Security update for Xen
SUSE Security Update: Security update for Xen
XEN has been updated to version 4.2.3 c/s 26170, fixing
various bugs and security issues.
* CVE-2013-4416: XSA-72: Fixed ocaml xenstored that
mishandled oversized message replies
* CVE-2013-4355: XSA-63: Fixed information leaks
through I/O instruction emulation
* CVE-2013-4361: XSA-66: Fixed information leak through
fbld instruction emulation
* CVE-2013-4368: XSA-67: Fixed information leak through
outs instruction emulation
* CVE-2013-4369: XSA-68: Fixed possible null
dereference when parsing vif ratelimiting info
* CVE-2013-4370: XSA-69: Fixed misplaced free in ocaml
xc_vcpu_getaffinity stub
* CVE-2013-4371: XSA-70: Fixed use-after-free in
libxl_list_cpupool under memory pressure
* CVE-2013-4375: XSA-71: xen: qemu disk backend (qdisk)
resource leak
* CVE-2013-1442: XSA-62: Fixed information leak on AVX
and/or LWP capable CPUs
* CVE-2013-1432: XSA-58: Page reference counting error
due to XSA-45/CVE-2013-1918 fixes.
Various bugs have also been fixed:
* Boot failure with xen kernel in UEFI mode with error
"No memory for trampoline" (bnc#833483)
* Improvements to block-dmmd script (bnc#828623)
* MTU size on Dom0 gets reset when booting DomU with
e1000 device (bnc#840196)
* In HP's UEFI x86_64 platform and with xen
environment, in booting stage, xen hypervisor will panic.
(bnc#833251)
* Xen: migration broken from xsave-capable to
xsave-incapable host (bnc#833796)
* In xen, "shutdown -y 0 -h" cannot power off system
(bnc#834751)
* In HP's UEFI x86_64 platform with xen environment,
xen hypervisor will panic on multiple blades nPar.
(bnc#839600)
* vcpus not started after upgrading Dom0 from SLES 11
SP2 to SP3 (bnc#835896)
* SLES 11 SP3 Xen security patch does not automatically
update UEFI boot binary (bnc#836239)
* Failed to setup devices for vm instance when start
multiple vms simultaneously (bnc#824676)
* SLES 9 SP4 guest fails to start after upgrading to
SLES 11 SP3 (bnc#817799)
* Various upstream fixes have been included.
Security Issues:
* CVE-2013-1432
>
* CVE-2013-1442
>
* CVE-2013-1918
>
* CVE-2013-4355
>
* CVE-2013-4361
>
* CVE-2013-4368
>
* CVE-2013-4369
>
* CVE-2013-4370
>
* CVE-2013-4371
>
* CVE-2013-4375
>
* CVE-2013-4416
>
| Announcement ID: | SUSE-SU-2013:1774-1 |
| Rating: | moderate |
| References: | #817799 #824676 #826882 #828623 #833251 #833483 #833796 #834751 #835896 #836239 #839596 #839600 #840196 #840592 #841766 #842511 #842512 #842513 #842514 #842515 #845520 |
| Affected Products: |
An update that solves 11 vulnerabilities and has 10 fixes is now available.
Description:
XEN has been updated to version 4.2.3 c/s 26170, fixing
various bugs and security issues.
* CVE-2013-4416: XSA-72: Fixed ocaml xenstored that
mishandled oversized message replies
* CVE-2013-4355: XSA-63: Fixed information leaks
through I/O instruction emulation
* CVE-2013-4361: XSA-66: Fixed information leak through
fbld instruction emulation
* CVE-2013-4368: XSA-67: Fixed information leak through
outs instruction emulation
* CVE-2013-4369: XSA-68: Fixed possible null
dereference when parsing vif ratelimiting info
* CVE-2013-4370: XSA-69: Fixed misplaced free in ocaml
xc_vcpu_getaffinity stub
* CVE-2013-4371: XSA-70: Fixed use-after-free in
libxl_list_cpupool under memory pressure
* CVE-2013-4375: XSA-71: xen: qemu disk backend (qdisk)
resource leak
* CVE-2013-1442: XSA-62: Fixed information leak on AVX
and/or LWP capable CPUs
* CVE-2013-1432: XSA-58: Page reference counting error
due to XSA-45/CVE-2013-1918 fixes.
Various bugs have also been fixed:
* Boot failure with xen kernel in UEFI mode with error
"No memory for trampoline" (bnc#833483)
* Improvements to block-dmmd script (bnc#828623)
* MTU size on Dom0 gets reset when booting DomU with
e1000 device (bnc#840196)
* In HP's UEFI x86_64 platform and with xen
environment, in booting stage, xen hypervisor will panic.
