Security update for xen (important)

This updates xen to version 4.5.5 to fix the following issues:

• An unprivileged user in a guest could gain guest could escalate
  privilege to that of the guest kernel, if it had could invoke the
  instruction emulator. Only 64-bit x86 HVM guest were affected. Linux
  guest have not been vulnerable. (boo#1016340, CVE-2016-10013)
• An unprivileged user in a 64 bit x86 guest could gain information from
  the host, crash the host or gain privilege of the host (boo#1009107,
  CVE-2016-9383)
• An unprivileged guest process could (unintentionally or maliciously)
  obtain
  or ocorrupt sensitive information of other programs in the same guest.
  Only x86 HVM guests have been affected. The attacker needs to be able
  to trigger the Xen instruction emulator. (boo#1000106, CVE-2016-7777)
• A guest on x86 systems could read small parts of hypervisor stack data
  (boo#1012651, CVE-2016-9932)
• A malicious guest kernel could hang or crash the host system
  (boo#1014298, CVE-2016-10024)
• The epro100 emulated network device caused a memory leak in the host
  when unplugged in the guest. A privileged user in the guest could use
  this to cause a DoS on the host or potentially crash the guest process
  on the host (boo#1013668, CVE-2016-9101)
• The ColdFire Fast Ethernet Controller was vulnerable to an infinite loop
  that could be trigged by a privileged user in the guest, leading to DoS
  (boo#1013657, CVE-2016-9776)
• A malicious guest administrator could escalate their privilege to that
  of the host. Only affects x86 HVM guests using qemu older version 1.6.0
  or using the qemu-xen-traditional. (boo#1011652, CVE-2016-9637)
• An unprivileged guest user could escalate privilege to that of the guest
  administrator on x86 HVM guests, especially on Intel CPUs (boo#1009100,
  CVE-2016-9386)
• An unprivileged guest user could escalate privilege to that of the guest
  administrator (on AMD CPUs) or crash the system (on Intel CPUs) on
  32-bit x86 HVM guests. Only guest operating systems that allowed a new
  task to start in VM86 mode were affected. (boo#1009103, CVE-2016-9382)
• A malicious guest administrator could crash the host on x86 PV guests
  only (boo#1009104, CVE-2016-9385)
• An unprivileged guest user was able to crash the guest. (boo#1009108,
  CVE-2016-9377, CVE-2016-9378)
• A malicious guest administrator could get privilege of the host emulator
  process on x86 HVM guests. (boo#1009109, CVE-2016-9381)
• A vulnerability in pygrub allowed a malicious guest administrator to
  obtain the contents of sensitive host files, or even delete those files
  (boo#1009111, CVE-2016-9379, CVE-2016-9380)
• A privileged guest user could cause an infinite loop in the RTL8139
  ethernet emulation to consume CPU cycles on the host, causing a DoS
  situation (boo#1007157, CVE-2016-8910)
• A privileged guest user could cause an infinite loop in the intel-hda
  sound emulation to consume CPU cycles on the host, causing a DoS
  situation (boo#1007160, CVE-2016-8909)
• A privileged guest user could cause a crash of the emulator process on
  the host by exploiting a divide by zero vulnerability of the JAZZ RC4030
  chipset emulation (boo#1005004 CVE-2016-8667)
• A privileged guest user could cause a crash of the emulator process on
  the host by exploiting a divide by zero issue of the 16550A UART
  emulation (boo#1005005, CVE-2016-8669)
• A privileged guest user could cause a memory leak in the USB EHCI
  emulation, causing a DoS situation on the host (boo#1003870,
  CVE-2016-7995)
• A privileged guest user could cause an infinite loop in the USB xHCI
  emulation, causing a DoS situation on the host (boo#1004016,
  CVE-2016-8576)
• A privileged guest user could cause an infinite loop in the ColdFire
  Fash Ethernet Controller emulation, causing a DoS situation on the host
  (boo#1003030, CVE-2016-7908)
• A privileged guest user could cause an infinite loop in the AMD PC-Net
  II emulation, causing a DoS situation on the host (boo#1003032,
  CVE-2016-7909)
• Cause a reload of clvm in the block-dmmd script to avoid a blocking
  lvchange call (boo#1002496)