SUSE Security Update: Security update for MozillaFirefox
______________________________________________________________________________
Announcement ID: SUSE-SU-2014:0418-1
Rating: important
References: #868603
Affected Products:
SUSE Linux Enterprise Software Development Kit 11 SP3
SUSE Linux Enterprise Server 11 SP3 for VMware
SUSE Linux Enterprise Server 11 SP3
SUSE Linux Enterprise Desktop 11 SP3
______________________________________________________________________________
An update that contains security fixes can now be
installed. It includes two new package versions.
Description:
Mozilla Firefox was updated to 24.4.0ESR release, fixing
various security issues and bugs:
*
MFSA 2014-15: Mozilla developers and community
identified identified and fixed several memory safety bugs
in the browser engine used in Firefox and other
Mozilla-based products. Some of these bugs showed evidence
of memory corruption under certain circumstances, and we
presume that with enough effort at least some of these
could be exploited to run arbitrary code.
*
Benoit Jacob, Olli Pettay, Jan Varga, Jan de Mooij,
Jesse Ruderman, Dan Gohman, and Christoph Diehl reported
memory safety problems and crashes that affect Firefox ESR
24.3 and Firefox 27. (CVE-2014-1493)
*
Gregor Wagner, Olli Pettay, Gary Kwong, Jesse
Ruderman, Luke Wagner, Rob Fletcher, and Makoto Kato
reported memory safety problems and crashes that affect
Firefox 27. (CVE-2014-1494)
*
MFSA 2014-16 / CVE-2014-1496: Security researcher Ash
reported an issue where the extracted files for updates to
existing files are not read only during the update process.
This allows for the potential replacement or modification
of these files during the update process if a malicious
application is present on the local system.
*
MFSA 2014-17 / CVE-2014-1497: Security researcher
Atte Kettunen from OUSPG reported an out of bounds read
during the decoding of WAV format audio files for playback.
This could allow web content access to heap data as well as
causing a crash.
*
MFSA 2014-18 / CVE-2014-1498: Mozilla developer David
Keeler reported that the crypto.generateCRFMRequest method
did not correctly validate the key type of the KeyParams
argument when generating ec-dual-use requests. This could
lead to a crash and a denial of service (DOS) attack.
*
MFSA 2014-19 / CVE-2014-1499: Mozilla developer Ehsan
Akhgari reported a spoofing attack where the permission
prompt for a WebRTC session can appear to be from a
different site than its actual originating site if a timed
navigation occurs during the prompt generation. This allows
an attacker to potentially gain access to the webcam or
microphone by masquerading as another site and gaining user
permission through spoofing.
*
MFSA 2014-20 / CVE-2014-1500: Security researchers
Tim Philipp Schaefers and Sebastian Neef, the team of
Internetwache.org, reported a mechanism using JavaScript
onbeforeunload events with page navigation to prevent users
from closing a malicious page's tab and causing the browser
to become unresponsive. This allows for a denial of service
(DOS) attack due to resource consumption and blocks the
ability of users to exit the application.
*
MFSA 2014-21 / CVE-2014-1501: Security researcher
Alex Infuehr reported that on Firefox for Android it is
possible to open links to local files from web content by
selecting "Open Link in New Tab" from the context menu
using the file: protocol. The web content would have to
know the precise location of a malicious local file in
order to exploit this issue. This issue does not affect
Firefox on non-Android systems.
*
MFSA 2014-22 / CVE-2014-1502: Mozilla developer Jeff
Gilbert discovered a mechanism where a malicious site with
WebGL content could inject content from its context to that
of another site's WebGL context, causing the second site to
replace textures and similar content. This cannot be used
to steal data but could be used to render arbitrary content
in these limited circumstances.
*
MFSA 2014-23 / CVE-2014-1504: Security researcher
Nicolas Golubovic reported that the Content Security Policy
(CSP) of data: documents was not saved as part of session
restore. If an attacker convinced a victim to open a
document from a data: URL injected onto a page, this can
lead to a Cross-Site Scripting (XSS) attack. The target
page may have a strict CSP that protects against this XSS
attack, but if the attacker induces a browser crash with
another bug, an XSS attack would occur during session
restoration, bypassing the CSP on the site.
*
MFSA 2014-26 / CVE-2014-1508: Security researcher
Tyson Smith and Jesse Schwartzentruber of the BlackBerry
Security Automated Analysis Team used the Address Sanitizer
tool while fuzzing to discover an out-of-bounds read during
polygon rendering in MathML. This can allow web content to
potentially read protected memory addresses. In combination
with previous techniques used for SVG timing attacks, this
could allow for text values to be read across domains,
leading to information disclosure.
*
MFSA 2014-27 / CVE-2014-1509: Security researcher
John Thomson discovered a memory corruption in the Cairo
graphics library during font rendering of a PDF file for
display. This memory corruption leads to a potentially
exploitable crash and to a denial of service (DOS). This
issues is not able to be triggered in a default
configuration and would require a malicious extension to be
installed.
*
MFSA 2014-28 / CVE-2014-1505: Mozilla developer
Robert O'Callahan reported a mechanism for timing attacks
involving SVG filters and displacements input to
feDisplacementMap. This allows displacements to potentially
be correlated with values derived from content. This is
similar to the previously reported techniques used for SVG
timing attacks and could allow for text values to be read
across domains, leading to information disclosure.
