Mailinglist Archive: opensuse-security-announce (27 mails)

< Previous Next >
[security-announce] SUSE-SU-2014:0372-1: important: Security update for Xen
SUSE Security Update: Security update for Xen
______________________________________________________________________________

Announcement ID: SUSE-SU-2014:0372-1
Rating: important
References: #831120 #833483 #842417 #846849 #848014 #849667
#849668 #853049 #860163 #860302 #861256
Cross-References: CVE-2013-2212 CVE-2013-4553 CVE-2013-4554
CVE-2013-6885 CVE-2014-1666 CVE-2014-1891
CVE-2014-1892 CVE-2014-1893 CVE-2014-1894
CVE-2014-1950
Affected Products:
SUSE Linux Enterprise Server 11 SP2 LTSS
______________________________________________________________________________

An update that solves 10 vulnerabilities and has one errata
is now available.

Description:


The SUSE Linux Enterprise Server 11 Service Pack 2 LTSS Xen
hypervisor and toolset has been updated to fix various
security issues and several bugs.

The following security issues have been addressed:

*

XSA-88: CVE-2014-1950: Use-after-free vulnerability
in the xc_cpupool_getinfo function in Xen 4.1.x through
4.3.x, when using a multithreaded toolstack, does not
properly handle a failure by the xc_cpumap_alloc function,
which allows local users with access to management
functions to cause a denial of service (heap corruption)
and possibly gain privileges via unspecified vectors.
(bnc#861256)

*

XSA-87: CVE-2014-1666: The do_physdev_op function in
Xen 4.1.5, 4.1.6.1, 4.2.2 through 4.2.3, and 4.3.x does not
properly restrict access to the (1) PHYSDEVOP_prepare_msix
and (2) PHYSDEVOP_release_msix operations, which allows
local PV guests to cause a denial of service (host or guest
malfunction) or possibly gain privileges via unspecified
vectors. (bnc#860302)

*

XSA-84: CVE-2014-1894: Xen 3.2 (and presumably
earlier) exhibit both problems with the overflow issue
being present for more than just the suboperations listed
above. (bnc#860163)

*

XSA-84: CVE-2014-1892 CVE-2014-1893: Xen 3.3 through
4.1, while not affected by the above overflow, have a
different overflow issue on FLASK_{GET,SET}BOOL and expose
unreasonably large memory allocation to aribitrary guests.
(bnc#860163)

*

XSA-84: CVE-2014-1891: The FLASK_{GET,SET}BOOL,
FLASK_USER and FLASK_CONTEXT_TO_SID suboperations of the
flask hypercall are vulnerable to an integer overflow on
the input size. The hypercalls attempt to allocate a buffer
which is 1 larger than this size and is therefore
vulnerable to integer overflow and an attempt to allocate
then access a zero byte buffer. (bnc#860163)

*

XSA-82: CVE-2013-6885: The microcode on AMD 16h 00h
through 0Fh processors does not properly handle the
interaction between locked instructions and write-combined
memory types, which allows local users to cause a denial of
service (system hang) via a crafted application, aka the
errata 793 issue. (bnc#853049)

*

XSA-76: CVE-2013-4554: Xen 3.0.3 through 4.1.x
(possibly 4.1.6.1), 4.2.x (possibly 4.2.3), and 4.3.x
(possibly 4.3.1) does not properly prevent access to
hypercalls, which allows local guest users to gain
privileges via a crafted application running in ring 1 or
2. (bnc#849668)

*

XSA-74: CVE-2013-4553: The XEN_DOMCTL_getmemlist
hypercall in Xen 3.4.x through 4.3.x (possibly 4.3.1) does
not always obtain the page_alloc_lock and mm_rwlock in the
same order, which allows local guest administrators to
cause a denial of service (host deadlock). (bnc#849667)

*

XSA-60: CVE-2013-2212: The vmx_set_uc_mode function
in Xen 3.3 through 4.3, when disabling chaches, allows
local HVM guests with access to memory mapped I/O regions
to cause a denial of service (CPU consumption and possibly
hypervisor or guest kernel panic) via a crafted GFN range.
(bnc#831120)

Also the following non-security bugs have been fixed:

* Boot Failure with xen kernel in UEFI mode with error
"No memory for trampoline" (bnc#833483)
* Fixed Xen hypervisor panic on 8-blades nPar with
46-bit memory addressing. (bnc#848014)
* In HP's UEFI x86_64 platform and sles11sp3 with xen
environment, dom0 will soft lockup on multiple blades nPar.
(bnc#842417)
* Soft lockup with PCI passthrough and many VCPUs
(bnc#846849)

Security Issue references:

* CVE-2013-2212
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2212
>
* CVE-2013-4553
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4553
>
* CVE-2013-4554
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4554
>
* CVE-2013-6885
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6885
>
* CVE-2014-1666
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1666
>
* CVE-2014-1891
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1891
>
* CVE-2014-1892
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1892
>
* CVE-2014-1893
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1893
>
* CVE-2014-1894
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1894
>
* CVE-2014-1950
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1950
>

Indications:

Everyone using the Xen hypervisor should update.

Special Instructions and Notes:

Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- SUSE Linux Enterprise Server 11 SP2 LTSS:

zypper in -t patch slessp2-xen-201402-8964

To bring your system up-to-date, use "zypper patch".


Package List:

- SUSE Linux Enterprise Server 11 SP2 LTSS (i586 x86_64):

xen-devel-4.1.6_06-0.5.1
xen-kmp-default-4.1.6_06_3.0.101_0.7.17-0.5.1
xen-kmp-trace-4.1.6_06_3.0.101_0.7.17-0.5.1
xen-libs-4.1.6_06-0.5.1
xen-tools-domU-4.1.6_06-0.5.1

- SUSE Linux Enterprise Server 11 SP2 LTSS (x86_64):

xen-4.1.6_06-0.5.1
xen-doc-html-4.1.6_06-0.5.1
xen-doc-pdf-4.1.6_06-0.5.1
xen-libs-32bit-4.1.6_06-0.5.1
xen-tools-4.1.6_06-0.5.1

- SUSE Linux Enterprise Server 11 SP2 LTSS (i586):

xen-kmp-pae-4.1.6_06_3.0.101_0.7.17-0.5.1


References:

http://support.novell.com/security/cve/CVE-2013-2212.html
http://support.novell.com/security/cve/CVE-2013-4553.html
http://support.novell.com/security/cve/CVE-2013-4554.html
http://support.novell.com/security/cve/CVE-2013-6885.html
http://support.novell.com/security/cve/CVE-2014-1666.html
http://support.novell.com/security/cve/CVE-2014-1891.html
http://support.novell.com/security/cve/CVE-2014-1892.html
http://support.novell.com/security/cve/CVE-2014-1893.html
http://support.novell.com/security/cve/CVE-2014-1894.html
http://support.novell.com/security/cve/CVE-2014-1950.html
https://bugzilla.novell.com/831120
https://bugzilla.novell.com/833483
https://bugzilla.novell.com/842417
https://bugzilla.novell.com/846849
https://bugzilla.novell.com/848014
https://bugzilla.novell.com/849667
https://bugzilla.novell.com/849668
https://bugzilla.novell.com/853049
https://bugzilla.novell.com/860163
https://bugzilla.novell.com/860302
https://bugzilla.novell.com/861256

http://download.suse.com/patch/finder/?keywords=39ca3113e56362a1b6ff0a74f08124b2

--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-security-announce+help@xxxxxxxxxxxx

< Previous Next >
This Thread
  • No further messages