openSUSE-SU-2013:1404-1: moderate: xen: security and bugfix update to 4.2.2

4 Sep 2013

      openSUSE Security Update: xen: security and bugfix update to 4.2.2
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2013:1404-1
Rating:             moderate
References:         #797285 #797523 #801663 #802221 #808085 #808269 
                    #809662 #813673 #813675 #814059 #814709 #816159 
                    #816163 #817068 #817210 #817799 #817904 #818183 
                    #819416 #820917 #820919 #820920 #823011 #823608 
                    #824676 #826882 
Cross-References:   CVE-2012-6075 CVE-2013-0151 CVE-2013-1432
                    CVE-2013-1917 CVE-2013-1918 CVE-2013-1919
                    CVE-2013-1922 CVE-2013-1952 CVE-2013-2007
                    CVE-2013-2072 CVE-2013-2076 CVE-2013-2077
                    CVE-2013-2078
Affected Products:
                    openSUSE 12.3
______________________________________________________________________________

   An update that solves 13 vulnerabilities and has 13 fixes
   is now available.

Description:

   XEN was updated to 4.2.2, fixing lots of bugs and several
   security issues.

   Various upstream patches were also merged into this version
   by our  developers.

   Detailed buglist:
   - bnc#824676 - Failed to setup devices for vm instance when
   start multiple vms simultaneously

   - bnc#817799 - sles9sp4 guest fails to start after
   upgrading to sles11 sp3

   - bnc#826882 - xen: CVE-2013-1432: XSA-58: Page reference
   counting error due to XSA-45/CVE-2013-1918 fixes

   - Add upstream patch to fix devid assignment in libxl
   27184-libxl-devid-fix.patch

   - bnc#823608 - xen: XSA-57: libxl allows guest write access
   to sensitive console related xenstore keys
   27178-libxl-Restrict-permissions-on-PV-console-device-xensto
   re-nodes.patch
   - bnc#823011 - xen: XSA-55: Multiple vulnerabilities in
   libelf PV kernel handling

   - bnc#808269 - Fully Virtualized Windows VM install is
   failed on Ivy Bridge platforms with Xen kernel

   - bnc#801663 - performance of mirror lvm unsuitable for
   production block-dmmd

   - bnc#817904 - [SLES11SP3 BCS Bug] Crashkernel fails to
   boot after panic on XEN kernel SP3 Beta 4 and RC1

   - Upstream AMD Erratum patch from Jan

   - bnc#813675 - - xen: CVE-2013-1919: XSA-46: Several access
   permission issues with IRQs for unprivileged guests

   - bnc#820917 - CVE-2013-2076: xen: Information leak on
   XSAVE/XRSTOR capable AMD CPUs (XSA-52)
   - bnc#820919 - CVE-2013-2077: xen: Hypervisor crash due to
   missing exception recovery on XRSTOR (XSA-53)
   - bnc#820920 - CVE-2013-2078: xen: Hypervisor crash due to
   missing exception recovery on XSETBV (XSA-54)
   - bnc#808085 - aacraid driver panics mapping INT A when
   booting kernel-xen
   - bnc#817210 - openSUSE 12.3 Domain 0 doesn't boot with
   i915 graphics controller under Xen with VT-d enabled

   - bnc#819416 - xen: CVE-2013-2072: XSA-56: Buffer overflow
   in xencontrol Python bindings affecting xend

   - bnc#818183 - xen: CVE-2013-2007: XSA-51: qga set umask
   0077 when daemonizing

   - add lndir to BuildRequires

   - remove
   xen.migrate.tools_notify_restore_to_hangup_during_migration_
   --abort_if_busy.patch It changed migration protocol and
   upstream wants a different solution

   - bnc#802221 - fix xenpaging readd
   xenpaging.qemu.flush-cache.patch

   - bnc#808269 - Fully Virtualized Windows VM install is
   failed on Ivy Bridge platforms with Xen kernel

   - Additional fix for bnc#816159
   CVE-2013-1918-xsa45-followup.patch

   - bnc#817068 - Xen guest with >1 sr-iov vf won't start

   - Update to Xen 4.2.2 c/s 26064 The following recent
   security patches are included in the tarball
   CVE-2013-0151-xsa34.patch (bnc#797285)
   CVE-2012-6075-xsa41.patch (bnc#797523)
   CVE-2013-1917-xsa44.patch (bnc#813673)
   CVE-2013-1919-xsa46.patch (bnc#813675)

   - bnc#816159 - xen: CVE-2013-1918: XSA-45: Several long
   latency operations are not preemptible

