SB2016112305 - Fedora 23 update for xen

Description

This security bulletin contains information about 10 secuirty vulnerabilities.

1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2016-9386)

The vulnerability allows a local authenticated user to execute arbitrary code.

The x86 emulator in Xen does not properly treat x86 NULL segments as unusable when accessing memory, which might allow local HVM guest users to gain privileges via vectors involving "unexpected" base/limit values.

2) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2016-9382)

The vulnerability allows a local authenticated user to execute arbitrary code.

Xen 4.0.x through 4.7.x mishandle x86 task switches to VM86 mode, which allows local 32-bit x86 HVM guest OS users to gain privileges or cause a denial of service (guest OS crash) by leveraging a guest operating system that uses hardware task switching and allows a new task to start in VM86 mode.

3) Input validation error (CVE-ID: CVE-2016-9385)

The vulnerability allows a local privileged user to a crash the entire system.

The x86 segment base write emulation functionality in Xen 4.4.x through 4.7.x allows local x86 PV guest OS administrators to cause a denial of service (host crash) by leveraging lack of canonical address checks.

4) Input validation error (CVE-ID: CVE-2016-9383)

The vulnerability allows a local authenticated user to execute arbitrary code.

Xen, when running on a 64-bit hypervisor, allows local x86 guest OS users to modify arbitrary memory and consequently obtain sensitive information, cause a denial of service (host crash), or execute arbitrary code on the host by leveraging broken emulation of bit test instructions.

5) Incorrect calculation (CVE-ID: CVE-2016-9377)

The vulnerability allows a local authenticated user to perform a denial of service (DoS) attack.

Xen 4.5.x through 4.7.x on AMD systems without the NRip feature, when emulating instructions that generate software interrupts, allows local HVM guest OS users to cause a denial of service (guest crash) by leveraging IDT entry miscalculation.

6) Improper access control (CVE-ID: CVE-2016-9378)

The vulnerability allows a local authenticated user to perform a denial of service (DoS) attack.

Xen 4.5.x through 4.7.x on AMD systems without the NRip feature, when emulating instructions that generate software interrupts, allows local HVM guest OS users to cause a denial of service (guest crash) by leveraging an incorrect choice for software interrupt delivery.

7) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2016-9381)

The vulnerability allows a local privileged user to execute arbitrary code.

Race condition in QEMU in Xen allows local x86 HVM guest OS administrators to gain privileges by changing certain data on shared rings, aka a "double fetch" vulnerability.

8) Input validation error (CVE-ID: CVE-2016-9379)

The vulnerability allows a local privileged user to read and manipulate data.

The pygrub boot loader emulator in Xen, when S-expression output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via string quotes and S-expressions in the bootloader configuration file.

9) Input validation error (CVE-ID: CVE-2016-9380)

The vulnerability allows a local authenticated user to read and manipulate data.

The pygrub boot loader emulator in Xen, when nul-delimited output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via NUL bytes in the bootloader configuration file.

10) Information disclosure (CVE-ID: CVE-2016-9384)

The vulnerability allows a local authenticated user to gain access to sensitive information.

Xen 4.7 allows local guest OS users to obtain sensitive host information by loading a 32-bit ELF symbol table.

Remediation

Install update from vendor's website.

References

• https://bodhi.fedoraproject.org/updates/FEDORA-2016-68b71978a1