*
MFSA 2014-29 / CVE-2014-1510 / CVE-2014-1511:
Security researcher Mariusz Mlynski, via TippingPoint's
Pwn2Own contest, reported that it is possible for untrusted
web content to load a chrome-privileged page by getting
JavaScript-implemented WebIDL to call window.open(). A
second bug allowed the bypassing of the popup-blocker
without user interaction. Combined these two bugs allow an
attacker to load a JavaScript URL that is executed with the
full privileges of the browser, which allows arbitrary code
execution.
*
MFSA 2014-30 / CVE-2014-1512: Security research firm
VUPEN, via TippingPoint's Pwn2Own contest, reported that
memory pressure during Garbage Collection could lead to
memory corruption of TypeObjects in the JS engine,
resulting in an exploitable use-after-free condition.
*
MFSA 2014-31 / CVE-2014-1513: Security researcher
Jueri Aedla, via TippingPoint's Pwn2Own contest, reported
that TypedArrayObject does not handle the case where
ArrayBuffer objects are neutered, setting their length to
zero while still in use. This leads to out-of-bounds reads
and writes into the JavaScript heap, allowing for arbitrary
code execution.
*
MFSA 2014-32 / CVE-2014-1514: Security researcher
George Hotz, via TippingPoint's Pwn2Own contest, discovered
an issue where values are copied from an array into a
second, neutered array. This allows for an out-of-bounds
write into memory, causing an exploitable crash leading to
arbitrary code execution.
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 11 SP3:
zypper in -t patch sdksp3-firefox-201403-9049
- SUSE Linux Enterprise Server 11 SP3 for VMware:
zypper in -t patch slessp3-firefox-201403-9049
- SUSE Linux Enterprise Server 11 SP3:
zypper in -t patch slessp3-firefox-201403-9049
- SUSE Linux Enterprise Desktop 11 SP3:
zypper in -t patch sledsp3-firefox-201403-9049
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 4.10.4]:
MozillaFirefox-devel-24.4.0esr-0.8.1
mozilla-nspr-devel-4.10.4-0.3.1
- SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 24.4.0esr and 4.10.4]:
MozillaFirefox-24.4.0esr-0.8.1
MozillaFirefox-translations-24.4.0esr-0.8.1
mozilla-nspr-4.10.4-0.3.1
- SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64) [New Version: 4.10.4]:
mozilla-nspr-32bit-4.10.4-0.3.1
- SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 24.4.0esr and 4.10.4]:
MozillaFirefox-24.4.0esr-0.8.1
MozillaFirefox-branding-SLED-24-0.7.23
MozillaFirefox-translations-24.4.0esr-0.8.1
mozilla-nspr-4.10.4-0.3.1
- SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64) [New Version: 4.10.4]:
mozilla-nspr-32bit-4.10.4-0.3.1
- SUSE Linux Enterprise Server 11 SP3 (ia64) [New Version: 4.10.4]:
mozilla-nspr-x86-4.10.4-0.3.1
- SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 24.4.0esr and 4.10.4]:
MozillaFirefox-24.4.0esr-0.8.1
MozillaFirefox-branding-SLED-24-0.7.23
MozillaFirefox-translations-24.4.0esr-0.8.1
mozilla-nspr-4.10.4-0.3.1
- SUSE Linux Enterprise Desktop 11 SP3 (x86_64) [New Version: 4.10.4]:
mozilla-nspr-32bit-4.10.4-0.3.1
References:
https://bugzilla.novell.com/868603http://download.suse.com/patch/finder/?keywords=459a5273e5dbc348d118a480520…
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
SUSE Security Update: Security update for Xen
______________________________________________________________________________
Announcement ID: SUSE-SU-2014:0411-1
Rating: important
References: #787163 #813673 #813677 #823011 #840592 #842511
#848657 #849668 #853049
Cross-References: CVE-2012-4544 CVE-2013-1917 CVE-2013-1920
CVE-2013-2194 CVE-2013-2195 CVE-2013-2196
CVE-2013-4355 CVE-2013-4368 CVE-2013-4494
CVE-2013-4554 CVE-2013-6885
Affected Products:
SUSE Linux Enterprise Server 10 SP4 LTSS
______________________________________________________________________________
An update that fixes 11 vulnerabilities is now available.
Description:
The SUSE Linux Enterprise Server 10 Service Pack 4 LTSS Xen
hypervisor and toolset have been updated to fix various
security issues.
