SUSE-SU-2014:0446-1: important: Security update for Xen

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Tue Mar 25 16:04:11 MDT 2014


   SUSE Security Update: Security update for Xen
______________________________________________________________________________

Announcement ID:    SUSE-SU-2014:0446-1
Rating:             important
References:         #777628 #777890 #779212 #786516 #786517 #786519 
                    #786520 #787163 #789944 #789945 #789948 #789950 
                    #789951 #794316 #797031 #797523 #800275 #805094 
                    #813673 #813675 #813677 #816156 #816159 #816163 
                    #819416 #820917 #820919 #823011 #823608 #826882 
                    #831120 #839596 #839618 #840592 #841766 #842511 
                    #848657 #849667 #849668 #853049 #860163 
Cross-References:   CVE-2006-1056 CVE-2007-0998 CVE-2012-3497
                    CVE-2012-4411 CVE-2012-4535 CVE-2012-4537
                    CVE-2012-4538 CVE-2012-4539 CVE-2012-4544
                    CVE-2012-5510 CVE-2012-5511 CVE-2012-5513
                    CVE-2012-5514 CVE-2012-5515 CVE-2012-5634
                    CVE-2012-6075 CVE-2012-6333 CVE-2013-0153
                    CVE-2013-0154 CVE-2013-1432 CVE-2013-1442
                    CVE-2013-1917 CVE-2013-1918 CVE-2013-1919
                    CVE-2013-1920 CVE-2013-1952 CVE-2013-1964
                    CVE-2013-2072 CVE-2013-2076 CVE-2013-2077
                    CVE-2013-2194 CVE-2013-2195 CVE-2013-2196
                    CVE-2013-2211 CVE-2013-2212 CVE-2013-4329
                    CVE-2013-4355 CVE-2013-4361 CVE-2013-4368
                    CVE-2013-4494 CVE-2013-4553 CVE-2013-4554
                    CVE-2013-6885 CVE-2014-1891 CVE-2014-1892
                    CVE-2014-1893 CVE-2014-1894
Affected Products:
                    SUSE Linux Enterprise Server 11 SP1 LTSS
______________________________________________________________________________

   An update that fixes 47 vulnerabilities is now available.

Description:


   The SUSE Linux Enterprise Server 11 Service Pack 1 LTSS Xen
   hypervisor and  toolset have been updated to fix various
   security issues and some bugs.

   The following security issues have been addressed:

   *

   XSA-84: CVE-2014-1894: Xen 3.2 (and presumably
   earlier) exhibit both problems with the overflow issue
   being present for more than just the suboperations listed
   above. (bnc#860163)

   *

   XSA-84: CVE-2014-1892 CVE-2014-1893: Xen 3.3 through
   4.1, while not affected by the above overflow, have a
   different overflow issue on FLASK_{GET,SET}BOOL and expose
   unreasonably large memory allocation to aribitrary guests.
   (bnc#860163)

   *

   XSA-84: CVE-2014-1891: The FLASK_{GET,SET}BOOL,
   FLASK_USER and FLASK_CONTEXT_TO_SID suboperations of the
   flask hypercall are vulnerable to an integer overflow on
   the input size. The hypercalls attempt to allocate a buffer
   which is 1 larger than this size and is therefore
   vulnerable to integer overflow and an attempt to allocate
   then access a zero byte buffer. (bnc#860163)

   *

   XSA-82: CVE-2013-6885: The microcode on AMD 16h 00h
   through 0Fh processors does not properly handle the
   interaction between locked instructions and write-combined
   memory types, which allows local users to cause a denial of
   service (system hang) via a crafted application, aka the
   errata 793 issue. (bnc#853049)

   *

   XSA-76: CVE-2013-4554: Xen 3.0.3 through 4.1.x
   (possibly 4.1.6.1), 4.2.x (possibly 4.2.3), and 4.3.x
   (possibly 4.3.1) does not properly prevent access to
   hypercalls, which allows local guest users to gain
   privileges via a crafted application running in ring 1 or
   2. (bnc#849668)