   - bnc#816163 - xen: CVE-2013-1952: XSA-49: VT-d interrupt
   remapping source validation flaw for bridges

   - bnc#809662 - can't use pv-grub to start domU (pygrub does
   work) xen.spec

   - bnc#814709 - Unable to create XEN virtual machines in
   SLED 11 SP2 on Kyoto

   - bnc#813673 - CVE-2013-1917: xen: Xen PV DoS vulnerability
   with SYSENTER
   - bnc#813675 - CVE-2013-1919: xen: Several access
   permission issues with IRQs for unprivileged guests
   - bnc#814059 - xen: qemu-nbd format-guessing due to missing
   format specification

Patch Instructions:

   To install this openSUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - openSUSE 12.3:

      zypper in -t patch openSUSE-2013-677

   To bring your system up-to-date, use "zypper patch".

Package List:

   - openSUSE 12.3 (i586 x86_64):

      xen-debugsource-4.2.2_06-1.16.1
      xen-devel-4.2.2_06-1.16.1
      xen-kmp-default-4.2.2_06_k3.7.10_1.16-1.16.1
      xen-kmp-default-debuginfo-4.2.2_06_k3.7.10_1.16-1.16.1
      xen-kmp-desktop-4.2.2_06_k3.7.10_1.16-1.16.1
      xen-kmp-desktop-debuginfo-4.2.2_06_k3.7.10_1.16-1.16.1
      xen-libs-4.2.2_06-1.16.1
      xen-libs-debuginfo-4.2.2_06-1.16.1
      xen-tools-domU-4.2.2_06-1.16.1
      xen-tools-domU-debuginfo-4.2.2_06-1.16.1

   - openSUSE 12.3 (x86_64):

      xen-4.2.2_06-1.16.1
      xen-doc-html-4.2.2_06-1.16.1
      xen-doc-pdf-4.2.2_06-1.16.1
      xen-libs-32bit-4.2.2_06-1.16.1
      xen-libs-debuginfo-32bit-4.2.2_06-1.16.1
      xen-tools-4.2.2_06-1.16.1
      xen-tools-debuginfo-4.2.2_06-1.16.1

   - openSUSE 12.3 (i586):

      xen-kmp-pae-4.2.2_06_k3.7.10_1.16-1.16.1
      xen-kmp-pae-debuginfo-4.2.2_06_k3.7.10_1.16-1.16.1

References:

   http://support.novell.com/security/cve/CVE-2012-6075.html
   http://support.novell.com/security/cve/CVE-2013-0151.html
   http://support.novell.com/security/cve/CVE-2013-1432.html
   http://support.novell.com/security/cve/CVE-2013-1917.html
   http://support.novell.com/security/cve/CVE-2013-1918.html
   http://support.novell.com/security/cve/CVE-2013-1919.html
   http://support.novell.com/security/cve/CVE-2013-1922.html
   http://support.novell.com/security/cve/CVE-2013-1952.html
   http://support.novell.com/security/cve/CVE-2013-2007.html
   http://support.novell.com/security/cve/CVE-2013-2072.html
   http://support.novell.com/security/cve/CVE-2013-2076.html
   http://support.novell.com/security/cve/CVE-2013-2077.html
   http://support.novell.com/security/cve/CVE-2013-2078.html
   https://bugzilla.novell.com/797285
   https://bugzilla.novell.com/797523
   https://bugzilla.novell.com/801663
   https://bugzilla.novell.com/802221
   https://bugzilla.novell.com/808085
   https://bugzilla.novell.com/808269
   https://bugzilla.novell.com/809662
   https://bugzilla.novell.com/813673
   https://bugzilla.novell.com/813675
   https://bugzilla.novell.com/814059
   https://bugzilla.novell.com/814709
   https://bugzilla.novell.com/816159
   https://bugzilla.novell.com/816163
   https://bugzilla.novell.com/817068
   https://bugzilla.novell.com/817210
   https://bugzilla.novell.com/817799
   https://bugzilla.novell.com/817904
   https://bugzilla.novell.com/818183
   https://bugzilla.novell.com/819416
   https://bugzilla.novell.com/820917
   https://bugzilla.novell.com/820919
   https://bugzilla.novell.com/820920
   https://bugzilla.novell.com/823011
   https://bugzilla.novell.com/823608
   https://bugzilla.novell.com/824676
   https://bugzilla.novell.com/826882

Main

Development

Information

Community

Social Media

Other

openSUSE-SU-2013:1404-1: moderate: xen: security and bugfix update to 4.2.2

opensuse-security＠opensuse.org