SUSE-SU-2013:1923-1: moderate: Security update for Xen

Thu Dec 19 14:04:11 MST 2013

   SUSE Security Update: Security update for Xen
______________________________________________________________________________

Announcement ID:    SUSE-SU-2013:1923-1
Rating:             moderate
References:         #833483 #840997 #842417 #846849 #848014 #848657 
                    #849665 #849667 #849668 #851386 
Cross-References:   CVE-2013-1922 CVE-2013-2007 CVE-2013-4375
                    CVE-2013-4416 CVE-2013-4494 CVE-2013-4551
                    CVE-2013-4553 CVE-2013-4554
Affected Products:
                    SUSE Linux Enterprise Software Development Kit 11 SP3
                    SUSE Linux Enterprise Server 11 SP3
                    SUSE Linux Enterprise Desktop 11 SP3
______________________________________________________________________________

   An update that solves 8 vulnerabilities and has two fixes
   is now available.

Description:

   The Xen hypervisor and tool-suite have been updated to fix
   security issues  and bugs:

   * CVE-2013-4494: XSA-73: A lock order reversal between
   page allocation and grant table locks could lead to host
   crashes or even host code execution.
   * CVE-2013-4553: XSA-74: A lock order reversal between
   page_alloc_lock and mm_rwlock could lead to deadlocks.
   * CVE-2013-4554: XSA-76: Hypercalls exposed to
   privilege rings 1 and 2 of HVM guests which might lead to
   Hypervisor escalation under specific circumstances.
   * CVE-2013-6375: XSA-78: Insufficient TLB flushing in
   VT-d (iommu) code could lead to access of memory that was
   revoked.
   * CVE-2013-4551: XSA-75: A host crash due to guest VMX
   instruction execution was fixed.

   Non-security bugs have also been fixed:

   * bnc#840997: It is possible to start a VM twice on the
   same node.
   * bnc#842417: In HP's UEFI x86_64 platform and SLES
   11-SP3, dom0 will could lock-up on multiple blades nPar.
   * bnc#848014: Xen Hypervisor panics on 8-blades nPar
   with 46-bit memory addressing.
   * bnc#846849: Soft lock-up with PCI pass-through and
   many VCPUs.
   * bnc#833483: Boot Failure with Xen kernel in UEFI mode
   with error "No memory for trampoline".
   * Increase the maximum supported CPUs in the Hypervisor
   to 512.

   Security Issues:

   * CVE-2013-1922
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1922
   >
   * CVE-2013-2007
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2007
   >
   * CVE-2013-4375
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4375
   >
   * CVE-2013-4416
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4416
   >
   * CVE-2013-4494
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4494
   >
   * CVE-2013-4551
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4551
   >
   * CVE-2013-4553
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4553
   >
   * CVE-2013-4554
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4554
   >

Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Software Development Kit 11 SP3:

      zypper in -t patch sdksp3-xen-201311-8588

   - SUSE Linux Enterprise Server 11 SP3:

      zypper in -t patch slessp3-xen-201311-8588

   - SUSE Linux Enterprise Desktop 11 SP3:

      zypper in -t patch sledsp3-xen-201311-8588

   To bring your system up-to-date, use "zypper patch".

Package List:

   - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 x86_64):

      xen-devel-4.2.3_08-0.7.1

   - SUSE Linux Enterprise Server 11 SP3 (i586 x86_64):

      xen-kmp-default-4.2.3_08_3.0.101_0.8-0.7.1
      xen-libs-4.2.3_08-0.7.1
      xen-tools-domU-4.2.3_08-0.7.1

   - SUSE Linux Enterprise Server 11 SP3 (x86_64):

      xen-4.2.3_08-0.7.1
      xen-doc-html-4.2.3_08-0.7.1
      xen-doc-pdf-4.2.3_08-0.7.1
      xen-libs-32bit-4.2.3_08-0.7.1
      xen-tools-4.2.3_08-0.7.1

   - SUSE Linux Enterprise Server 11 SP3 (i586):

      xen-kmp-pae-4.2.3_08_3.0.101_0.8-0.7.1

   - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64):

      xen-kmp-default-4.2.3_08_3.0.101_0.8-0.7.1
      xen-libs-4.2.3_08-0.7.1
      xen-tools-domU-4.2.3_08-0.7.1

   - SUSE Linux Enterprise Desktop 11 SP3 (x86_64):

      xen-4.2.3_08-0.7.1
      xen-doc-html-4.2.3_08-0.7.1
      xen-doc-pdf-4.2.3_08-0.7.1
      xen-libs-32bit-4.2.3_08-0.7.1
      xen-tools-4.2.3_08-0.7.1

   - SUSE Linux Enterprise Desktop 11 SP3 (i586):

      xen-kmp-pae-4.2.3_08_3.0.101_0.8-0.7.1

References:

   http://support.novell.com/security/cve/CVE-2013-1922.html
   http://support.novell.com/security/cve/CVE-2013-2007.html
   http://support.novell.com/security/cve/CVE-2013-4375.html
   http://support.novell.com/security/cve/CVE-2013-4416.html
   http://support.novell.com/security/cve/CVE-2013-4494.html
   http://support.novell.com/security/cve/CVE-2013-4551.html
   http://support.novell.com/security/cve/CVE-2013-4553.html
   http://support.novell.com/security/cve/CVE-2013-4554.html
   https://bugzilla.novell.com/833483
   https://bugzilla.novell.com/840997
   https://bugzilla.novell.com/842417
   https://bugzilla.novell.com/846849
   https://bugzilla.novell.com/848014
   https://bugzilla.novell.com/848657
   https://bugzilla.novell.com/849665
   https://bugzilla.novell.com/849667
   https://bugzilla.novell.com/849668
   https://bugzilla.novell.com/851386
   http://download.novell.com/patch/finder/?keywords=08d096221c1d89c9a950f559d38dccd0