SUSE-SU-2013:1774-1: moderate: Security update for Xen

[sle-security-updates at lists.suse.com]

   SUSE Security Update: Security update for Xen
______________________________________________________________________________

Announcement ID:    SUSE-SU-2013:1774-1
Rating:             moderate
References:         #817799 #824676 #826882 #828623 #833251 #833483 
                    #833796 #834751 #835896 #836239 #839596 #839600 
                    #840196 #840592 #841766 #842511 #842512 #842513 
                    #842514 #842515 #845520 
Cross-References:   CVE-2013-1432 CVE-2013-1442 CVE-2013-1918
                    CVE-2013-4355 CVE-2013-4361 CVE-2013-4368
                    CVE-2013-4369 CVE-2013-4370 CVE-2013-4371
                    CVE-2013-4375 CVE-2013-4416
Affected Products:
                    SUSE Linux Enterprise Software Development Kit 11 SP3
                    SUSE Linux Enterprise Server 11 SP3
                    SUSE Linux Enterprise Desktop 11 SP3
______________________________________________________________________________

   An update that solves 11 vulnerabilities and has 10 fixes
   is now available.

Description:


   XEN has been updated to version 4.2.3 c/s 26170, fixing
   various bugs and  security issues.

   * CVE-2013-4416: XSA-72: Fixed ocaml xenstored that
   mishandled oversized message replies
   * CVE-2013-4355: XSA-63: Fixed information leaks
   through I/O instruction emulation
   * CVE-2013-4361: XSA-66: Fixed information leak through
   fbld instruction emulation
   * CVE-2013-4368: XSA-67: Fixed information leak through
   outs instruction emulation
   * CVE-2013-4369: XSA-68: Fixed possible null
   dereference when parsing vif ratelimiting info
   * CVE-2013-4370: XSA-69: Fixed misplaced free in ocaml
   xc_vcpu_getaffinity stub
   * CVE-2013-4371: XSA-70: Fixed use-after-free in
   libxl_list_cpupool under memory pressure
   * CVE-2013-4375: XSA-71: xen: qemu disk backend (qdisk)
   resource leak
   * CVE-2013-1442: XSA-62: Fixed information leak on AVX
   and/or LWP capable CPUs
   * CVE-2013-1432: XSA-58: Page reference counting error
   due to XSA-45/CVE-2013-1918 fixes.

   Various bugs have also been fixed:

   * Boot failure with xen kernel in UEFI mode with error
   "No memory for trampoline" (bnc#833483)
   * Improvements to block-dmmd script (bnc#828623)
   * MTU size on Dom0 gets reset when booting DomU with
   e1000 device (bnc#840196)
   * In HP's UEFI x86_64 platform and with xen
   environment, in booting stage, xen hypervisor will panic.
   (bnc#833251)
   * Xen: migration broken from xsave-capable to
   xsave-incapable host (bnc#833796)
   * In xen, "shutdown -y 0 -h" cannot power off system
   (bnc#834751)
   * In HP's UEFI x86_64 platform with xen environment,
   xen hypervisor will panic on multiple blades nPar.
   (bnc#839600)
   * vcpus not started after upgrading Dom0 from SLES 11
   SP2 to SP3 (bnc#835896)
   * SLES 11 SP3 Xen security patch does not automatically
   update UEFI boot binary (bnc#836239)
   * Failed to setup devices for vm instance when start
   multiple vms simultaneously (bnc#824676)
   * SLES 9 SP4 guest fails to start after upgrading to
   SLES 11 SP3 (bnc#817799)
   * Various upstream fixes have been included.