   *

   XSA-74: CVE-2013-4553: The XEN_DOMCTL_getmemlist
   hypercall in Xen 3.4.x through 4.3.x (possibly 4.3.1) does
   not always obtain the page_alloc_lock and mm_rwlock in the
   same order, which allows local guest administrators to
   cause a denial of service (host deadlock). (bnc#849667)

   *

   XSA-73: CVE-2013-4494: Xen before 4.1.x, 4.2.x, and
   4.3.x does not take the page_alloc_lock and
   grant_table.lock in the same order, which allows local
   guest administrators with access to multiple vcpus to cause
   a denial of service (host deadlock) via unspecified
   vectors. (bnc#848657)

   *

   XSA-67: CVE-2013-4368: The outs instruction emulation
   in Xen 3.1.x, 4.2.x, 4.3.x, and earlier, when using FS: or
   GS: segment override, uses an uninitialized variable as a
   segment base, which allows local 64-bit PV guests to obtain
   sensitive information (hypervisor stack content) via
   unspecified vectors related to stale data in a segment
   register. (bnc#842511)

   *

   XSA-66: CVE-2013-4361: The fbld instruction emulation
   in Xen 3.3.x through 4.3.x does not use the correct
   variable for the source effective address, which allows
   local HVM guests to obtain hypervisor stack information by
   reading the values used by the instruction. (bnc#841766)

   *

   XSA-63: CVE-2013-4355: Xen 4.3.x and earlier does not
   properly handle certain errors, which allows local HVM
   guests to obtain hypervisor stack memory via a (1) port or
   (2) memory mapped I/O write or (3) other unspecified
   operations related to addresses without associated memory.
   (bnc#840592)

   *

   XSA-62: CVE-2013-1442: Xen 4.0 through 4.3.x, when
   using AVX or LWP capable CPUs, does not properly clear
   previous data from registers when using an XSAVE or XRSTOR
   to extend the state components of a saved or restored vCPU
   after touching other restored extended registers, which
   allows local guest OSes to obtain sensitive information by
   reading the registers. (bnc#839596)

   *

   XSA-61: CVE-2013-4329: The xenlight library (libxl)
   in Xen 4.0.x through 4.2.x, when IOMMU is disabled,
   provides access to a busmastering-capable PCI passthrough
   device before the IOMMU setup is complete, which allows
   local HVM guest domains to gain privileges or cause a
   denial of service via a DMA instruction. (bnc#839618)

   *

   XSA-60: CVE-2013-2212: The vmx_set_uc_mode function
   in Xen 3.3 through 4.3, when disabling chaches, allows
   local HVM guests with access to memory mapped I/O regions
   to cause a denial of service (CPU consumption and possibly
   hypervisor or guest kernel panic) via a crafted GFN range.
   (bnc#831120)

   *

   XSA-58: CVE-2013-1918: Certain page table
   manipulation operations in Xen 4.1.x, 4.2.x, and earlier
   are not preemptible, which allows local PV kernels to cause
   a denial of service via vectors related to "deep page table
   traversal." (bnc#826882)

   *

   XSA-58: CVE-2013-1432: Xen 4.1.x and 4.2.x, when the
   XSA-45 patch is in place, does not properly maintain
   references on pages stored for deferred cleanup, which
   allows local PV guest kernels to cause a denial of service
   (premature page free and hypervisor crash) or possible gain
   privileges via unspecified vectors. (bnc#826882)

   *

   XSA-57: CVE-2013-2211: The libxenlight (libxl)
   toolstack library in Xen 4.0.x, 4.1.x, and 4.2.x uses weak
   permissions for xenstore keys for paravirtualised and
   emulated serial console devices, which allows local guest
   administrators to modify the xenstore value via unspecified
   vectors. (bnc#823608)

   *

   XSA-56: CVE-2013-2072: Buffer overflow in the Python
   bindings for the xc_vcpu_setaffinity call in Xen 4.0.x,
   4.1.x, and 4.2.x allows local administrators with
   permissions to configure VCPU affinity to cause a denial of
   service (memory corruption and xend toolstack crash) and
   possibly gain privileges via a crafted cpumap. (bnc#819416)

   *

   XSA-55: CVE-2013-2196: Multiple unspecified
   vulnerabilities in the Elf parser (libelf) in Xen 4.2.x and
   earlier allow local guest administrators with certain
   permissions to have an unspecified impact via a crafted
   kernel, related to "other problems" that are not
   CVE-2013-2194 or CVE-2013-2195. (bnc#823011)

