Mailinglist Archive: opensuse-updates (58 mails)

< Previous Next >
openSUSE-SU-2013:1392-1: moderate: xen: security and bugfix update to 4.1.5
openSUSE Security Update: xen: security and bugfix update to 4.1.5
______________________________________________________________________________

Announcement ID: openSUSE-SU-2013:1392-1
Rating: moderate
References: #801663 #803712 #809662 #813673 #813675 #813677
#814709 #816156 #816159 #816163 #819416 #820917
#820919 #820920 #823011 #823608 #823786 #824676
#826882
Cross-References: CVE-2013-1432 CVE-2013-1917 CVE-2013-1918
CVE-2013-1919 CVE-2013-1920 CVE-2013-1952
CVE-2013-1964 CVE-2013-2072 CVE-2013-2076
CVE-2013-2077 CVE-2013-2078 CVE-2013-2211

Affected Products:
openSUSE 12.2
______________________________________________________________________________

An update that solves 12 vulnerabilities and has 7 fixes is
now available.

Description:


XEN was updated to 4.1.5 release. It fixes various bugs and
security issues.

Issues fixed seperately from the 4.1.5 release:

- bnc#824676 - Failed to setup devices for vm instance when
start multiple vms simultaneously

- bnc#XXXXXX - xen: CVE-2013-XXXX: XSA-61: suppress device
assignment to HVM guest when there is no IOMMU

- Various upstream patches from Jan were integrated.

- bnc#823786 - migrate.py support of short options dropped
by PTF
- bnc#803712 - after live migration rcu_sched_state
detected stalls add new option xm migrate --min_remaing
<num>

- CVE-2013-1432 / bnc#826882 - xen: XSA-58: x86: fix page
refcount handling in page table pin error path
- CVE-2013-2211 / bnc#823608 - xen: XSA-57: libxl allows
guest write access to sensitive console related xenstore
keys
- bnc#823011 - xen: XSA-55: Multiple vulnerabilities in
libelf PV kernel handling

- bnc#801663 - performance of mirror lvm unsuitable for
production

- CVE-2013-1918/ bnc#816159 - xen: CVE-2013-1918: XSA-45:
Several long latency operations are not preemptible
- CVE-2013-1952 / bnc#816163 - xen: CVE-2013-1952: XSA-49:
VT-d interrupt remapping source validation flaw for
bridges

- CVE-2013-2076 / bnc#820917 - CVE-2013-2076: xen:
Information leak on XSAVE/XRSTOR capable AMD CPUs (XSA-52)
- CVE-2013-2077 / bnc#820919 - CVE-2013-2077: xen:
Hypervisor crash due to missing exception recovery on
XRSTOR (XSA-53)
- CVE-2013-2078 / bnc#820920 - CVE-2013-2078: xen:
Hypervisor crash due to missing exception recovery on
XSETBV (XSA-54)

- CVE-2013-2072 / bnc#819416 - xen: CVE-2013-2072: XSA-56:
Buffer overflow in xencontrol Python bindings affecting
xend

- Update to Xen 4.1.5 c/s 23509 There were many xen.spec
file patches dropped as now being included in the 4.1.5
tarball.

- CVE-2013-1918 / bnc#816159 - xen: XSA-45: Several long
latency operations are not preemptible
- CVE-2013-1952 / bnc#816163 - xen: XSA-49: VT-d interrupt
remapping source validation flaw for bridges

- bnc#809662 - can't use pv-grub to start domU (pygrub does
work)

- CVE-2013-1917 / bnc#813673 - xen: Xen PV DoS
vulnerability with SYSENTER
- CVE-2013-1919 / bnc#813675 - xen: Several access
permission issues with IRQs for unprivileged guests
- CVE-2013-1920 / bnc#813677 - xen: Potential use of freed
memory in event channel operations

- bnc#814709 - Unable to create XEN virtual machines in
SLED 11 SP2 on Kyoto


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 12.2:

zypper in -t patch openSUSE-2013-669

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 12.2 (i586 x86_64):

xen-debugsource-4.1.5_04-5.29.1
xen-devel-4.1.5_04-5.29.1
xen-kmp-default-4.1.5_04_k3.4.47_2.38-5.29.1
xen-kmp-default-debuginfo-4.1.5_04_k3.4.47_2.38-5.29.1
xen-kmp-desktop-4.1.5_04_k3.4.47_2.38-5.29.1
xen-kmp-desktop-debuginfo-4.1.5_04_k3.4.47_2.38-5.29.1
xen-libs-4.1.5_04-5.29.1
xen-libs-debuginfo-4.1.5_04-5.29.1
xen-tools-domU-4.1.5_04-5.29.1
xen-tools-domU-debuginfo-4.1.5_04-5.29.1

- openSUSE 12.2 (x86_64):

xen-4.1.5_04-5.29.1
xen-doc-html-4.1.5_04-5.29.1
xen-doc-pdf-4.1.5_04-5.29.1
xen-libs-32bit-4.1.5_04-5.29.1
xen-libs-debuginfo-32bit-4.1.5_04-5.29.1
xen-tools-4.1.5_04-5.29.1
xen-tools-debuginfo-4.1.5_04-5.29.1

- openSUSE 12.2 (i586):

xen-kmp-pae-4.1.5_04_k3.4.47_2.38-5.29.1
xen-kmp-pae-debuginfo-4.1.5_04_k3.4.47_2.38-5.29.1


References:

http://support.novell.com/security/cve/CVE-2013-1432.html
http://support.novell.com/security/cve/CVE-2013-1917.html
http://support.novell.com/security/cve/CVE-2013-1918.html
http://support.novell.com/security/cve/CVE-2013-1919.html
http://support.novell.com/security/cve/CVE-2013-1920.html
http://support.novell.com/security/cve/CVE-2013-1952.html
http://support.novell.com/security/cve/CVE-2013-1964.html
http://support.novell.com/security/cve/CVE-2013-2072.html
http://support.novell.com/security/cve/CVE-2013-2076.html
http://support.novell.com/security/cve/CVE-2013-2077.html
http://support.novell.com/security/cve/CVE-2013-2078.html
http://support.novell.com/security/cve/CVE-2013-2211.html
https://bugzilla.novell.com/801663
https://bugzilla.novell.com/803712
https://bugzilla.novell.com/809662
https://bugzilla.novell.com/813673
https://bugzilla.novell.com/813675
https://bugzilla.novell.com/813677
https://bugzilla.novell.com/814709
https://bugzilla.novell.com/816156
https://bugzilla.novell.com/816159
https://bugzilla.novell.com/816163
https://bugzilla.novell.com/819416
https://bugzilla.novell.com/820917
https://bugzilla.novell.com/820919
https://bugzilla.novell.com/820920
https://bugzilla.novell.com/823011
https://bugzilla.novell.com/823608
https://bugzilla.novell.com/823786
https://bugzilla.novell.com/824676
https://bugzilla.novell.com/826882


< Previous Next >
This Thread
  • No further messages