   Security Issues:

   * CVE-2013-1432
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1432
   >
   * CVE-2013-1442
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1442
   >
   * CVE-2013-1918
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1918
   >
   * CVE-2013-4355
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4355
   >
   * CVE-2013-4361
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4361
   >
   * CVE-2013-4368
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4368
   >
   * CVE-2013-4369
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4369
   >
   * CVE-2013-4370
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4370
   >
   * CVE-2013-4371
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4371
   >
   * CVE-2013-4375
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4375
   >
   * CVE-2013-4416
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4416
   >


Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Software Development Kit 11 SP3:

      zypper in -t patch sdksp3-xen-201310-8479

   - SUSE Linux Enterprise Server 11 SP3:

      zypper in -t patch slessp3-xen-201310-8479

   - SUSE Linux Enterprise Desktop 11 SP3:

      zypper in -t patch sledsp3-xen-201310-8479

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 x86_64):

      xen-devel-4.2.3_02-0.7.1

   - SUSE Linux Enterprise Server 11 SP3 (i586 x86_64):

      xen-kmp-default-4.2.3_02_3.0.93_0.8-0.7.1
      xen-libs-4.2.3_02-0.7.1
      xen-tools-domU-4.2.3_02-0.7.1

   - SUSE Linux Enterprise Server 11 SP3 (x86_64):

      xen-4.2.3_02-0.7.1
      xen-doc-html-4.2.3_02-0.7.1
      xen-doc-pdf-4.2.3_02-0.7.1
      xen-libs-32bit-4.2.3_02-0.7.1
      xen-tools-4.2.3_02-0.7.1

   - SUSE Linux Enterprise Server 11 SP3 (i586):

      xen-kmp-pae-4.2.3_02_3.0.93_0.8-0.7.1

   - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64):

      xen-kmp-default-4.2.3_02_3.0.93_0.8-0.7.1
      xen-libs-4.2.3_02-0.7.1
      xen-tools-domU-4.2.3_02-0.7.1

   - SUSE Linux Enterprise Desktop 11 SP3 (x86_64):

      xen-4.2.3_02-0.7.1
      xen-doc-html-4.2.3_02-0.7.1
      xen-doc-pdf-4.2.3_02-0.7.1
      xen-libs-32bit-4.2.3_02-0.7.1
      xen-tools-4.2.3_02-0.7.1

   - SUSE Linux Enterprise Desktop 11 SP3 (i586):

      xen-kmp-pae-4.2.3_02_3.0.93_0.8-0.7.1


References:

   http://support.novell.com/security/cve/CVE-2013-1432.html
   http://support.novell.com/security/cve/CVE-2013-1442.html
   http://support.novell.com/security/cve/CVE-2013-1918.html
   http://support.novell.com/security/cve/CVE-2013-4355.html
   http://support.novell.com/security/cve/CVE-2013-4361.html
   http://support.novell.com/security/cve/CVE-2013-4368.html
   http://support.novell.com/security/cve/CVE-2013-4369.html
   http://support.novell.com/security/cve/CVE-2013-4370.html
   http://support.novell.com/security/cve/CVE-2013-4371.html
   http://support.novell.com/security/cve/CVE-2013-4375.html
   http://support.novell.com/security/cve/CVE-2013-4416.html
   https://bugzilla.novell.com/817799
   https://bugzilla.novell.com/824676
   https://bugzilla.novell.com/826882
   https://bugzilla.novell.com/828623
   https://bugzilla.novell.com/833251
   https://bugzilla.novell.com/833483
   https://bugzilla.novell.com/833796
   https://bugzilla.novell.com/834751
   https://bugzilla.novell.com/835896
   https://bugzilla.novell.com/836239
   https://bugzilla.novell.com/839596
   https://bugzilla.novell.com/839600
   https://bugzilla.novell.com/840196
   https://bugzilla.novell.com/840592
   https://bugzilla.novell.com/841766
   https://bugzilla.novell.com/842511
   https://bugzilla.novell.com/842512
   https://bugzilla.novell.com/842513
   https://bugzilla.novell.com/842514
   https://bugzilla.novell.com/842515
   https://bugzilla.novell.com/845520
   http://download.novell.com/patch/finder/?keywords=44263de6887ab03471056913790a1e0e