SUSE-SU-2013:1735-1: moderate: Security update for Xen

Tue Nov 19 10:04:21 MST 2013

   SUSE Security Update: Security update for Xen
______________________________________________________________________________

Announcement ID:    SUSE-SU-2013:1735-1
Rating:             moderate
References:         #803712 #823011 #823608 #823786 #824676 #826882 
                    #828623 #833251 #833796 #834751 #839596 #839600 
                    #839618 #840196 #840592 #841766 #842511 #845520 

Cross-References:   CVE-2013-1432 CVE-2013-1442 CVE-2013-2194
                    CVE-2013-2195 CVE-2013-2196 CVE-2013-2211
                    CVE-2013-4329 CVE-2013-4355 CVE-2013-4361
                    CVE-2013-4368 CVE-2013-4416
Affected Products:
                    SUSE Linux Enterprise Software Development Kit 11 SP2
                    SUSE Linux Enterprise Server 11 SP2 for VMware
                    SUSE Linux Enterprise Server 11 SP2
                    SUSE Linux Enterprise Desktop 11 SP2
______________________________________________________________________________

   An update that solves 11 vulnerabilities and has 7 fixes is
   now available.

Description:

   XEN has been updated to version 4.1.6 which fixes various
   bugs and security  issues.

   * CVE-2013-4416: XSA-72: Fixed ocaml xenstored that
   mishandled oversized message replies.
   * CVE-2013-4355: XSA-63: Fixed information leaks
   through I/O instruction emulation
   * CVE-2013-4361: XSA-66: Fixed information leak through
   fbld instruction emulation
   * CVE-2013-4368: XSA-67: Fixed information leak through
   outs instruction emulation
   * CVE-2013-1442: XSA-62: Fixed information leak on AVX
   and/or LWP capable CPUs
   * CVE-2013-4329: XSA-61: libxl partially sets up HVM
   passthrough even with disabled iommu
   * CVE-2013-1432: XSA-58: x86: fix page refcount
   handling in page table pin error path
   * CVE-2013-2211: XSA-57: libxl allows guest write
   access to sensitive console related xenstore keys
   * xen: XSA-55: Multiple vulnerabilities in libelf PV
   kernel handling (CVE-2013-2194 CVE-2013-2195 CVE-2013-2196)

   Various bugs have also been fixed:

   * Improvements to block-dmmd script (bnc#828623)
   * MTU size on Dom0 gets reset when booting DomU with
   e1000 device (bnc#840196)
   * In HP's UEFI x86_64 platform and with xen
   environment, in booting stage ,xen hypervisor will panic.
   (bnc#833251)
   * Xen: migration broken from xsave-capable to
   xsave-incapable host (bnc#833796)
   * In xen, "shutdown -y 0 -h" cannot power off system
   (bnc#834751)
   * In HP's UEFI x86_64 platform and sles11sp3 with xen
   environment, xen hypervisor will panic on multiple blades
   nPar. (bnc#839600)
   * Failed to setup devices for vm instance when start
   multiple vms simultaneously (bnc#824676)
   * migrate.py support of short options dropped by PTF
   (bnc#824676)
   * after live migration rcu_sched_state detected stalls
   add new option xm migrate --min_remaing (bnc#803712)
   * various upstream fixes have been included

   Security Issue references:

   * CVE-2013-1432
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1432
   >
   * CVE-2013-1442
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1442
   >
   * CVE-2013-2194
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2194
   >
   * CVE-2013-2195
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2195
   >
   * CVE-2013-2196
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2196
   >
   * CVE-2013-2211
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2211
   >
   * CVE-2013-4329
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4329
   >
   * CVE-2013-4355
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4355
   >
   * CVE-2013-4361
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4361
   >
   * CVE-2013-4368
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4368
   >
   * CVE-2013-4416
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4416
   >

Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Software Development Kit 11 SP2:

      zypper in -t patch sdksp2-xen-201310-8478

   - SUSE Linux Enterprise Server 11 SP2 for VMware:

      zypper in -t patch slessp2-xen-201310-8478

   - SUSE Linux Enterprise Server 11 SP2:

      zypper in -t patch slessp2-xen-201310-8478

   - SUSE Linux Enterprise Desktop 11 SP2:

      zypper in -t patch sledsp2-xen-201310-8478

   To bring your system up-to-date, use "zypper patch".

