SUSE Security Update: Security update for Xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1075-1 Rating: important References: #801663 #809662 #813673 #813675 #813677 #814709 #816156 #816159 #816163 #819416 #820917 #820919 #820920 Cross-References: CVE-2013-1917 CVE-2013-1918 CVE-2013-1919 CVE-2013-1920 CVE-2013-1952 CVE-2013-1964 CVE-2013-2072 CVE-2013-2076 CVE-2013-2077 CVE-2013-2078 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that solves 10 vulnerabilities and has three fixes is now available. Description: XEN has been updated to 4.1.5 c/s 23509 to fix various bugs and security issues. The following security issues have been fixed: * CVE-2013-1918: Certain page table manipulation operations in Xen 4.1.x, 4.2.x, and earlier were not preemptible, which allowed local PV kernels to cause a denial of service via vectors related to deep page table traversal. * CVE-2013-1952: Xen 4.x, when using Intel VT-d for a bus mastering capable PCI device, did not properly check the source when accessing a bridge devices interrupt remapping table entries for MSI interrupts, which allowed local guest domains to cause a denial of service (interrupt injection) via unspecified vectors. * CVE-2013-2076: A information leak in the XSAVE/XRSTOR instructions could be used to determine state of floating point operations in other domains. * CVE-2013-2077: A denial of service (hypervisor crash) was possible due to missing exception recovery on XRSTOR, that could be used to crash the machine by PV guest users. * CVE-2013-2078: A denial of service (hypervisor crash) was possible due to missing exception recovery on XSETBV, that could be used to crash the machine by PV guest users. * CVE-2013-2072: Systems which allow untrusted administrators to configure guest vcpu affinity may be exploited to trigger a buffer overrun and corrupt memory. * CVE-2013-1917: Xen 3.1 through 4.x, when running 64-bit hosts on Intel CPUs, did not clear the NT flag when using an IRET after a SYSENTER instruction, which allowed PV guest users to cause a denial of service (hypervisor crash) by triggering a #GP fault, which is not properly handled by another IRET instruction. * CVE-2013-1919: Xen 4.2.x and 4.1.x did not properly restrict access to IRQs, which allowed local stub domain clients to gain access to IRQs and cause a denial of service via vectors related to "passed-through IRQs or PCI devices." * CVE-2013-1920: Xen 4.2.x, 4.1.x, and earlier, when the hypervisor is running "under memory pressure" and the Xen Security Module (XSM) is enabled, used the wrong ordering of operations when extending the per-domain event channel tracking table, which caused a use-after-free and allowed local guest kernels to inject arbitrary events and gain privileges via unspecified vectors. * CVE-2013-1964: Xen 4.0.x and 4.1.x incorrectly released a grant reference when releasing a non-v1, non-transitive grant, which allowed local guest administrators to cause a denial of service (host crash), obtain sensitive information, or possible have other impacts via unspecified vectors. Bugfixes: * Upstream patches from Jan 26956-x86-mm-preemptible-cleanup.patch 27071-x86-IO-APIC-fix-guest-RTE-write-corner-cases.patch 27072-x86-shadow-fix-off-by-one-in-MMIO-permission-check.pat ch 27079-fix-XSA-46-regression-with-xend-xm.patch 27083-AMD-iommu-SR56x0-Erratum-64-Reset-all-head-tail-pointe rs.patch * Update to Xen 4.1.5 c/s 23509 There were many xen.spec file patches dropped as now being included in the 4.1.5 tarball. * bnc#809662 - can't use pv-grub to start domU (pygrub does work) xen.spec * Upstream patches from Jan 26702-powernow-add-fixups-for-AMD-P-state-figures.patch 26704-x86-MCA-suppress-bank-clearing-for-certain-injected-ev ents.patch 26731-AMD-IOMMU-Process-softirqs-while-building-dom0-iommu-m appings.patch 26733-VT-d-Enumerate-IOMMUs-when-listing-capabilities.patch 26734-ACPI-ERST-Name-table-in-otherwise-opaque-error-message s.patch 26736-ACPI-APEI-Unlock-apei_iomaps_lock-on-error-path.patch 26737-ACPI-APEI-Add-apei_exec_run_optional.patch 26742-IOMMU-properly-check-whether-interrupt-remapping-is-en abled.patch 26743-VT-d-deal-with-5500-5520-X58-errata.patch 26744-AMD-IOMMU-allow-disabling-only-interrupt-remapping.pat ch 26749-x86-reserve-pages-when-SandyBridge-integrated-graphics .patch 26765-hvm-Clean-up-vlapic_reg_write-error-propagation.patch 26770-x86-irq_move_cleanup_interrupt-must-ignore-legacy-vect ors.patch 26771-x86-S3-Restore-broken-vcpu-affinity-on-resume.patch 