The following security issues have been addressed:
* XSA-82: CVE-2013-6885: The microcode on AMD 16h 00h
through 0Fh processors does not properly handle the
interaction between locked instructions and write-combined
memory types, which allows local users to cause a denial of
service (system hang) via a crafted application, aka the
errata 793 issue. (bnc#853049)
* XSA-76: CVE-2013-4554: Xen 3.0.3 through 4.1.x
(possibly 4.1.6.1), 4.2.x (possibly 4.2.3), and 4.3.x
(possibly 4.3.1) does not properly prevent access to
hypercalls, which allows local guest users to gain
privileges via a crafted application running in ring 1 or
2. (bnc#849668)
* XSA-73: CVE-2013-4494: Xen before 4.1.x, 4.2.x, and
4.3.x does not take the page_alloc_lock and
grant_table.lock in the same order, which allows local
guest administrators with access to multiple vcpus to cause
a denial of service (host deadlock) via unspecified
vectors. (bnc#848657)
* XSA-67: CVE-2013-4368: The outs instruction emulation
in Xen 3.1.x, 4.2.x, 4.3.x, and earlier, when using FS: or
GS: segment override, uses an uninitialized variable as a
segment base, which allows local 64-bit PV guests to obtain
sensitive information (hypervisor stack content) via
unspecified vectors related to stale data in a segment
register. (bnc#842511)
* XSA-63: CVE-2013-4355: Xen 4.3.x and earlier does not
properly handle certain errors, which allows local HVM
guests to obtain hypervisor stack memory via a (1) port or
(2) memory mapped I/O write or (3) other unspecified
operations related to addresses without associated memory.
(bnc#840592)
* XSA-55: CVE-2013-2196: Multiple unspecified
vulnerabilities in the Elf parser (libelf) in Xen 4.2.x and
earlier allow local guest administrators with certain
permissions to have an unspecified impact via a crafted
kernel, related to "other problems" that are not
CVE-2013-2194 or CVE-2013-2195. (bnc#823011)
* XSA-55: CVE-2013-2195: The Elf parser (libelf) in Xen
4.2.x and earlier allow local guest administrators with
certain permissions to have an unspecified impact via a
crafted kernel, related to "pointer dereferences" involving
unexpected calculations. (bnc#823011)
* XSA-55: CVE-2013-2194: Multiple integer overflows in
the Elf parser (libelf) in Xen 4.2.x and earlier allow
local guest administrators with certain permissions to have
an unspecified impact via a crafted kernel. (bnc#823011)
* XSA-47: CVE-2013-1920: Xen 4.2.x, 4.1.x, and earlier,
when the hypervisor is running "under memory pressure" and
the Xen Security Module (XSM) is enabled, uses the wrong
ordering of operations when extending the per-domain event
channel tracking table, which causes a use-after-free and
allows local guest kernels to inject arbitrary events and
gain privileges via unspecified vectors. (bnc#813677)
* XSA-44: CVE-2013-1917: Xen 3.1 through 4.x, when
running 64-bit hosts on Intel CPUs, does not clear the NT
flag when using an IRET after a SYSENTER instruction, which
allows PV guest users to cause a denial of service
(hypervisor crash) by triggering a #GP fault, which is not
properly handled by another IRET instruction. (bnc#813673)
* XSA-25: CVE-2012-4544: The PV domain builder in Xen
4.2 and earlier does not validate the size of the kernel or
ramdisk (1) before or (2) after decompression, which allows
local guest administrators to cause a denial of service
(domain 0 memory consumption) via a crafted (a) kernel or
(b) ramdisk. (bnc#787163)
Security Issue references:
* CVE-2012-4544
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4544
>
* CVE-2013-1917
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1917
>
* CVE-2013-1920
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1920
>
* CVE-2013-2194
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2194
>
* CVE-2013-2195
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2195
>
* CVE-2013-2196
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2196
>
* CVE-2013-4355
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4355
>
* CVE-2013-4368
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4368
>
* CVE-2013-4494
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4494
>
* CVE-2013-4554
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4554
>
* CVE-2013-6885
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6885
>
Indications:
Everyone using the Xen hypervisor should update.
Special Instructions and Notes:
Please reboot the system after installing this update.
Package List:
- SUSE Linux Enterprise Server 10 SP4 LTSS (i586 x86_64):
xen-3.2.3_17040_46-0.7.1
xen-devel-3.2.3_17040_46-0.7.1
xen-doc-html-3.2.3_17040_46-0.7.1
xen-doc-pdf-3.2.3_17040_46-0.7.1
xen-doc-ps-3.2.3_17040_46-0.7.1
xen-kmp-debug-3.2.3_17040_46_2.6.16.60_0.103.13-0.7.1
xen-kmp-default-3.2.3_17040_46_2.6.16.60_0.103.13-0.7.1
xen-kmp-kdump-3.2.3_17040_46_2.6.16.60_0.103.13-0.7.1
xen-kmp-smp-3.2.3_17040_46_2.6.16.60_0.103.13-0.7.1
xen-libs-3.2.3_17040_46-0.7.1
xen-tools-3.2.3_17040_46-0.7.1
xen-tools-domU-3.2.3_17040_46-0.7.1
xen-tools-ioemu-3.2.3_17040_46-0.7.1
- SUSE Linux Enterprise Server 10 SP4 LTSS (x86_64):
xen-libs-32bit-3.2.3_17040_46-0.7.1
- SUSE Linux Enterprise Server 10 SP4 LTSS (i586):
xen-kmp-bigsmp-3.2.3_17040_46_2.6.16.60_0.103.13-0.7.1
xen-kmp-kdumppae-3.2.3_17040_46_2.6.16.60_0.103.13-0.7.1
xen-kmp-vmi-3.2.3_17040_46_2.6.16.60_0.103.13-0.7.1
xen-kmp-vmipae-3.2.3_17040_46_2.6.16.60_0.103.13-0.7.1
References:
http://support.novell.com/security/cve/CVE-2012-4544.htmlhttp://support.novell.com/security/cve/CVE-2013-1917.htmlhttp://support.novell.com/security/cve/CVE-2013-1920.htmlhttp://support.novell.com/security/cve/CVE-2013-2194.htmlhttp://support.novell.com/security/cve/CVE-2013-2195.htmlhttp://support.novell.com/security/cve/CVE-2013-2196.htmlhttp://support.novell.com/security/cve/CVE-2013-4355.htmlhttp://support.novell.com/security/cve/CVE-2013-4368.htmlhttp://support.novell.com/security/cve/CVE-2013-4494.htmlhttp://support.novell.com/security/cve/CVE-2013-4554.htmlhttp://support.novell.com/security/cve/CVE-2013-6885.htmlhttps://bugzilla.novell.com/787163https://bugzilla.novell.com/813673https://bugzilla.novell.com/813677https://bugzilla.novell.com/823011https://bugzilla.novell.com/840592https://bugzilla.novell.com/842511https://bugzilla.novell.com/848657https://bugzilla.novell.com/849668https://bugzilla.novell.com/853049http://download.suse.com/patch/finder/?keywords=5877b583cb5aa03d08203d887cc…
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
SUSE Security Update: Security update for flash-player
______________________________________________________________________________
Announcement ID: SUSE-SU-2014:0387-1
Rating: important
References: #867808
Cross-References: CVE-2014-0503 CVE-2014-0504
Affected Products:
SUSE Linux Enterprise Desktop 11 SP3
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
It includes one version update.
