SUSE Security Update: Security update for Xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2011:0925-1 Rating: important References: #704380 Cross-References: CVE-2011-1936 Affected Products: SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Desktop 10 SP4 SLE SDK 10 SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: A security bug was fixed in Xen * CVE-2011-1936 A bug was found in the way Xen handles CPUID instruction emulation during VM exits. An unprivileged guest user can potentially use this flaw to crash the guest. This issue only affected systems running on x86 architecture with Intel processor and VMX virtualization extension enabled. Security Issue references: * CVE-2011-1898 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1898
* CVE-2011-1936 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1936
Indications: Please install this update. Package List: - SUSE Linux Enterprise Server 10 SP4 (i586 x86_64): xen-3.2.3_17040_37-0.7.1 xen-devel-3.2.3_17040_37-0.7.1 xen-doc-html-3.2.3_17040_37-0.7.1 xen-doc-pdf-3.2.3_17040_37-0.7.1 xen-doc-ps-3.2.3_17040_37-0.7.1 xen-kmp-debug-3.2.3_17040_37_2.6.16.60_0.87.9-0.7.1 xen-kmp-default-3.2.3_17040_37_2.6.16.60_0.87.9-0.7.1 xen-kmp-kdump-3.2.3_17040_37_2.6.16.60_0.87.9-0.7.1 xen-kmp-smp-3.2.3_17040_37_2.6.16.60_0.87.9-0.7.1 xen-libs-3.2.3_17040_37-0.7.1 xen-tools-3.2.3_17040_37-0.7.1 xen-tools-domU-3.2.3_17040_37-0.7.1 xen-tools-ioemu-3.2.3_17040_37-0.7.1 - SUSE Linux Enterprise Server 10 SP4 (x86_64): xen-libs-32bit-3.2.3_17040_37-0.7.1 - SUSE Linux Enterprise Server 10 SP4 (i586): xen-kmp-bigsmp-3.2.3_17040_37_2.6.16.60_0.87.9-0.7.1 xen-kmp-kdumppae-3.2.3_17040_37_2.6.16.60_0.87.9-0.7.1 xen-kmp-vmi-3.2.3_17040_37_2.6.16.60_0.87.9-0.7.1 xen-kmp-vmipae-3.2.3_17040_37_2.6.16.60_0.87.9-0.7.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64): xen-3.2.3_17040_37-0.7.1 xen-devel-3.2.3_17040_37-0.7.1 xen-doc-html-3.2.3_17040_37-0.7.1 xen-doc-pdf-3.2.3_17040_37-0.7.1 xen-doc-ps-3.2.3_17040_37-0.7.1 xen-kmp-default-3.2.3_17040_37_2.6.16.60_0.87.9-0.7.1 xen-kmp-smp-3.2.3_17040_37_2.6.16.60_0.87.9-0.7.1 xen-libs-3.2.3_17040_37-0.7.1 xen-tools-3.2.3_17040_37-0.7.1 xen-tools-domU-3.2.3_17040_37-0.7.1 xen-tools-ioemu-3.2.3_17040_37-0.7.1 - SUSE Linux Enterprise Desktop 10 SP4 (x86_64): xen-libs-32bit-3.2.3_17040_37-0.7.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586): xen-kmp-bigsmp-3.2.3_17040_37_2.6.16.60_0.87.9-0.7.1 - SLE SDK 10 SP4 (i586 x86_64): xen-3.2.3_17040_37-0.7.1 xen-devel-3.2.3_17040_37-0.7.1 xen-kmp-debug-3.2.3_17040_37_2.6.16.60_0.87.9-0.7.1 xen-kmp-kdump-3.2.3_17040_37_2.6.16.60_0.87.9-0.7.1 xen-libs-3.2.3_17040_37-0.7.1 xen-tools-3.2.3_17040_37-0.7.1 xen-tools-ioemu-3.2.3_17040_37-0.7.1 - SLE SDK 10 SP4 (x86_64): xen-libs-32bit-3.2.3_17040_37-0.7.1 References: http://support.novell.com/security/cve/CVE-2011-1936.html https://bugzilla.novell.com/704380 http://download.novell.com/patch/finder/?keywords=ca3da7c0b116523580ed11bcec... -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security-announce+help@opensuse.org