(bnc#833251)
* Xen: migration broken from xsave-capable to
xsave-incapable host (bnc#833796)
* In xen, "shutdown -y 0 -h" cannot power off system
(bnc#834751)
* In HP's UEFI x86_64 platform with xen environment,
xen hypervisor will panic on multiple blades nPar.
(bnc#839600)
* vcpus not started after upgrading Dom0 from SLES 11
SP2 to SP3 (bnc#835896)
* SLES 11 SP3 Xen security patch does not automatically
update UEFI boot binary (bnc#836239)
* Failed to setup devices for vm instance when start
multiple vms simultaneously (bnc#824676)
* SLES 9 SP4 guest fails to start after upgrading to
SLES 11 SP3 (bnc#817799)
* Various upstream fixes have been included.
Security Issues:
* CVE-2013-1432
* CVE-2013-1442
* CVE-2013-1918
* CVE-2013-4355
* CVE-2013-4361
* CVE-2013-4368
* CVE-2013-4369
* CVE-2013-4370
* CVE-2013-4371
* CVE-2013-4375
* CVE-2013-4416
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 11 SP3:
zypper in -t patch sdksp3-xen-201310-8479 - SUSE Linux Enterprise Server 11 SP3:
zypper in -t patch slessp3-xen-201310-8479 - SUSE Linux Enterprise Desktop 11 SP3:
zypper in -t patch sledsp3-xen-201310-8479
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 x86_64):
- xen-devel-4.2.3_02-0.7.1
- SUSE Linux Enterprise Server 11 SP3 (i586 x86_64):
- xen-kmp-default-4.2.3_02_3.0.93_0.8-0.7.1
- xen-libs-4.2.3_02-0.7.1
- xen-tools-domU-4.2.3_02-0.7.1
- SUSE Linux Enterprise Server 11 SP3 (x86_64):
- xen-4.2.3_02-0.7.1
- xen-doc-html-4.2.3_02-0.7.1
- xen-doc-pdf-4.2.3_02-0.7.1
- xen-libs-32bit-4.2.3_02-0.7.1
- xen-tools-4.2.3_02-0.7.1
- SUSE Linux Enterprise Server 11 SP3 (i586):
- xen-kmp-pae-4.2.3_02_3.0.93_0.8-0.7.1
- SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64):
- xen-kmp-default-4.2.3_02_3.0.93_0.8-0.7.1
- xen-libs-4.2.3_02-0.7.1
- xen-tools-domU-4.2.3_02-0.7.1
- SUSE Linux Enterprise Desktop 11 SP3 (x86_64):
- xen-4.2.3_02-0.7.1
- xen-doc-html-4.2.3_02-0.7.1
- xen-doc-pdf-4.2.3_02-0.7.1
- xen-libs-32bit-4.2.3_02-0.7.1
- xen-tools-4.2.3_02-0.7.1
- SUSE Linux Enterprise Desktop 11 SP3 (i586):
- xen-kmp-pae-4.2.3_02_3.0.93_0.8-0.7.1
References:
- http://support.novell.com/security/cve/CVE-2013-1432.html
- http://support.novell.com/security/cve/CVE-2013-1442.html
- http://support.novell.com/security/cve/CVE-2013-1918.html
- http://support.novell.com/security/cve/CVE-2013-4355.html
- http://support.novell.com/security/cve/CVE-2013-4361.html
- http://support.novell.com/security/cve/CVE-2013-4368.html
- http://support.novell.com/security/cve/CVE-2013-4369.html
- http://support.novell.com/security/cve/CVE-2013-4370.html
- http://support.novell.com/security/cve/CVE-2013-4371.html
- http://support.novell.com/security/cve/CVE-2013-4375.html
- http://support.novell.com/security/cve/CVE-2013-4416.html
- https://bugzilla.novell.com/817799
- https://bugzilla.novell.com/824676
- https://bugzilla.novell.com/826882
- https://bugzilla.novell.com/828623
- https://bugzilla.novell.com/833251
- https://bugzilla.novell.com/833483
- https://bugzilla.novell.com/833796
- https://bugzilla.novell.com/834751
- https://bugzilla.novell.com/835896
- https://bugzilla.novell.com/836239
- https://bugzilla.novell.com/839596
- https://bugzilla.novell.com/839600
- https://bugzilla.novell.com/840196
- https://bugzilla.novell.com/840592
- https://bugzilla.novell.com/841766
- https://bugzilla.novell.com/842511
- https://bugzilla.novell.com/842512
- https://bugzilla.novell.com/842513
- https://bugzilla.novell.com/842514
- https://bugzilla.novell.com/842515
- https://bugzilla.novell.com/845520
- http://download.suse.com/patch/finder/?keywords=44263de6887ab03471056913790a1e0e