Description:
Adobe Flash Player was updated to version 11.2.202.346 to
fix security issues:
* CVE-2014-0503: A vulnerability that could be used to
bypass the same origin policy was fixed.
* CVE-2014-0504: A vulnerability that could be used to
read the contents of the clipboard was fixed.
More information can be found on:
http://helpx.adobe.com/security/products/flash-player/apsb14
-08.html
<http://helpx.adobe.com/security/products/flash-player/apsb1
4-08.html>
Security Issues references:
* CVE-2014-0503
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0503
>
* CVE-2014-0504
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0504
>
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Desktop 11 SP3:
zypper in -t patch sledsp3-flash-player-9012
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 11.2.202.346]:
flash-player-11.2.202.346-0.3.1
flash-player-gnome-11.2.202.346-0.3.1
flash-player-kde4-11.2.202.346-0.3.1
References:
http://support.novell.com/security/cve/CVE-2014-0503.htmlhttp://support.novell.com/security/cve/CVE-2014-0504.htmlhttps://bugzilla.novell.com/867808http://download.suse.com/patch/finder/?keywords=7b22f7ea669840f4d56e82cfb97…
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
openSUSE Security Update: flash-player to 11.2.202.346
______________________________________________________________________________
Announcement ID: openSUSE-SU-2014:0379-1
Rating: important
References: #867808
Cross-References: CVE-2014-0503 CVE-2014-0504
Affected Products:
openSUSE 11.4
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
Adobe Flash Player was updated to version 11.2.202.346 to
fix security issues:
CVE-2014-0503: A vulnerability that could be used to bypass
the same origin policy was fixed.
CVE-2014-0504: A vulnerability that could be used to read
the contents of the clipboard was fixed.
More information can be found on:
http://helpx.adobe.com/security/products/flash-player/apsb14
-08.html
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 11.4:
zypper in -t patch 2014-33
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 11.4 (i586 x86_64):
flash-player-11.2.202.346-99.1
flash-player-gnome-11.2.202.346-99.1
flash-player-kde4-11.2.202.346-99.1
References:
http://support.novell.com/security/cve/CVE-2014-0503.htmlhttp://support.novell.com/security/cve/CVE-2014-0504.htmlhttps://bugzilla.novell.com/867808
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
openSUSE Security Update: flash-player to 11.2.202.346
______________________________________________________________________________
Announcement ID: openSUSE-SU-2014:0377-1
Rating: important
References: #867808
Cross-References: CVE-2013-0504 CVE-2014-0503
Affected Products:
openSUSE 13.1:NonFree
openSUSE 12.3:NonFree
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
Adobe Flash Player was updated to version 11.2.202.346 to
fix security issues:
CVE-2014-0503: A vulnerability that could be used to bypass
the same origin policy was fixed.
CVE-2014-0504: A vulnerability that could be used to read
the contents of the clipboard was fixed.
More information can be found on:
http://helpx.adobe.com/security/products/flash-player/apsb14
-08.html
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 13.1:NonFree:
zypper in -t patch openSUSE-2014-212
- openSUSE 12.3:NonFree:
zypper in -t patch openSUSE-2014-212
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 13.1:NonFree (i586 x86_64):
flash-player-11.2.202.346-38.1
flash-player-gnome-11.2.202.346-38.1
flash-player-kde4-11.2.202.346-38.1
- openSUSE 12.3:NonFree (i586 x86_64):
flash-player-11.2.202.346-2.64.1
flash-player-gnome-11.2.202.346-2.64.1
flash-player-kde4-11.2.202.346-2.64.1
References:
http://support.novell.com/security/cve/CVE-2013-0504.htmlhttp://support.novell.com/security/cve/CVE-2014-0503.htmlhttps://bugzilla.novell.com/867808
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
SUSE Security Update: Security update for Xen
______________________________________________________________________________
Announcement ID: SUSE-SU-2014:0373-1
Rating: important
References: #831120 #833251 #848014 #853048 #853049 #858311
#860092 #860163 #860165 #860300 #860302 #861256
#863297
Cross-References: CVE-2013-2212 CVE-2013-6400 CVE-2013-6885
CVE-2014-1642 CVE-2014-1666 CVE-2014-1891
CVE-2014-1892 CVE-2014-1893 CVE-2014-1894
CVE-2014-1895 CVE-2014-1896 CVE-2014-1950
Affected Products:
SUSE Linux Enterprise Software Development Kit 11 SP3
SUSE Linux Enterprise Server 11 SP3
SUSE Linux Enterprise Desktop 11 SP3
______________________________________________________________________________
An update that solves 12 vulnerabilities and has one errata
is now available.
