SUSE-SU-2012:1162-1: important: Security update for Xen

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Thu Sep 13 14:08:29 MDT 2012 

   SUSE Security Update: Security update for Xen
______________________________________________________________________________

Announcement ID:    SUSE-SU-2012:1162-1
Rating:             important
References:         #776995 #777084 #777090 #777091 
Cross-References:   CVE-2012-3494 CVE-2012-3496 CVE-2012-3515
                   
Affected Products:
                    SUSE Linux Enterprise Server 11 SP1 LTSS
______________________________________________________________________________

   An update that solves three vulnerabilities and has one
   errata is now available.

Description:


   XEN was updated to fix multiple bugs and security issues.

   The following security issues have been fixed:

   * CVE-2012-3494: xen: hypercall set_debugreg
   vulnerability (XSA-12)
   * CVE-2012-3496: xen: XENMEM_populate_physmap DoS
   vulnerability (XSA-14)
   * CVE-2012-3515: xen: Qemu VT100 emulation
   vulnerability (XSA-17)

   Also the following bugs have been fixed:

   * pvscsi support of attaching Luns - bnc#776995

   Security Issue references:

   * CVE-2012-3496
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3496
   >
   * CVE-2012-3494
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3494
   >
   * CVE-2012-3515
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3515
   >

Indications:

   Everyone using XEN should update.

Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server 11 SP1 LTSS:

      zypper in -t patch slessp1-xen-201209-6746

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 x86_64):

      xen-4.0.3_21548_10-0.5.1
      xen-doc-html-4.0.3_21548_10-0.5.1
      xen-doc-pdf-4.0.3_21548_10-0.5.1
      xen-kmp-default-4.0.3_21548_10_2.6.32.59_0.7-0.5.1
      xen-kmp-trace-4.0.3_21548_10_2.6.32.59_0.7-0.5.1
      xen-libs-4.0.3_21548_10-0.5.1
      xen-tools-4.0.3_21548_10-0.5.1
      xen-tools-domU-4.0.3_21548_10-0.5.1

   - SUSE Linux Enterprise Server 11 SP1 LTSS (i586):

      xen-kmp-pae-4.0.3_21548_10_2.6.32.59_0.7-0.5.1


References:

   http://support.novell.com/security/cve/CVE-2012-3494.html
   http://support.novell.com/security/cve/CVE-2012-3496.html
   http://support.novell.com/security/cve/CVE-2012-3515.html
   https://bugzilla.novell.com/776995
   https://bugzilla.novell.com/777084
   https://bugzilla.novell.com/777090
   https://bugzilla.novell.com/777091
   http://download.novell.com/patch/finder/?keywords=60ffb0200ab44cd2c5b21cf2c325f4a5

More information about the sle-security-updates mailing list