SUSE Security Update: Security update for Xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2011:1057-1 Rating: important References: #654798 #659070 #679344 #684297 #704380 #712038 Cross-References: CVE-2011-1166 CVE-2011-1936 CVE-2011-2901 Affected Products: SUSE Linux Enterprise Server 10 SP3 SLE SDK 10 SP3 ______________________________________________________________________________ An update that solves three vulnerabilities and has three fixes is now available. Description: This update fixes various bugs in XEN: The following security issues have been fixed: * A denial of service (Host Crash) in the XEN hypervisor. (CVE-2011-2901) * A bug was found in the way Xen handles CPUID instruction emulation during VM exits. An unprivileged guest user can potentially use this flaw to crash the guest. (CVE-2011-1936) * A 64-bit guest can get one of its vcpus into non-kernel mode without first providing a valid non-kernel pagetable. The observed failure mode was usually a hard lockup of the host (host denial of service). (CVE-2011-1166) It fixes also the following bugs: * bnc#654798 - SLES 10 SP3 XEN: Device /dev/xvdp is already connected error when starting multiple vm's * bnc#684297 - HVM taking too long to dump vmcore Security Issue references: * CVE-2011-2901 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2901

* CVE-2011-1166 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1166

* CVE-2011-1936 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1936

Indications: Please install this update. Package List: - SUSE Linux Enterprise Server 10 SP3 (i586 x86_64): xen-3.2.3_17040_26-0.6.2.1 xen-devel-3.2.3_17040_26-0.6.2.1 xen-doc-html-3.2.3_17040_26-0.6.2.1 xen-doc-pdf-3.2.3_17040_26-0.6.2.1 xen-doc-ps-3.2.3_17040_26-0.6.2.1 xen-kmp-debug-3.2.3_17040_26_2.6.16.60_0.81.11-0.6.2.1 xen-kmp-default-3.2.3_17040_26_2.6.16.60_0.81.11-0.6.2.1 xen-kmp-kdump-3.2.3_17040_26_2.6.16.60_0.81.11-0.6.2.1 xen-kmp-smp-3.2.3_17040_26_2.6.16.60_0.81.11-0.6.2.1 xen-libs-3.2.3_17040_26-0.6.2.1 xen-tools-3.2.3_17040_26-0.6.2.1 xen-tools-domU-3.2.3_17040_26-0.6.2.1 xen-tools-ioemu-3.2.3_17040_26-0.6.2.1 - SUSE Linux Enterprise Server 10 SP3 (x86_64): xen-libs-32bit-3.2.3_17040_26-0.6.2.1 - SUSE Linux Enterprise Server 10 SP3 (i586): xen-kmp-bigsmp-3.2.3_17040_26_2.6.16.60_0.81.11-0.6.2.1 xen-kmp-kdumppae-3.2.3_17040_26_2.6.16.60_0.81.11-0.6.2.1 xen-kmp-vmi-3.2.3_17040_26_2.6.16.60_0.81.11-0.6.2.1 xen-kmp-vmipae-3.2.3_17040_26_2.6.16.60_0.81.11-0.6.2.1 - SLE SDK 10 SP3 (i586 x86_64): xen-3.2.3_17040_26-0.6.2.1 xen-devel-3.2.3_17040_26-0.6.2.1 xen-kmp-debug-3.2.3_17040_26_2.6.16.60_0.81.11-0.6.2.1 xen-kmp-kdump-3.2.3_17040_26_2.6.16.60_0.81.11-0.6.2.1 xen-libs-3.2.3_17040_26-0.6.2.1 xen-tools-3.2.3_17040_26-0.6.2.1 xen-tools-ioemu-3.2.3_17040_26-0.6.2.1 - SLE SDK 10 SP3 (x86_64): xen-libs-32bit-3.2.3_17040_26-0.6.2.1 References: http://support.novell.com/security/cve/CVE-2011-1166.html http://support.novell.com/security/cve/CVE-2011-1936.html http://support.novell.com/security/cve/CVE-2011-2901.html https://bugzilla.novell.com/654798 https://bugzilla.novell.com/659070 https://bugzilla.novell.com/679344 https://bugzilla.novell.com/684297 https://bugzilla.novell.com/704380 https://bugzilla.novell.com/712038 http://download.novell.com/patch/finder/?keywords=8cb29b577c0a831bd5c0067789... -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security-announce+help@opensuse.org