Security update for Xen

SUSE Security Update: Security update for Xen
Announcement ID: SUSE-SU-2012:1487-1
Rating: important
References: #651093 #713555 #784087 #786516 #786517
Affected Products:
  • SUSE Linux Enterprise Server 10 SP4
  • SUSE Linux Enterprise Desktop 10 SP4
  • SLE SDK 10 SP4

  • An update that fixes 8 vulnerabilities is now available.

    Description:


    XEN received various security and bugfixes:

    * CVE-2012-4535: xen: Timer overflow DoS vulnerability
    (XSA-20)
    * CVE-2012-4537: xen: Memory mapping failure DoS
    vulnerability (XSA-22)

    The following additional bugs have beenfixed:

    * bnc#784087 - L3: Xen BUG at io_apic.c:129
    26102-x86-IOAPIC-legacy-not-first.patch
    * Upstream patches from Jan
    25927-x86-domctl-ioport-mapping-range.patch
    25931-x86-domctl-iomem-mapping-checks.patch
    26061-x86-oprof-counter-range.patch
    25431-x86-EDD-MBR-sig-check.patch
    25480-x86_64-sysret-canonical.patch
    25481-x86_64-AMD-erratum-121.patch
    25485-x86_64-canonical-checks.patch
    25587-param-parse-limit.patch
    25589-pygrub-size-limits.patch
    25744-hypercall-return-long.patch
    25765-x86_64-allow-unsafe-adjust.patch
    25773-x86-honor-no-real-mode.patch
    25786-x86-prefer-multiboot-meminfo-over-e801.patch
    25808-domain_create-return-value.patch
    25814-x86_64-set-debugreg-guest.patch
    24742-gnttab-misc.patch 25098-x86-emul-lock-UD.patch
    25200-x86_64-trap-bounce-flags.patch
    25271-x86_64-IST-index.patch
    *

    bnc#651093 - win2k8 guests are unable to restore
    after saving the vms state ept-novell-x64.patch
    23800-x86_64-guest-addr-range.patch
    24168-x86-vioapic-clear-remote_irr.patch
    24453-x86-vIRQ-IRR-TMR-race.patch 24456-x86-emul-lea.patch

    *

    bnc#713555 - Unable to install RHEL 6.1 x86 as a
    paravirtualized guest OS on SLES 10 SP4 x86
    vm-install-0.2.19.tar.bz2

    Security Issue references:

    * CVE-2012-4539
    >
    * CVE-2012-3497
    >
    * CVE-2012-4411
    >
    * CVE-2012-4535
    >
    * CVE-2012-4537
    >
    * CVE-2012-4536
    >
    * CVE-2012-4538
    >
    * CVE-2012-4539
    >
    * CVE-2012-4544
    >

    Package List:

    • SUSE Linux Enterprise Server 10 SP4 (x86_64):
    • xen-3.2.3_17040_42-0.7.2
    • xen-devel-3.2.3_17040_42-0.7.2
    • xen-doc-html-3.2.3_17040_42-0.7.2
    • xen-doc-pdf-3.2.3_17040_42-0.7.2
    • xen-doc-ps-3.2.3_17040_42-0.7.2
    • xen-kmp-debug-3.2.3_17040_42_2.6.16.60_0.99.11-0.7.2
    • xen-kmp-default-3.2.3_17040_42_2.6.16.60_0.99.11-0.7.2
    • xen-kmp-kdump-3.2.3_17040_42_2.6.16.60_0.99.11-0.7.2
    • xen-kmp-smp-3.2.3_17040_42_2.6.16.60_0.99.11-0.7.2
    • xen-libs-3.2.3_17040_42-0.7.2
    • xen-libs-32bit-3.2.3_17040_42-0.7.1
    • xen-tools-3.2.3_17040_42-0.7.2
    • xen-tools-domU-3.2.3_17040_42-0.7.2
    • xen-tools-ioemu-3.2.3_17040_42-0.7.2
    • SUSE Linux Enterprise Server 10 SP4 (i586):
    • xen-3.2.3_17040_42-0.7.1
    • xen-devel-3.2.3_17040_42-0.7.1
    • xen-doc-html-3.2.3_17040_42-0.7.1
    • xen-doc-pdf-3.2.3_17040_42-0.7.1
    • xen-doc-ps-3.2.3_17040_42-0.7.1
    • xen-kmp-bigsmp-3.2.3_17040_42_2.6.16.60_0.99.8-0.7.1
    • xen-kmp-debug-3.2.3_17040_42_2.6.16.60_0.99.8-0.7.1
    • xen-kmp-default-3.2.3_17040_42_2.6.16.60_0.99.8-0.7.1
    • xen-kmp-kdump-3.2.3_17040_42_2.6.16.60_0.99.8-0.7.1
    • xen-kmp-kdumppae-3.2.3_17040_42_2.6.16.60_0.99.8-0.7.1
    • xen-kmp-smp-3.2.3_17040_42_2.6.16.60_0.99.8-0.7.1
    • xen-kmp-vmi-3.2.3_17040_42_2.6.16.60_0.99.8-0.7.1
    • xen-kmp-vmipae-3.2.3_17040_42_2.6.16.60_0.99.8-0.7.1
    • xen-libs-3.2.3_17040_42-0.7.1
    • xen-tools-3.2.3_17040_42-0.7.1
    • xen-tools-domU-3.2.3_17040_42-0.7.1
    • xen-tools-ioemu-3.2.3_17040_42-0.7.1
    • SUSE Linux Enterprise Desktop 10 SP4 (x86_64):
    • xen-3.2.3_17040_42-0.7.2
    • xen-devel-3.2.3_17040_42-0.7.2
    • xen-doc-html-3.2.3_17040_42-0.7.2
    • xen-doc-pdf-3.2.3_17040_42-0.7.2
    • xen-doc-ps-3.2.3_17040_42-0.7.2
    • xen-kmp-default-3.2.3_17040_42_2.6.16.60_0.99.11-0.7.2
    • xen-kmp-smp-3.2.3_17040_42_2.6.16.60_0.99.11-0.7.2
    • xen-libs-3.2.3_17040_42-0.7.2
    • xen-libs-32bit-3.2.3_17040_42-0.7.1
    • xen-tools-3.2.3_17040_42-0.7.2
    • xen-tools-domU-3.2.3_17040_42-0.7.2
    • xen-tools-ioemu-3.2.3_17040_42-0.7.2
    • SUSE Linux Enterprise Desktop 10 SP4 (i586):
    • xen-3.2.3_17040_42-0.7.1
    • xen-devel-3.2.3_17040_42-0.7.1
    • xen-doc-html-3.2.3_17040_42-0.7.1
    • xen-doc-pdf-3.2.3_17040_42-0.7.1
    • xen-doc-ps-3.2.3_17040_42-0.7.1
    • xen-kmp-bigsmp-3.2.3_17040_42_2.6.16.60_0.99.8-0.7.1
    • xen-kmp-default-3.2.3_17040_42_2.6.16.60_0.99.8-0.7.1
    • xen-kmp-smp-3.2.3_17040_42_2.6.16.60_0.99.8-0.7.1
    • xen-libs-3.2.3_17040_42-0.7.1
    • xen-tools-3.2.3_17040_42-0.7.1
    • xen-tools-domU-3.2.3_17040_42-0.7.1
    • xen-tools-ioemu-3.2.3_17040_42-0.7.1
    • SLE SDK 10 SP4 (x86_64):
    • xen-3.2.3_17040_42-0.7.2
    • xen-devel-3.2.3_17040_42-0.7.2
    • xen-kmp-debug-3.2.3_17040_42_2.6.16.60_0.99.11-0.7.2
    • xen-kmp-kdump-3.2.3_17040_42_2.6.16.60_0.99.11-0.7.2
    • xen-libs-3.2.3_17040_42-0.7.2
    • xen-libs-32bit-3.2.3_17040_42-0.7.1
    • xen-tools-3.2.3_17040_42-0.7.2
    • xen-tools-ioemu-3.2.3_17040_42-0.7.2
    • SLE SDK 10 SP4 (i586):
    • xen-3.2.3_17040_42-0.7.1
    • xen-devel-3.2.3_17040_42-0.7.1
    • xen-kmp-debug-3.2.3_17040_42_2.6.16.60_0.99.8-0.7.1
    • xen-kmp-kdump-3.2.3_17040_42_2.6.16.60_0.99.8-0.7.1
    • xen-libs-3.2.3_17040_42-0.7.1
    • xen-tools-3.2.3_17040_42-0.7.1
    • xen-tools-ioemu-3.2.3_17040_42-0.7.1

    References:

    • http://support.novell.com/security/cve/CVE-2012-3497.html
    • http://support.novell.com/security/cve/CVE-2012-4411.html
    • http://support.novell.com/security/cve/CVE-2012-4535.html
    • http://support.novell.com/security/cve/CVE-2012-4536.html
    • http://support.novell.com/security/cve/CVE-2012-4537.html
    • http://support.novell.com/security/cve/CVE-2012-4538.html
    • http://support.novell.com/security/cve/CVE-2012-4539.html
    • http://support.novell.com/security/cve/CVE-2012-4544.html
    • https://bugzilla.novell.com/651093
    • https://bugzilla.novell.com/713555
    • https://bugzilla.novell.com/784087
    • https://bugzilla.novell.com/786516
    • https://bugzilla.novell.com/786517
    • http://download.suse.com/patch/finder/?keywords=1e9042debead5d88c23444a904a4e0c9