SUSE-SU-2012:0386-1: Security update for Xen and libvirt

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Mon Mar 19 16:08:13 MDT 2012


   SUSE Security Update: Security update for Xen and libvirt
______________________________________________________________________________

Announcement ID:    SUSE-SU-2012:0386-1
Rating:             low
References:         #649209 #694863 #725169 #726332 #727515 #732782 
                    #734826 #735403 #736824 #739585 #740165 
Cross-References:   CVE-2012-0029
Affected Products:
                    SUSE Linux Enterprise Software Development Kit 11 SP1
                    SUSE Linux Enterprise Server 11 SP1 for VMware
                    SUSE Linux Enterprise Server 11 SP1
                    SUSE Linux Enterprise Desktop 11 SP1
______________________________________________________________________________

   An update that solves one vulnerability and has 10 fixes is
   now available. It includes one version update.

Description:


   This collective update 2012/02 for Xen provides fixes for
   the following  reports:

   Xen:

   * 740165: Fix heap overflow in e1000 device emulation
   (applicable to Xen qemu - CVE-2012-0029)
   * 739585: Xen block-attach fails after repeated
   attach/detach
   * 727515: Fragmented packets hang network boot of HVM
   guest
   * 736824: Microcode patches for AMD's 15h processors
   panic the system
   * 732782: xm create hangs when maxmen value is enclosed
   in "quotes"
   * 734826: xm rename doesn't work anymore
   * 694863: kexec fails in xen
   * 726332: Fix considerable performance hit by previous
   changeset
   * 649209: Fix slow Xen live migrations

   libvirt

   * 735403: Fix connection with virt-manager as normal
   user

   virt-utils

   * Add Support for creating images that can be run on
   Microsoft Hyper-V host (Fix vpc file format. Add support
   for fixed disks)

   Security Issue references:

   * CVE-2012-0029
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0029
   >

Indications:

   Every Xen user should update.

Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Software Development Kit 11 SP1:

      zypper in -t patch sdksp1-xen-201202-5796

   - SUSE Linux Enterprise Server 11 SP1 for VMware:

      zypper in -t patch slessp1-xen-201202-5796

   - SUSE Linux Enterprise Server 11 SP1:

      zypper in -t patch slessp1-xen-201202-5796

   - SUSE Linux Enterprise Desktop 11 SP1:

      zypper in -t patch sledsp1-xen-201202-5796

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 x86_64):

      libvirt-devel-0.7.6-1.29.2
      xen-devel-4.0.3_21548_02-0.5.2

   - SUSE Linux Enterprise Server 11 SP1 for VMware (i586 x86_64):

      xen-kmp-trace-4.0.3_21548_02_2.6.32.54_0.3-0.5.2

   - SUSE Linux Enterprise Server 11 SP1 (i586 x86_64) [New Version: 1.1.3]:

      libvirt-0.7.6-1.29.2
      libvirt-doc-0.7.6-1.29.2
      libvirt-python-0.7.6-1.29.2
      virt-utils-1.1.3-1.5.1
      xen-4.0.3_21548_02-0.5.2
      xen-doc-html-4.0.3_21548_02-0.5.2
      xen-doc-pdf-4.0.3_21548_02-0.5.2
      xen-kmp-default-4.0.3_21548_02_2.6.32.54_0.3-0.5.2
      xen-kmp-trace-4.0.3_21548_02_2.6.32.54_0.3-0.5.2
      xen-libs-4.0.3_21548_02-0.5.2
      xen-tools-4.0.3_21548_02-0.5.2
      xen-tools-domU-4.0.3_21548_02-0.5.2

   - SUSE Linux Enterprise Server 11 SP1 (i586):

      xen-kmp-pae-4.0.3_21548_02_2.6.32.54_0.3-0.5.2

   - SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64) [New Version: 1.1.3]:

      libvirt-0.7.6-1.29.2
      libvirt-doc-0.7.6-1.29.2
      libvirt-python-0.7.6-1.29.2
      virt-utils-1.1.3-1.5.1
      xen-4.0.3_21548_02-0.5.2
      xen-kmp-default-4.0.3_21548_02_2.6.32.54_0.3-0.5.2
      xen-libs-4.0.3_21548_02-0.5.2
      xen-tools-4.0.3_21548_02-0.5.2
      xen-tools-domU-4.0.3_21548_02-0.5.2

   - SUSE Linux Enterprise Desktop 11 SP1 (i586):

      xen-kmp-pae-4.0.3_21548_02_2.6.32.54_0.3-0.5.2


References:

   http://support.novell.com/security/cve/CVE-2012-0029.html
   https://bugzilla.novell.com/649209
   https://bugzilla.novell.com/694863
   https://bugzilla.novell.com/725169
   https://bugzilla.novell.com/726332
   https://bugzilla.novell.com/727515
   https://bugzilla.novell.com/732782
   https://bugzilla.novell.com/734826
   https://bugzilla.novell.com/735403
   https://bugzilla.novell.com/736824
   https://bugzilla.novell.com/739585
   https://bugzilla.novell.com/740165
   http://download.novell.com/patch/finder/?keywords=cc26db394df4e1893e567ae94e3d664f



More information about the sle-security-updates mailing list