Description:
The SUSE Linux Enterprise Server 11 Service Pack 3 Xen
hypervisor and toolset has been updated to 4.2.4 to fix
various bugs and security issues:
The following security issues have been addressed:
*
XSA-60: CVE-2013-2212: The vmx_set_uc_mode function
in Xen 3.3 through 4.3, when disabling chaches, allows
local HVM guests with access to memory mapped I/O regions
to cause a denial of service (CPU consumption and possibly
hypervisor or guest kernel panic) via a crafted GFN range.
(bnc#831120)
*
XSA-80: CVE-2013-6400: Xen 4.2.x and 4.3.x, when
using Intel VT-d and a PCI device has been assigned, does
not clear the flag that suppresses IOMMU TLB flushes when
unspecified errors occur, which causes the TLB entries to
not be flushed and allows local guest administrators to
cause a denial of service (host crash) or gain privileges
via unspecified vectors. (bnc#853048)
*
XSA-82: CVE-2013-6885: The microcode on AMD 16h 00h
through 0Fh processors does not properly handle the
interaction between locked instructions and write-combined
memory types, which allows local users to cause a denial of
service (system hang) via a crafted application, aka the
errata 793 issue. (bnc#853049)
*
XSA-83: CVE-2014-1642: The IRQ setup in Xen 4.2.x and
4.3.x, when using device passthrough and configured to
support a large number of CPUs, frees certain memory that
may still be intended for use, which allows local guest
administrators to cause a denial of service (memory
corruption and hypervisor crash) and possibly execute
arbitrary code via vectors related to an out-of-memory
error that triggers a (1) use-after-free or (2) double
free. (bnc#860092)
*
XSA-84: CVE-2014-1891: The FLASK_{GET,SET}BOOL,
FLASK_USER and FLASK_CONTEXT_TO_SID suboperations of the
flask hypercall are vulnerable to an integer overflow on
the input size. The hypercalls attempt to allocate a buffer
which is 1 larger than this size and is therefore
vulnerable to integer overflow and an attempt to allocate
then access a zero byte buffer. (bnc#860163)
*
XSA-84: CVE-2014-1892 CVE-2014-1893: Xen 3.3 through
4.1, while not affected by the above overflow, have a
different overflow issue on FLASK_{GET,SET}BOOL and expose
unreasonably large memory allocation to aribitrary guests.
(bnc#860163)
*
XSA-84: CVE-2014-1894: Xen 3.2 (and presumably
earlier) exhibit both problems with the overflow issue
being present for more than just the suboperations listed
above. (bnc#860163)
*
XSA-85: CVE-2014-1895: The FLASK_AVC_CACHESTAT
hypercall, which provides access to per-cpu statistics on
the Flask security policy, incorrectly validates the CPU
for which statistics are being requested. (bnc#860165)
*
XSA-86: CVE-2014-1896: libvchan (a library for
inter-domain communication) does not correctly handle
unusual or malicious contents in the xenstore ring. A
malicious guest can exploit this to cause a libvchan-using
facility to read or write past the end of the ring.
(bnc#860300)
*
XSA-87: CVE-2014-1666: The do_physdev_op function in
Xen 4.1.5, 4.1.6.1, 4.2.2 through 4.2.3, and 4.3.x does not
properly restrict access to the (1) PHYSDEVOP_prepare_msix
and (2) PHYSDEVOP_release_msix operations, which allows
local PV guests to cause a denial of service (host or guest
malfunction) or possibly gain privileges via unspecified
vectors. (bnc#860302)
*
XSA-88: CVE-2014-1950: Use-after-free vulnerability
in the xc_cpupool_getinfo function in Xen 4.1.x through
4.3.x, when using a multithreaded toolstack, does not
properly handle a failure by the xc_cpumap_alloc function,
which allows local users with access to management
functions to cause a denial of service (heap corruption)
and possibly gain privileges via unspecified vectors.
(bnc#861256)
Also the following non-security bugs have been fixed:
* Fixed boot problems with Xen kernel. "(XEN) setup
0000:00:18.0 for d0 failed (-19)" (bnc#858311)
* Fixed Xen hypervisor panic on 8-blades nPar with
46-bit memory addressing. (bnc#848014)
* Fixed Xen hypervisor panic in HP's UEFI x86_64
platform and with xen environment, in booting stage.
