Security update for xen

SUSE Security Update: Security update for xen
Announcement ID: SUSE-SU-2014:1732-1
Rating: moderate
References: #826717 #880751 #895798 #895799 #895802 #903967 #903970 #905467 #906439
Affected Products:
  • SUSE Linux Enterprise Server 11 SP1 LTSS
    		•

    An update that fixes 9 vulnerabilities is now available.

    Description:


    xen was updated to fix 10 security issues:

    * Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling
    (CVE-2014-9030).
    * Insufficient bounding of "REP MOVS" to MMIO emulated inside the
    hypervisor (CVE-2014-8867).
    * Missing privilege level checks in x86 emulation of far branches
    (CVE-2014-8595).
    * Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW
    emulation (CVE-2014-7155).
    * Hypervisor heap contents leaked to guests (CVE-2014-4021).
    * Missing privilege level checks in x86 emulation of far branches
    (CVE-2014-8595).
    * Insufficient restrictions on certain MMU update hypercalls
    (CVE-2014-8594).
    * Intel VT-d Interrupt Remapping engines can be evaded by native NMI
    interrupts (CVE-2013-3495).
    * Missing privilege level checks in x86 emulation of software
    interrupts (CVE-2014-7156).
    * Race condition in HVMOP_track_dirty_vram (CVE-2014-7154).

    Security Issues:

    * CVE-2014-9030

    * CVE-2014-8867

    * CVE-2014-8595

    * CVE-2014-7155

    * CVE-2014-4021

    * CVE-2014-8595

    * CVE-2014-8594

    * CVE-2013-3495

    * CVE-2014-7156

    * CVE-2014-7154

    Special Instructions and Notes:

    Please reboot the system after installing this update.

    Patch Instructions:

    To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product:

    • SUSE Linux Enterprise Server 11 SP1 LTSS:
      zypper in -t patch slessp1-xen-10080

    To bring your system up-to-date, use "zypper patch".

    Package List:

    • SUSE Linux Enterprise Server 11 SP1 LTSS (i586 x86_64):
      • xen-4.0.3_21548_18-0.9.1
      • xen-doc-html-4.0.3_21548_18-0.9.1
      • xen-doc-pdf-4.0.3_21548_18-0.9.1
      • xen-kmp-default-4.0.3_21548_18_2.6.32.59_0.15-0.9.1
      • xen-kmp-trace-4.0.3_21548_18_2.6.32.59_0.15-0.9.1
      • xen-libs-4.0.3_21548_18-0.9.1
      • xen-tools-4.0.3_21548_18-0.9.1
      • xen-tools-domU-4.0.3_21548_18-0.9.1
    • SUSE Linux Enterprise Server 11 SP1 LTSS (i586):
      • xen-kmp-pae-4.0.3_21548_18_2.6.32.59_0.15-0.9.1

    References:

    • http://support.novell.com/security/cve/CVE-2013-3495.html
    • http://support.novell.com/security/cve/CVE-2014-4021.html
    • http://support.novell.com/security/cve/CVE-2014-7154.html
    • http://support.novell.com/security/cve/CVE-2014-7155.html
    • http://support.novell.com/security/cve/CVE-2014-7156.html
    • http://support.novell.com/security/cve/CVE-2014-8594.html
    • http://support.novell.com/security/cve/CVE-2014-8595.html
    • http://support.novell.com/security/cve/CVE-2014-8867.html
    • http://support.novell.com/security/cve/CVE-2014-9030.html
    • https://bugzilla.suse.com/show_bug.cgi?id=826717
    • https://bugzilla.suse.com/show_bug.cgi?id=880751
    • https://bugzilla.suse.com/show_bug.cgi?id=895798
    • https://bugzilla.suse.com/show_bug.cgi?id=895799
    • https://bugzilla.suse.com/show_bug.cgi?id=895802
    • https://bugzilla.suse.com/show_bug.cgi?id=903967
    • https://bugzilla.suse.com/show_bug.cgi?id=903970
    • https://bugzilla.suse.com/show_bug.cgi?id=905467
    • https://bugzilla.suse.com/show_bug.cgi?id=906439
    • http://download.suse.com/patch/finder/?keywords=39575907259e980068f0caf772c05144