26772-VMX-Always-disable-SMEP-when-guest-is-in-non-paging-mo de.patch 26773-x86-mm-shadow-spurious-warning-when-unmapping-xenheap- pages.patch 26799-x86-don-t-pass-negative-time-to-gtime_to_gtsc.patch 26851-iommu-crash-Interrupt-remapping-is-also-disabled-on-cr ash.patch * bnc#814709 - Unable to create XEN virtual machines in SLED 11 SP2 on Kyoto xend-cpuinfo-model-name.patch * Upstream patches from Jan 26536-xenoprof-div-by-0.patch 26578-AMD-IOMMU-replace-BUG_ON.patch 26656-x86-fix-null-pointer-dereference-in-intel_get_extended _msrs.patch 26659-AMD-IOMMU-erratum-746-workaround.patch 26660-x86-fix-CMCI-injection.patch 26672-vmx-fix-handling-of-NMI-VMEXIT.patch 26673-Avoid-stale-pointer-when-moving-domain-to-another-cpup ool.patch 26676-fix-compat-memory-exchange-op-splitting.patch 26677-x86-make-certain-memory-sub-ops-return-valid-values.pa tch 26678-SEDF-avoid-gathering-vCPU-s-on-pCPU0.patch 26679-x86-defer-processing-events-on-the-NMI-exit-path.patch 26683-credit1-Use-atomic-bit-operations-for-the-flags-struct ure.patch 26692-x86-MSI-fully-protect-MSI-X-table.patch Security Issue references: * CVE-2013-1917 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1917
* CVE-2013-1918 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1918
* CVE-2013-1919 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1919
* CVE-2013-1920 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1920
* CVE-2013-1952 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1952
* CVE-2013-1964 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1964
* CVE-2013-2072 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2072
* CVE-2013-2076 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2076
* CVE-2013-2077 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2077
* CVE-2013-2078 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2078
Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-xen-201305-7798 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-xen-201305-7798 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-xen-201305-7798 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-xen-201305-7798 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 x86_64): xen-devel-4.1.5_02-0.5.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): xen-kmp-trace-4.1.5_02_3.0.74_0.6.10-0.5.1 - SUSE Linux Enterprise Server 11 SP2 (i586 x86_64): xen-kmp-default-4.1.5_02_3.0.74_0.6.10-0.5.1 xen-kmp-trace-4.1.5_02_3.0.74_0.6.10-0.5.1 xen-libs-4.1.5_02-0.5.1 xen-tools-domU-4.1.5_02-0.5.1 - SUSE Linux Enterprise Server 11 SP2 (x86_64): xen-4.1.5_02-0.5.1 xen-doc-html-4.1.5_02-0.5.1 xen-doc-pdf-4.1.5_02-0.5.1 xen-libs-32bit-4.1.5_02-0.5.1 xen-tools-4.1.5_02-0.5.1 - SUSE Linux Enterprise Server 11 SP2 (i586): xen-kmp-pae-4.1.5_02_3.0.74_0.6.10-0.5.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): xen-kmp-default-4.1.5_02_3.0.74_0.6.10-0.5.1 xen-kmp-trace-4.1.5_02_3.0.74_0.6.10-0.5.1 xen-libs-4.1.5_02-0.5.1 xen-tools-domU-4.1.5_02-0.5.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): xen-4.1.5_02-0.5.1 xen-doc-html-4.1.5_02-0.5.1 xen-doc-pdf-4.1.5_02-0.5.1 xen-libs-32bit-4.1.5_02-0.5.1 xen-tools-4.1.5_02-0.5.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586): xen-kmp-pae-4.1.5_02_3.0.74_0.6.10-0.5.1 References: http://support.novell.com/security/cve/CVE-2013-1917.html http://support.novell.com/security/cve/CVE-2013-1918.html http://support.novell.com/security/cve/CVE-2013-1919.html http://support.novell.com/security/cve/CVE-2013-1920.html http://support.novell.com/security/cve/CVE-2013-1952.html http://support.novell.com/security/cve/CVE-2013-1964.html http://support.novell.com/security/cve/CVE-2013-2072.html http://support.novell.com/security/cve/CVE-2013-2076.html http://support.novell.com/security/cve/CVE-2013-2077.html http://support.novell.com/security/cve/CVE-2013-2078.html https://bugzilla.novell.com/801663 https://bugzilla.novell.com/809662 https://bugzilla.novell.com/813673 https://bugzilla.novell.com/813675 https://bugzilla.novell.com/813677 https://bugzilla.novell.com/814709 https://bugzilla.novell.com/816156 https://bugzilla.novell.com/816159 https://bugzilla.novell.com/816163 https://bugzilla.novell.com/819416 https://bugzilla.novell.com/820917 https://bugzilla.novell.com/820919 https://bugzilla.novell.com/820920 http://download.novell.com/patch/finder/?keywords=2f3309c493da194384ed2eba64... -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security-announce+help@opensuse.org