Mailinglist Archive: opensuse-updates (74 mails)

< Previous Next >
openSUSE-SU-2013:1404-1: moderate: xen: security and bugfix update to 4.2.2
openSUSE Security Update: xen: security and bugfix update to 4.2.2
______________________________________________________________________________

Announcement ID: openSUSE-SU-2013:1404-1
Rating: moderate
References: #797285 #797523 #801663 #802221 #808085 #808269
#809662 #813673 #813675 #814059 #814709 #816159
#816163 #817068 #817210 #817799 #817904 #818183
#819416 #820917 #820919 #820920 #823011 #823608
#824676 #826882
Cross-References: CVE-2012-6075 CVE-2013-0151 CVE-2013-1432
CVE-2013-1917 CVE-2013-1918 CVE-2013-1919
CVE-2013-1922 CVE-2013-1952 CVE-2013-2007
CVE-2013-2072 CVE-2013-2076 CVE-2013-2077
CVE-2013-2078
Affected Products:
openSUSE 12.3
______________________________________________________________________________

An update that solves 13 vulnerabilities and has 13 fixes
is now available.

Description:


XEN was updated to 4.2.2, fixing lots of bugs and several
security issues.

Various upstream patches were also merged into this version
by our developers.

Detailed buglist:
- bnc#824676 - Failed to setup devices for vm instance when
start multiple vms simultaneously

- bnc#817799 - sles9sp4 guest fails to start after
upgrading to sles11 sp3

- bnc#826882 - xen: CVE-2013-1432: XSA-58: Page reference
counting error due to XSA-45/CVE-2013-1918 fixes

- Add upstream patch to fix devid assignment in libxl
27184-libxl-devid-fix.patch

- bnc#823608 - xen: XSA-57: libxl allows guest write access
to sensitive console related xenstore keys
27178-libxl-Restrict-permissions-on-PV-console-device-xensto
re-nodes.patch
- bnc#823011 - xen: XSA-55: Multiple vulnerabilities in
libelf PV kernel handling

- bnc#808269 - Fully Virtualized Windows VM install is
failed on Ivy Bridge platforms with Xen kernel

- bnc#801663 - performance of mirror lvm unsuitable for
production block-dmmd

- bnc#817904 - [SLES11SP3 BCS Bug] Crashkernel fails to
boot after panic on XEN kernel SP3 Beta 4 and RC1

- Upstream AMD Erratum patch from Jan

- bnc#813675 - - xen: CVE-2013-1919: XSA-46: Several access
permission issues with IRQs for unprivileged guests

- bnc#820917 - CVE-2013-2076: xen: Information leak on
XSAVE/XRSTOR capable AMD CPUs (XSA-52)
- bnc#820919 - CVE-2013-2077: xen: Hypervisor crash due to
missing exception recovery on XRSTOR (XSA-53)
- bnc#820920 - CVE-2013-2078: xen: Hypervisor crash due to
missing exception recovery on XSETBV (XSA-54)
- bnc#808085 - aacraid driver panics mapping INT A when
booting kernel-xen
- bnc#817210 - openSUSE 12.3 Domain 0 doesn't boot with
i915 graphics controller under Xen with VT-d enabled

- bnc#819416 - xen: CVE-2013-2072: XSA-56: Buffer overflow
in xencontrol Python bindings affecting xend

- bnc#818183 - xen: CVE-2013-2007: XSA-51: qga set umask
0077 when daemonizing

- add lndir to BuildRequires

- remove
xen.migrate.tools_notify_restore_to_hangup_during_migration_
--abort_if_busy.patch It changed migration protocol and
upstream wants a different solution

- bnc#802221 - fix xenpaging readd
xenpaging.qemu.flush-cache.patch

- bnc#808269 - Fully Virtualized Windows VM install is
failed on Ivy Bridge platforms with Xen kernel

- Additional fix for bnc#816159
CVE-2013-1918-xsa45-followup.patch

- bnc#817068 - Xen guest with >1 sr-iov vf won't start

- Update to Xen 4.2.2 c/s 26064 The following recent
security patches are included in the tarball
CVE-2013-0151-xsa34.patch (bnc#797285)
CVE-2012-6075-xsa41.patch (bnc#797523)
CVE-2013-1917-xsa44.patch (bnc#813673)
CVE-2013-1919-xsa46.patch (bnc#813675)