(bnc#833251)
* xend/pvscsi: recognize also SCSI CDROM devices
(bnc#863297)
* pygrub: Support (/dev/xvda) style disk specifications
Security Issue references:
* CVE-2013-2212
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2212
>
* CVE-2013-6400
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6400
>
* CVE-2013-6885
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6885
>
* CVE-2014-1642
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1642
>
* CVE-2014-1666
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1666
>
* CVE-2014-1891
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1891
>
* CVE-2014-1892
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1892
>
* CVE-2014-1893
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1893
>
* CVE-2014-1894
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1894
>
* CVE-2014-1895
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1895
>
* CVE-2014-1896
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1896
>
* CVE-2014-1950
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1950
>
Indications:
Everyone using the Xen hypervisor should update.
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 11 SP3:
zypper in -t patch sdksp3-xen-201402-8973
- SUSE Linux Enterprise Server 11 SP3:
zypper in -t patch slessp3-xen-201402-8973
- SUSE Linux Enterprise Desktop 11 SP3:
zypper in -t patch sledsp3-xen-201402-8973
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 x86_64):
xen-devel-4.2.4_02-0.7.1
- SUSE Linux Enterprise Server 11 SP3 (i586 x86_64):
xen-kmp-default-4.2.4_02_3.0.101_0.15-0.7.1
xen-libs-4.2.4_02-0.7.1
xen-tools-domU-4.2.4_02-0.7.1
- SUSE Linux Enterprise Server 11 SP3 (x86_64):
xen-4.2.4_02-0.7.1
xen-doc-html-4.2.4_02-0.7.1
xen-doc-pdf-4.2.4_02-0.7.1
xen-libs-32bit-4.2.4_02-0.7.1
xen-tools-4.2.4_02-0.7.1
- SUSE Linux Enterprise Server 11 SP3 (i586):
xen-kmp-pae-4.2.4_02_3.0.101_0.15-0.7.1
- SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64):
xen-kmp-default-4.2.4_02_3.0.101_0.15-0.7.1
xen-libs-4.2.4_02-0.7.1
xen-tools-domU-4.2.4_02-0.7.1
- SUSE Linux Enterprise Desktop 11 SP3 (x86_64):
xen-4.2.4_02-0.7.1
xen-doc-html-4.2.4_02-0.7.1
xen-doc-pdf-4.2.4_02-0.7.1
xen-libs-32bit-4.2.4_02-0.7.1
xen-tools-4.2.4_02-0.7.1
- SUSE Linux Enterprise Desktop 11 SP3 (i586):
xen-kmp-pae-4.2.4_02_3.0.101_0.15-0.7.1
References:
http://support.novell.com/security/cve/CVE-2013-2212.htmlhttp://support.novell.com/security/cve/CVE-2013-6400.htmlhttp://support.novell.com/security/cve/CVE-2013-6885.htmlhttp://support.novell.com/security/cve/CVE-2014-1642.htmlhttp://support.novell.com/security/cve/CVE-2014-1666.htmlhttp://support.novell.com/security/cve/CVE-2014-1891.htmlhttp://support.novell.com/security/cve/CVE-2014-1892.htmlhttp://support.novell.com/security/cve/CVE-2014-1893.htmlhttp://support.novell.com/security/cve/CVE-2014-1894.htmlhttp://support.novell.com/security/cve/CVE-2014-1895.htmlhttp://support.novell.com/security/cve/CVE-2014-1896.htmlhttp://support.novell.com/security/cve/CVE-2014-1950.htmlhttps://bugzilla.novell.com/831120https://bugzilla.novell.com/833251https://bugzilla.novell.com/848014https://bugzilla.novell.com/853048https://bugzilla.novell.com/853049https://bugzilla.novell.com/858311https://bugzilla.novell.com/860092https://bugzilla.novell.com/860163https://bugzilla.novell.com/860165https://bugzilla.novell.com/860300https://bugzilla.novell.com/860302https://bugzilla.novell.com/861256https://bugzilla.novell.com/863297http://download.suse.com/patch/finder/?keywords=5a8bffedb3efaf6c22dfa94d3db…
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
SUSE Security Update: Security update for Xen
______________________________________________________________________________
Announcement ID: SUSE-SU-2014:0372-1
Rating: important
References: #831120 #833483 #842417 #846849 #848014 #849667
#849668 #853049 #860163 #860302 #861256
Cross-References: CVE-2013-2212 CVE-2013-4553 CVE-2013-4554
CVE-2013-6885 CVE-2014-1666 CVE-2014-1891
CVE-2014-1892 CVE-2014-1893 CVE-2014-1894
CVE-2014-1950
Affected Products:
SUSE Linux Enterprise Server 11 SP2 LTSS
______________________________________________________________________________
An update that solves 10 vulnerabilities and has one errata
is now available.
Description:
The SUSE Linux Enterprise Server 11 Service Pack 2 LTSS Xen
hypervisor and toolset has been updated to fix various
security issues and several bugs.
The following security issues have been addressed:
*
XSA-88: CVE-2014-1950: Use-after-free vulnerability
in the xc_cpupool_getinfo function in Xen 4.1.x through
4.3.x, when using a multithreaded toolstack, does not
properly handle a failure by the xc_cpumap_alloc function,
which allows local users with access to management
functions to cause a denial of service (heap corruption)
and possibly gain privileges via unspecified vectors.
