Bug 995785 for CVE-2016-7092",
"url": "https://bugzilla.suse.com/995785"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4:xen-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-32bit-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-doc-html-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-pae-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-32bit-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_08-40.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4:xen-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-32bit-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-doc-html-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-pae-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-32bit-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_08-40.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-10-12T09:34:10Z",
"details": "important"
}
],
"title": "CVE-2016-7092"
},
{
"cve": "CVE-2016-7093",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-7093"
}
],
"notes": [
{
"category": "general",
"text": "Xen 4.5.3, 4.6.3, and 4.7.x allow local HVM guest OS administrators to overwrite hypervisor memory and consequently gain host OS privileges by leveraging mishandling of instruction pointer truncation during emulation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4:xen-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-32bit-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-doc-html-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-pae-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-32bit-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_08-40.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-7093",
"url": "https://www.suse.com/security/cve/CVE-2016-7093"
},
{
"category": "external",
"summary": "SUSE Bug 995789 for CVE-2016-7093",
"url": "https://bugzilla.suse.com/995789"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4:xen-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-32bit-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-doc-html-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-pae-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-32bit-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_08-40.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4:xen-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-32bit-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-doc-html-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-pae-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-32bit-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_08-40.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-10-12T09:34:10Z",
"details": "important"
}
],
"title": "CVE-2016-7093"
},
{
"cve": "CVE-2016-7094",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-7094"
}
],
"notes": [
{
"category": "general",
"text": "Buffer overflow in Xen 4.7.x and earlier allows local x86 HVM guest OS administrators on guests running with shadow paging to cause a denial of service via a pagetable update.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4:xen-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-32bit-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-doc-html-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-pae-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-32bit-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_08-40.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-7094",
"url": "https://www.suse.com/security/cve/CVE-2016-7094"
},
{
"category": "external",
"summary": "SUSE Bug 995792 for CVE-2016-7094",
"url": "https://bugzilla.suse.com/995792"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4:xen-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-32bit-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-doc-html-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-pae-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-32bit-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_08-40.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4:xen-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-32bit-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-doc-html-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-pae-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-32bit-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_08-40.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-10-12T09:34:10Z",
"details": "moderate"
}
],
"title": "CVE-2016-7094"
},
{
"cve": "CVE-2016-7154",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-7154"
}
],
"notes": [
{
"category": "general",
"text": "Use-after-free vulnerability in the FIFO event channel code in Xen 4.4.x allows local guest OS administrators to cause a denial of service (host crash) and possibly execute arbitrary code or obtain sensitive information via an invalid guest frame number.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4:xen-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-32bit-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-doc-html-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-pae-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-32bit-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_08-40.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-7154",
"url": "https://www.suse.com/security/cve/CVE-2016-7154"
},
{
"category": "external",
"summary": "SUSE Bug 997731 for CVE-2016-7154",
"url": "https://bugzilla.suse.com/997731"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4:xen-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-32bit-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-doc-html-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-pae-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-32bit-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_08-40.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4:xen-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-32bit-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-doc-html-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_08_3.0.101_80-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-pae-4.4.4_08_3.0.101_80-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-32bit-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_08-40.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_08-40.2.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_08-40.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-10-12T09:34:10Z",
"details": "moderate"
}
],
"title": "CVE-2016-7154"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…