   *

   XSA-55: CVE-2013-2195: The Elf parser (libelf) in Xen
   4.2.x and earlier allow local guest administrators with
   certain permissions to have an unspecified impact via a
   crafted kernel, related to "pointer dereferences" involving
   unexpected calculations. (bnc#823011)

   *

   XSA-55: CVE-2013-2194: Multiple integer overflows in
   the Elf parser (libelf) in Xen 4.2.x and earlier allow
   local guest administrators with certain permissions to have
   an unspecified impact via a crafted kernel. (bnc#823011)

   *

   XSA-53: CVE-2013-2077: Xen 4.0.x, 4.1.x, and 4.2.x
   does not properly restrict the contents of a XRSTOR, which
   allows local PV guest users to cause a denial of service
   (unhandled exception and hypervisor crash) via unspecified
   vectors. (bnc#820919)

   *

   XSA-52: CVE-2013-2076: Xen 4.0.x, 4.1.x, and 4.2.x,
   when running on AMD64 processors, only save/restore the
   FOP, FIP, and FDP x87 registers in FXSAVE/FXRSTOR when an
   exception is pending, which allows one domain to determine
   portions of the state of floating point instructions of
   other domains, which can be leveraged to obtain sensitive
   information such as cryptographic keys, a similar
   vulnerability to CVE-2006-1056. NOTE: this is the
   documented behavior of AMD64 processors, but it is
   inconsistent with Intel processors in a security-relevant
   fashion that was not addressed by the kernels. (bnc#820917)

   *

   XSA-50: CVE-2013-1964: Xen 4.0.x and 4.1.x
   incorrectly releases a grant reference when releasing a
   non-v1, non-transitive grant, which allows local guest
   administrators to cause a denial of service (host crash),
   obtain sensitive information, or possible have other
   impacts via unspecified vectors. (bnc#816156)

   *

   XSA-49: CVE-2013-1952: Xen 4.x, when using Intel VT-d
   for a bus mastering capable PCI device, does not properly
   check the source when accessing a bridge device's interrupt
   remapping table entries for MSI interrupts, which allows
   local guest domains to cause a denial of service (interrupt
   injection) via unspecified vectors. (bnc#816163)

   *

   XSA-47: CVE-2013-1920: Xen 4.2.x, 4.1.x, and earlier,
   when the hypervisor is running "under memory pressure" and
   the Xen Security Module (XSM) is enabled, uses the wrong
   ordering of operations when extending the per-domain event
   channel tracking table, which causes a use-after-free and
   allows local guest kernels to inject arbitrary events and
   gain privileges via unspecified vectors. (bnc#813677)

   *

   XSA-46: CVE-2013-1919: Xen 4.2.x and 4.1.x does not
   properly restrict access to IRQs, which allows local stub
   domain clients to gain access to IRQs and cause a denial of
   service via vectors related to "passed-through IRQs or PCI
   devices." (bnc#813675)

   *

   XSA-45: CVE-2013-1918: Certain page table
   manipulation operations in Xen 4.1.x, 4.2.x, and earlier
   are not preemptible, which allows local PV kernels to cause
   a denial of service via vectors related to "deep page table
   traversal." (bnc#816159)

   *

   XSA-44: CVE-2013-1917: Xen 3.1 through 4.x, when
   running 64-bit hosts on Intel CPUs, does not clear the NT
   flag when using an IRET after a SYSENTER instruction, which
   allows PV guest users to cause a denial of service
   (hypervisor crash) by triggering a #GP fault, which is not
   properly handled by another IRET instruction. (bnc#813673)

   *

   XSA-41: CVE-2012-6075: Buffer overflow in the
   e1000_receive function in the e1000 device driver
   (hw/e1000.c) in QEMU 1.3.0-rc2 and other versions, when the
   SBP and LPE flags are disabled, allows remote attackers to
   cause a denial of service (guest OS crash) and possibly
   execute arbitrary guest code via a large packet.
   (bnc#797523)