(bnc#861256)
*
XSA-87: CVE-2014-1666: The do_physdev_op function in
Xen 4.1.5, 4.1.6.1, 4.2.2 through 4.2.3, and 4.3.x does not
properly restrict access to the (1) PHYSDEVOP_prepare_msix
and (2) PHYSDEVOP_release_msix operations, which allows
local PV guests to cause a denial of service (host or guest
malfunction) or possibly gain privileges via unspecified
vectors. (bnc#860302)
*
XSA-84: CVE-2014-1894: Xen 3.2 (and presumably
earlier) exhibit both problems with the overflow issue
being present for more than just the suboperations listed
above. (bnc#860163)
*
XSA-84: CVE-2014-1892 CVE-2014-1893: Xen 3.3 through
4.1, while not affected by the above overflow, have a
different overflow issue on FLASK_{GET,SET}BOOL and expose
unreasonably large memory allocation to aribitrary guests.
(bnc#860163)
*
XSA-84: CVE-2014-1891: The FLASK_{GET,SET}BOOL,
FLASK_USER and FLASK_CONTEXT_TO_SID suboperations of the
flask hypercall are vulnerable to an integer overflow on
the input size. The hypercalls attempt to allocate a buffer
which is 1 larger than this size and is therefore
vulnerable to integer overflow and an attempt to allocate
then access a zero byte buffer. (bnc#860163)
*
XSA-82: CVE-2013-6885: The microcode on AMD 16h 00h
through 0Fh processors does not properly handle the
interaction between locked instructions and write-combined
memory types, which allows local users to cause a denial of
service (system hang) via a crafted application, aka the
errata 793 issue. (bnc#853049)
*
XSA-76: CVE-2013-4554: Xen 3.0.3 through 4.1.x
(possibly 4.1.6.1), 4.2.x (possibly 4.2.3), and 4.3.x
(possibly 4.3.1) does not properly prevent access to
hypercalls, which allows local guest users to gain
privileges via a crafted application running in ring 1 or
2. (bnc#849668)
*
XSA-74: CVE-2013-4553: The XEN_DOMCTL_getmemlist
hypercall in Xen 3.4.x through 4.3.x (possibly 4.3.1) does
not always obtain the page_alloc_lock and mm_rwlock in the
same order, which allows local guest administrators to
cause a denial of service (host deadlock). (bnc#849667)
*
XSA-60: CVE-2013-2212: The vmx_set_uc_mode function
in Xen 3.3 through 4.3, when disabling chaches, allows
local HVM guests with access to memory mapped I/O regions
to cause a denial of service (CPU consumption and possibly
hypervisor or guest kernel panic) via a crafted GFN range.
(bnc#831120)
Also the following non-security bugs have been fixed:
* Boot Failure with xen kernel in UEFI mode with error
"No memory for trampoline" (bnc#833483)
* Fixed Xen hypervisor panic on 8-blades nPar with
46-bit memory addressing. (bnc#848014)
* In HP's UEFI x86_64 platform and sles11sp3 with xen
environment, dom0 will soft lockup on multiple blades nPar.
(bnc#842417)
* Soft lockup with PCI passthrough and many VCPUs
(bnc#846849)
Security Issue references:
* CVE-2013-2212
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2212
>
* CVE-2013-4553
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4553
>
* CVE-2013-4554
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4554
>
* CVE-2013-6885
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6885
>
* CVE-2014-1666
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1666
>
* CVE-2014-1891
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1891
>
* CVE-2014-1892
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1892
>
* CVE-2014-1893
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1893
>
* CVE-2014-1894
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1894
>
* CVE-2014-1950
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1950
>
Indications:
Everyone using the Xen hypervisor should update.
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Server 11 SP2 LTSS:
zypper in -t patch slessp2-xen-201402-8964
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Server 11 SP2 LTSS (i586 x86_64):
xen-devel-4.1.6_06-0.5.1
xen-kmp-default-4.1.6_06_3.0.101_0.7.17-0.5.1
xen-kmp-trace-4.1.6_06_3.0.101_0.7.17-0.5.1
xen-libs-4.1.6_06-0.5.1
xen-tools-domU-4.1.6_06-0.5.1
- SUSE Linux Enterprise Server 11 SP2 LTSS (x86_64):
xen-4.1.6_06-0.5.1
xen-doc-html-4.1.6_06-0.5.1
xen-doc-pdf-4.1.6_06-0.5.1
xen-libs-32bit-4.1.6_06-0.5.1
xen-tools-4.1.6_06-0.5.1
- SUSE Linux Enterprise Server 11 SP2 LTSS (i586):
xen-kmp-pae-4.1.6_06_3.0.101_0.7.17-0.5.1
References:
http://support.novell.com/security/cve/CVE-2013-2212.htmlhttp://support.novell.com/security/cve/CVE-2013-4553.htmlhttp://support.novell.com/security/cve/CVE-2013-4554.htmlhttp://support.novell.com/security/cve/CVE-2013-6885.htmlhttp://support.novell.com/security/cve/CVE-2014-1666.htmlhttp://support.novell.com/security/cve/CVE-2014-1891.htmlhttp://support.novell.com/security/cve/CVE-2014-1892.htmlhttp://support.novell.com/security/cve/CVE-2014-1893.htmlhttp://support.novell.com/security/cve/CVE-2014-1894.htmlhttp://support.novell.com/security/cve/CVE-2014-1950.htmlhttps://bugzilla.novell.com/831120https://bugzilla.novell.com/833483https://bugzilla.novell.com/842417https://bugzilla.novell.com/846849https://bugzilla.novell.com/848014https://bugzilla.novell.com/849667https://bugzilla.novell.com/849668https://bugzilla.novell.com/853049https://bugzilla.novell.com/860163https://bugzilla.novell.com/860302https://bugzilla.novell.com/861256http://download.suse.com/patch/finder/?keywords=39ca3113e56362a1b6ff0a74f08…
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
openSUSE Security Update: gnutls
______________________________________________________________________________
Announcement ID: openSUSE-SU-2014:0346-1
Rating: critical
References: #865804
Cross-References: CVE-2013-1619 CVE-2014-0092
Affected Products:
openSUSE 11.4
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
The gnutls library was updated to fix SSL certificate
validation. Remote man-in-the-middle attackers were able to
make the verification believe that a SSL certificate is
valid even though it was not. Also the TLS-CBC timing
attack vulnerability was fixed.