Package List:

   - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 x86_64):

      xen-devel-4.1.6_02-0.5.1

   - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64):

      xen-kmp-trace-4.1.6_02_3.0.93_0.5-0.5.1

   - SUSE Linux Enterprise Server 11 SP2 (i586 x86_64):

      xen-kmp-default-4.1.6_02_3.0.93_0.5-0.5.1
      xen-kmp-trace-4.1.6_02_3.0.93_0.5-0.5.1
      xen-libs-4.1.6_02-0.5.1
      xen-tools-domU-4.1.6_02-0.5.1

   - SUSE Linux Enterprise Server 11 SP2 (x86_64):

      xen-4.1.6_02-0.5.1
      xen-doc-html-4.1.6_02-0.5.1
      xen-doc-pdf-4.1.6_02-0.5.1
      xen-libs-32bit-4.1.6_02-0.5.1
      xen-tools-4.1.6_02-0.5.1

   - SUSE Linux Enterprise Server 11 SP2 (i586):

      xen-kmp-pae-4.1.6_02_3.0.93_0.5-0.5.1

   - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64):

      xen-kmp-default-4.1.6_02_3.0.93_0.5-0.5.1
      xen-kmp-trace-4.1.6_02_3.0.93_0.5-0.5.1
      xen-libs-4.1.6_02-0.5.1
      xen-tools-domU-4.1.6_02-0.5.1

   - SUSE Linux Enterprise Desktop 11 SP2 (x86_64):

      xen-4.1.6_02-0.5.1
      xen-doc-html-4.1.6_02-0.5.1
      xen-doc-pdf-4.1.6_02-0.5.1
      xen-libs-32bit-4.1.6_02-0.5.1
      xen-tools-4.1.6_02-0.5.1

   - SUSE Linux Enterprise Desktop 11 SP2 (i586):

      xen-kmp-pae-4.1.6_02_3.0.93_0.5-0.5.1

References:

   http://support.novell.com/security/cve/CVE-2013-1432.html
   http://support.novell.com/security/cve/CVE-2013-1442.html
   http://support.novell.com/security/cve/CVE-2013-2194.html
   http://support.novell.com/security/cve/CVE-2013-2195.html
   http://support.novell.com/security/cve/CVE-2013-2196.html
   http://support.novell.com/security/cve/CVE-2013-2211.html
   http://support.novell.com/security/cve/CVE-2013-4329.html
   http://support.novell.com/security/cve/CVE-2013-4355.html
   http://support.novell.com/security/cve/CVE-2013-4361.html
   http://support.novell.com/security/cve/CVE-2013-4368.html
   http://support.novell.com/security/cve/CVE-2013-4416.html
   https://bugzilla.novell.com/803712
   https://bugzilla.novell.com/823011
   https://bugzilla.novell.com/823608
   https://bugzilla.novell.com/823786
   https://bugzilla.novell.com/824676
   https://bugzilla.novell.com/826882
   https://bugzilla.novell.com/828623
   https://bugzilla.novell.com/833251
   https://bugzilla.novell.com/833796
   https://bugzilla.novell.com/834751
   https://bugzilla.novell.com/839596
   https://bugzilla.novell.com/839600
   https://bugzilla.novell.com/839618
   https://bugzilla.novell.com/840196
   https://bugzilla.novell.com/840592
   https://bugzilla.novell.com/841766
   https://bugzilla.novell.com/842511
   https://bugzilla.novell.com/845520
   http://download.novell.com/patch/finder/?keywords=0358a604a91415d5bc35a5df0bbffa61