   *

   XSA-37: CVE-2013-0154: The get_page_type function in
   xen/arch/x86/mm.c in Xen 4.2, when debugging is enabled,
   allows local PV or HVM guest administrators to cause a
   denial of service (assertion failure and hypervisor crash)
   via unspecified vectors related to a hypercall. (bnc#797031)

   *

   XSA-36: CVE-2013-0153: The AMD IOMMU support in Xen
   4.2.x, 4.1.x, 3.3, and other versions, when using AMD-Vi
   for PCI passthrough, uses the same interrupt remapping
   table for the host and all guests, which allows guests to
   cause a denial of service by injecting an interrupt into
   other guests. (bnc#800275)

   *

   XSA-33: CVE-2012-5634: Xen 4.2.x, 4.1.x, and 4.0,
   when using Intel VT-d for PCI passthrough, does not
   properly configure VT-d when supporting a device that is
   behind a legacy PCI Bridge, which allows local guests to
   cause a denial of service to other guests by injecting an
   interrupt. (bnc#794316)

   *

   XSA-31: CVE-2012-5515: The (1)
   XENMEM_decrease_reservation, (2) XENMEM_populate_physmap,
   and (3) XENMEM_exchange hypercalls in Xen 4.2 and earlier
   allow local guest administrators to cause a denial of
   service (long loop and hang) via a crafted extent_order
   value. (bnc#789950)

   *

   XSA-30: CVE-2012-5514: The
   guest_physmap_mark_populate_on_demand function in Xen 4.2
   and earlier does not properly unlock the subject GFNs when
   checking if they are in use, which allows local guest HVM
   administrators to cause a denial of service (hang) via
   unspecified vectors. (bnc#789948)

   *

   XSA-29: CVE-2012-5513: The XENMEM_exchange handler in
   Xen 4.2 and earlier does not properly check the memory
   address, which allows local PV guest OS administrators to
   cause a denial of service (crash) or possibly gain
   privileges via unspecified vectors that overwrite memory in
   the hypervisor reserved range. (bnc#789951)

   *

   XSA-27: CVE-2012-6333: Multiple HVM control
   operations in Xen 3.4 through 4.2 allow local HVM guest OS
   administrators to cause a denial of service (physical CPU
   consumption) via a large input. (bnc#789944)

   *

   XSA-27: CVE-2012-5511: Stack-based buffer overflow in
   the dirty video RAM tracking functionality in Xen 3.4
   through 4.1 allows local HVM guest OS administrators to
   cause a denial of service (crash) via a large bitmap image.
   (bnc#789944)

   *

   XSA-26: CVE-2012-5510: Xen 4.x, when downgrading the
   grant table version, does not properly remove the status
   page from the tracking list when freeing the page, which
   allows local guest OS administrators to cause a denial of
   service (hypervisor crash) via unspecified vectors.
   (bnc#789945)

   *

   XSA-25: CVE-2012-4544: The PV domain builder in Xen
   4.2 and earlier does not validate the size of the kernel or
   ramdisk (1) before or (2) after decompression, which allows
   local guest administrators to cause a denial of service
   (domain 0 memory consumption) via a crafted (a) kernel or
   (b) ramdisk. (bnc#787163)

   *

   XSA-24: CVE-2012-4539: Xen 4.0 through 4.2, when
   running 32-bit x86 PV guests on 64-bit hypervisors, allows
   local guest OS administrators to cause a denial of service
   (infinite loop and hang or crash) via invalid arguments to
   GNTTABOP_get_status_frames, aka "Grant table hypercall
   infinite loop DoS vulnerability." (bnc#786520)

   *

   XSA-23: CVE-2012-4538: The HVMOP_pagetable_dying
   hypercall in Xen 4.0, 4.1, and 4.2 does not properly check
   the pagetable state when running on shadow pagetables,
   which allows a local HVM guest OS to cause a denial of
   service (hypervisor crash) via unspecified vectors.
   (bnc#786519)

   *

   XSA-22: CVE-2012-4537: Xen 3.4 through 4.2, and
   possibly earlier versions, does not properly synchronize
   the p2m and m2p tables when the set_p2m_entry function
   fails, which allows local HVM guest OS administrators to
   cause a denial of service (memory consumption and assertion
   failure), aka "Memory mapping failure DoS vulnerability."
   (bnc#786517)