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 11.4:
zypper in -t patch 2014-26
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 11.4 (i586 x86_64):
gnutls-2.8.6-5.25.1
gnutls-debuginfo-2.8.6-5.25.1
gnutls-debugsource-2.8.6-5.25.1
libgnutls-devel-2.8.6-5.25.1
libgnutls-extra-devel-2.8.6-5.25.1
libgnutls-extra26-2.8.6-5.25.1
libgnutls-extra26-debuginfo-2.8.6-5.25.1
libgnutls26-2.8.6-5.25.1
libgnutls26-debuginfo-2.8.6-5.25.1
- openSUSE 11.4 (x86_64):
libgnutls26-32bit-2.8.6-5.25.1
libgnutls26-debuginfo-32bit-2.8.6-5.25.1
- openSUSE 11.4 (ia64):
libgnutls26-debuginfo-x86-2.8.6-5.25.1
libgnutls26-x86-2.8.6-5.25.1
References:
http://support.novell.com/security/cve/CVE-2013-1619.htmlhttp://support.novell.com/security/cve/CVE-2014-0092.htmlhttps://bugzilla.novell.com/865804
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
openSUSE Security Update: percona-toolkit,xtrabackup: disable remote version check
______________________________________________________________________________
Announcement ID: openSUSE-SU-2014:0333-1
Rating: important
References: #864194
Cross-References: CVE-2014-2029
Affected Products:
openSUSE 13.1
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
percona-toolkit and xtrabackup were updated:
- disable automatic version check for all tools
[bnc#864194] Prevents transmission of version information
to an external host in the default configuration.
CVE-2014-2029 Can be used by owner of a Percona Server
(or an attacker who can control this destination for the
client) to collect arbitrary MySQL configuration
parameters and execute commands (with -v). Now the
version check needs to be requested via command line or
global/tool specific/user configuration. (--version-check)
- added /etc/percona-toolkit/percona-toolkit.conf
configuration directory and template configuration file
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 13.1:
zypper in -t patch openSUSE-2014-184
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 13.1 (i586 x86_64):
xtrabackup-2.1.7-13.2
xtrabackup-debuginfo-2.1.7-13.2
xtrabackup-debugsource-2.1.7-13.2
- openSUSE 13.1 (noarch):
percona-toolkit-2.2.7-2.10.1
References:
http://support.novell.com/security/cve/CVE-2014-2029.htmlhttps://bugzilla.novell.com/864194
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
openSUSE Security Update: gnutls: fixed SSL certificate validation
______________________________________________________________________________
Announcement ID: openSUSE-SU-2014:0328-1
Rating: critical
References: #865804
Cross-References: CVE-2014-0092
Affected Products:
openSUSE 12.3
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
The gnutls library was updated to fix SSL certificate
validation. Remote man-in-the-middle attackers were able to
make the verification believe that a SSL certificate is
valid even though it was not.
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 12.3:
zypper in -t patch openSUSE-2014-183
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 12.3 (i586 x86_64):
gnutls-3.0.28-1.4.1
gnutls-debuginfo-3.0.28-1.4.1
gnutls-debugsource-3.0.28-1.4.1
libgnutls-devel-3.0.28-1.4.1
libgnutls-openssl-devel-3.0.28-1.4.1
libgnutls-openssl27-3.0.28-1.4.1
libgnutls-openssl27-debuginfo-3.0.28-1.4.1
libgnutls28-3.0.28-1.4.1
libgnutls28-debuginfo-3.0.28-1.4.1
libgnutlsxx-devel-3.0.28-1.4.1
libgnutlsxx28-3.0.28-1.4.1
libgnutlsxx28-debuginfo-3.0.28-1.4.1
- openSUSE 12.3 (x86_64):
libgnutls-devel-32bit-3.0.28-1.4.1
libgnutls28-32bit-3.0.28-1.4.1
libgnutls28-debuginfo-32bit-3.0.28-1.4.1
References:
http://support.novell.com/security/cve/CVE-2014-0092.htmlhttps://bugzilla.novell.com/865804
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org