- bnc#816159 - xen: CVE-2013-1918: XSA-45: Several long
latency operations are not preemptible

- bnc#816163 - xen: CVE-2013-1952: XSA-49: VT-d interrupt
remapping source validation flaw for bridges

- bnc#809662 - can't use pv-grub to start domU (pygrub does
work) xen.spec

- bnc#814709 - Unable to create XEN virtual machines in
SLED 11 SP2 on Kyoto

- bnc#813673 - CVE-2013-1917: xen: Xen PV DoS vulnerability
with SYSENTER
- bnc#813675 - CVE-2013-1919: xen: Several access
permission issues with IRQs for unprivileged guests
- bnc#814059 - xen: qemu-nbd format-guessing due to missing
format specification


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 12.3:

zypper in -t patch openSUSE-2013-677

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 12.3 (i586 x86_64):

xen-debugsource-4.2.2_06-1.16.1
xen-devel-4.2.2_06-1.16.1
xen-kmp-default-4.2.2_06_k3.7.10_1.16-1.16.1
xen-kmp-default-debuginfo-4.2.2_06_k3.7.10_1.16-1.16.1
xen-kmp-desktop-4.2.2_06_k3.7.10_1.16-1.16.1
xen-kmp-desktop-debuginfo-4.2.2_06_k3.7.10_1.16-1.16.1
xen-libs-4.2.2_06-1.16.1
xen-libs-debuginfo-4.2.2_06-1.16.1
xen-tools-domU-4.2.2_06-1.16.1
xen-tools-domU-debuginfo-4.2.2_06-1.16.1

- openSUSE 12.3 (x86_64):

xen-4.2.2_06-1.16.1
xen-doc-html-4.2.2_06-1.16.1
xen-doc-pdf-4.2.2_06-1.16.1
xen-libs-32bit-4.2.2_06-1.16.1
xen-libs-debuginfo-32bit-4.2.2_06-1.16.1
xen-tools-4.2.2_06-1.16.1
xen-tools-debuginfo-4.2.2_06-1.16.1

- openSUSE 12.3 (i586):

xen-kmp-pae-4.2.2_06_k3.7.10_1.16-1.16.1
xen-kmp-pae-debuginfo-4.2.2_06_k3.7.10_1.16-1.16.1


References:

http://support.novell.com/security/cve/CVE-2012-6075.html
http://support.novell.com/security/cve/CVE-2013-0151.html
http://support.novell.com/security/cve/CVE-2013-1432.html
http://support.novell.com/security/cve/CVE-2013-1917.html
http://support.novell.com/security/cve/CVE-2013-1918.html
http://support.novell.com/security/cve/CVE-2013-1919.html
http://support.novell.com/security/cve/CVE-2013-1922.html
http://support.novell.com/security/cve/CVE-2013-1952.html
http://support.novell.com/security/cve/CVE-2013-2007.html
http://support.novell.com/security/cve/CVE-2013-2072.html
http://support.novell.com/security/cve/CVE-2013-2076.html
http://support.novell.com/security/cve/CVE-2013-2077.html
http://support.novell.com/security/cve/CVE-2013-2078.html
https://bugzilla.novell.com/797285
https://bugzilla.novell.com/797523
https://bugzilla.novell.com/801663
https://bugzilla.novell.com/802221
https://bugzilla.novell.com/808085
https://bugzilla.novell.com/808269
https://bugzilla.novell.com/809662
https://bugzilla.novell.com/813673
https://bugzilla.novell.com/813675
https://bugzilla.novell.com/814059
https://bugzilla.novell.com/814709
https://bugzilla.novell.com/816159
https://bugzilla.novell.com/816163
https://bugzilla.novell.com/817068
https://bugzilla.novell.com/817210
https://bugzilla.novell.com/817799
https://bugzilla.novell.com/817904
https://bugzilla.novell.com/818183
https://bugzilla.novell.com/819416
https://bugzilla.novell.com/820917
https://bugzilla.novell.com/820919
https://bugzilla.novell.com/820920
https://bugzilla.novell.com/823011
https://bugzilla.novell.com/823608
https://bugzilla.novell.com/824676
https://bugzilla.novell.com/826882


< Previous Next >
This Thread
  • No further messages