openSUSE Security Update: xen: security and bugfix update to 4.1.5 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2013:1392-1 Rating: moderate References: #801663 #803712 #809662 #813673 #813675 #813677 #814709 #816156 #816159 #816163 #819416 #820917 #820919 #820920 #823011 #823608 #823786 #824676 #826882 Cross-References: CVE-2013-1432 CVE-2013-1917 CVE-2013-1918 CVE-2013-1919 CVE-2013-1920 CVE-2013-1952 CVE-2013-1964 CVE-2013-2072 CVE-2013-2076 CVE-2013-2077 CVE-2013-2078 CVE-2013-2211 Affected Products: openSUSE 12.2 ______________________________________________________________________________ An update that solves 12 vulnerabilities and has 7 fixes is now available. Description: XEN was updated to 4.1.5 release. It fixes various bugs and security issues. Issues fixed seperately from the 4.1.5 release: - bnc#824676 - Failed to setup devices for vm instance when start multiple vms simultaneously - bnc#XXXXXX - xen: CVE-2013-XXXX: XSA-61: suppress device assignment to HVM guest when there is no IOMMU - Various upstream patches from Jan were integrated. - bnc#823786 - migrate.py support of short options dropped by PTF - bnc#803712 - after live migration rcu_sched_state detected stalls add new option xm migrate --min_remaing <num> - CVE-2013-1432 / bnc#826882 - xen: XSA-58: x86: fix page refcount handling in page table pin error path - CVE-2013-2211 / bnc#823608 - xen: XSA-57: libxl allows guest write access to sensitive console related xenstore keys - bnc#823011 - xen: XSA-55: Multiple vulnerabilities in libelf PV kernel handling - bnc#801663 - performance of mirror lvm unsuitable for production - CVE-2013-1918/ bnc#816159 - xen: CVE-2013-1918: XSA-45: Several long latency operations are not preemptible - CVE-2013-1952 / bnc#816163 - xen: CVE-2013-1952: XSA-49: VT-d interrupt remapping source validation flaw for bridges - CVE-2013-2076 / bnc#820917 - CVE-2013-2076: xen: Information leak on XSAVE/XRSTOR capable AMD CPUs (XSA-52) - CVE-2013-2077 / bnc#820919 - CVE-2013-2077: xen: Hypervisor crash due to missing exception recovery on XRSTOR (XSA-53) - CVE-2013-2078 / bnc#820920 - CVE-2013-2078: xen: Hypervisor crash due to missing exception recovery on XSETBV (XSA-54) - CVE-2013-2072 / bnc#819416 - xen: CVE-2013-2072: XSA-56: Buffer overflow in xencontrol Python bindings affecting xend - Update to Xen 4.1.5 c/s 23509 There were many xen.spec file patches dropped as now being included in the 4.1.5 tarball. - CVE-2013-1918 / bnc#816159 - xen: XSA-45: Several long latency operations are not preemptible - CVE-2013-1952 / bnc#816163 - xen: XSA-49: VT-d interrupt remapping source validation flaw for bridges - bnc#809662 - can't use pv-grub to start domU (pygrub does work) - CVE-2013-1917 / bnc#813673 - xen: Xen PV DoS vulnerability with SYSENTER - CVE-2013-1919 / bnc#813675 - xen: Several access permission issues with IRQs for unprivileged guests - CVE-2013-1920 / bnc#813677 - xen: Potential use of freed memory in event channel operations - bnc#814709 - Unable to create XEN virtual machines in SLED 11 SP2 on Kyoto Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.2: zypper in -t patch openSUSE-2013-669 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.2 (i586 x86_64): xen-debugsource-4.1.5_04-5.29.1 xen-devel-4.1.5_04-5.29.1 xen-kmp-default-4.1.5_04_k3.4.47_2.38-5.29.1 xen-kmp-default-debuginfo-4.1.5_04_k3.4.47_2.38-5.29.1 xen-kmp-desktop-4.1.5_04_k3.4.47_2.38-5.29.1 xen-kmp-desktop-debuginfo-4.1.5_04_k3.4.47_2.38-5.29.1 xen-libs-4.1.5_04-5.29.1 xen-libs-debuginfo-4.1.5_04-5.29.1 xen-tools-domU-4.1.5_04-5.29.1 xen-tools-domU-debuginfo-4.1.5_04-5.29.1 - openSUSE 12.2 (x86_64): xen-4.1.5_04-5.29.1 xen-doc-html-4.1.5_04-5.29.1 xen-doc-pdf-4.1.5_04-5.29.1 xen-libs-32bit-4.1.5_04-5.29.1 xen-libs-debuginfo-32bit-4.1.5_04-5.29.1 xen-tools-4.1.5_04-5.29.1 xen-tools-debuginfo-4.1.5_04-5.29.1 - openSUSE 12.2 (i586): xen-kmp-pae-4.1.5_04_k3.4.47_2.38-5.29.1 xen-kmp-pae-debuginfo-4.1.5_04_k3.4.47_2.38-5.29.1 References: http://support.novell.com/security/cve/CVE-2013-1432.html http://support.novell.com/security/cve/CVE-2013-1917.html http://support.novell.com/security/cve/CVE-2013-1918.html http://support.novell.com/security/cve/CVE-2013-1919.html http://support.novell.com/security/cve/CVE-2013-1920.html http://support.novell.com/security/cve/CVE-2013-1952.html http://support.novell.com/security/cve/CVE-2013-1964.html http://support.novell.com/security/cve/CVE-2013-2072.html http://support.novell.com/security/cve/CVE-2013-2076.html http://support.novell.com/security/cve/CVE-2013-2077.html http://support.novell.com/security/cve/CVE-2013-2078.html http://support.novell.com/security/cve/CVE-2013-2211.html https://bugzilla.novell.com/801663 https://bugzilla.novell.com/803712 https://bugzilla.novell.com/809662 https://bugzilla.novell.com/813673 https://bugzilla.novell.com/813675 https://bugzilla.novell.com/813677 https://bugzilla.novell.com/814709 https://bugzilla.novell.com/816156 https://bugzilla.novell.com/816159 https://bugzilla.novell.com/816163 https://bugzilla.novell.com/819416 https://bugzilla.novell.com/820917 https://bugzilla.novell.com/820919 https://bugzilla.novell.com/820920 https://bugzilla.novell.com/823011 https://bugzilla.novell.com/823608 https://bugzilla.novell.com/823786 https://bugzilla.novell.com/824676 https://bugzilla.novell.com/826882