   *

   XSA-20: CVE-2012-4535: Xen 3.4 through 4.2, and
   possibly earlier versions, allows local guest OS
   administrators to cause a denial of service (Xen infinite
   loop and physical CPU consumption) by setting a VCPU with
   an "inappropriate deadline." (bnc#786516)

   *

   XSA-19: CVE-2012-4411: The graphical console in Xen
   4.0, 4.1 and 4.2 allows local OS guest administrators to
   obtain sensitive host resource information via the qemu
   monitor. NOTE: this might be a duplicate of CVE-2007-0998.
   (bnc#779212)

   *

   XSA-15: CVE-2012-3497: (1)
   TMEMC_SAVE_GET_CLIENT_WEIGHT, (2)
   TMEMC_SAVE_GET_CLIENT_CAP, (3) TMEMC_SAVE_GET_CLIENT_FLAGS
   and (4) TMEMC_SAVE_END in the Transcendent Memory (TMEM) in
   Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a
   denial of service (NULL pointer dereference or memory
   corruption and host crash) or possibly have other
   unspecified impacts via a NULL client id. (bnc#777890)

   Also the following non-security bugs have been fixed:

   * xen hot plug attach/detach fails modified
   blktap-pv-cdrom.patch. (bnc#805094)
   * guest "disappears" after live migration Updated
   block-dmmd script. (bnc#777628)

   Security Issues references:

   * CVE-2006-1056
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1056
   >
   * CVE-2007-0998
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0998
   >
   * CVE-2012-3497
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3497
   >
   * CVE-2012-4411
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4411
   >
   * CVE-2012-4535
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4535
   >
   * CVE-2012-4537
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4537
   >
   * CVE-2012-4538
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4538
   >
   * CVE-2012-4539
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4539
   >
   * CVE-2012-4544
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4544
   >
   * CVE-2012-5510
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5510
   >
   * CVE-2012-5511
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5511
   >
   * CVE-2012-5513
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5513
   >
   * CVE-2012-5514
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5514
   >
   * CVE-2012-5515
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5515
   >
   * CVE-2012-5634
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5634
   >
   * CVE-2012-6075
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6075
   >
   * CVE-2012-6333
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6333
   >
   * CVE-2013-0153
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0153
   >
   * CVE-2013-0154
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0154
   >
   * CVE-2013-1432
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1432
   >
   * CVE-2013-1442
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1442
   >
   * CVE-2013-1917
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1917
   >
   * CVE-2013-1918
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1918
   >
   * CVE-2013-1919
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1919
   >
   * CVE-2013-1920
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1920
   >
   * CVE-2013-1952
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1952
   >
   * CVE-2013-1964
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1964
   >
   * CVE-2013-2072
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2072
   >
   * CVE-2013-2076
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2076
   >
   * CVE-2013-2077
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2077
   >
   * CVE-2013-2194
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2194
   >
   * CVE-2013-2195
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2195
   >
   * CVE-2013-2196
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2196
   >
   * CVE-2013-2211
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2211
   >
   * CVE-2013-2212
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2212
   >
   * CVE-2013-4329
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4329
   >
   * CVE-2013-4355
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4355
   >
   * CVE-2013-4361
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4361
   >
   * CVE-2013-4368
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4368
   >
   * CVE-2013-4494
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4494
   >
   * CVE-2013-4553
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4553
   >
   * CVE-2013-4554
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4554
   >
   * CVE-2013-6885
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6885
   >
   * CVE-2014-1891
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1891
   >
   * CVE-2014-1892
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1892
   >
   * CVE-2014-1893
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1893
   >
   * CVE-2014-1894
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1894
   >

Indications:

   Everyone using the Xen hypervisor should update.

Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server 11 SP1 LTSS:

      zypper in -t patch slessp1-xen-201402-8963

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 x86_64):

      xen-4.0.3_21548_16-0.5.1
      xen-doc-html-4.0.3_21548_16-0.5.1
      xen-doc-pdf-4.0.3_21548_16-0.5.1
      xen-kmp-default-4.0.3_21548_16_2.6.32.59_0.9-0.5.1
      xen-kmp-trace-4.0.3_21548_16_2.6.32.59_0.9-0.5.1
      xen-libs-4.0.3_21548_16-0.5.1
      xen-tools-4.0.3_21548_16-0.5.1
      xen-tools-domU-4.0.3_21548_16-0.5.1

   - SUSE Linux Enterprise Server 11 SP1 LTSS (i586):

      xen-kmp-pae-4.0.3_21548_16_2.6.32.59_0.9-0.5.1


References:

   http://support.novell.com/security/cve/CVE-2006-1056.html
   http://support.novell.com/security/cve/CVE-2007-0998.html
   http://support.novell.com/security/cve/CVE-2012-3497.html
   http://support.novell.com/security/cve/CVE-2012-4411.html
   http://support.novell.com/security/cve/CVE-2012-4535.html
   http://support.novell.com/security/cve/CVE-2012-4537.html
   http://support.novell.com/security/cve/CVE-2012-4538.html
   http://support.novell.com/security/cve/CVE-2012-4539.html
   http://support.novell.com/security/cve/CVE-2012-4544.html
   http://support.novell.com/security/cve/CVE-2012-5510.html
   http://support.novell.com/security/cve/CVE-2012-5511.html
   http://support.novell.com/security/cve/CVE-2012-5513.html
   http://support.novell.com/security/cve/CVE-2012-5514.html
   http://support.novell.com/security/cve/CVE-2012-5515.html
   http://support.novell.com/security/cve/CVE-2012-5634.html
   http://support.novell.com/security/cve/CVE-2012-6075.html
   http://support.novell.com/security/cve/CVE-2012-6333.html
   http://support.novell.com/security/cve/CVE-2013-0153.html
   http://support.novell.com/security/cve/CVE-2013-0154.html
   http://support.novell.com/security/cve/CVE-2013-1432.html
   http://support.novell.com/security/cve/CVE-2013-1442.html
   http://support.novell.com/security/cve/CVE-2013-1917.html
   http://support.novell.com/security/cve/CVE-2013-1918.html
   http://support.novell.com/security/cve/CVE-2013-1919.html
   http://support.novell.com/security/cve/CVE-2013-1920.html
   http://support.novell.com/security/cve/CVE-2013-1952.html
   http://support.novell.com/security/cve/CVE-2013-1964.html
   http://support.novell.com/security/cve/CVE-2013-2072.html
   http://support.novell.com/security/cve/CVE-2013-2076.html
   http://support.novell.com/security/cve/CVE-2013-2077.html
   http://support.novell.com/security/cve/CVE-2013-2194.html
   http://support.novell.com/security/cve/CVE-2013-2195.html
   http://support.novell.com/security/cve/CVE-2013-2196.html
   http://support.novell.com/security/cve/CVE-2013-2211.html
   http://support.novell.com/security/cve/CVE-2013-2212.html
   http://support.novell.com/security/cve/CVE-2013-4329.html
   http://support.novell.com/security/cve/CVE-2013-4355.html
   http://support.novell.com/security/cve/CVE-2013-4361.html
   http://support.novell.com/security/cve/CVE-2013-4368.html
   http://support.novell.com/security/cve/CVE-2013-4494.html
   http://support.novell.com/security/cve/CVE-2013-4553.html
   http://support.novell.com/security/cve/CVE-2013-4554.html
   http://support.novell.com/security/cve/CVE-2013-6885.html
   http://support.novell.com/security/cve/CVE-2014-1891.html
   http://support.novell.com/security/cve/CVE-2014-1892.html
   http://support.novell.com/security/cve/CVE-2014-1893.html
   http://support.novell.com/security/cve/CVE-2014-1894.html
   https://bugzilla.novell.com/777628
   https://bugzilla.novell.com/777890
   https://bugzilla.novell.com/779212
   https://bugzilla.novell.com/786516
   https://bugzilla.novell.com/786517
   https://bugzilla.novell.com/786519
   https://bugzilla.novell.com/786520
   https://bugzilla.novell.com/787163
   https://bugzilla.novell.com/789944
   https://bugzilla.novell.com/789945
   https://bugzilla.novell.com/789948
   https://bugzilla.novell.com/789950
   https://bugzilla.novell.com/789951
   https://bugzilla.novell.com/794316
   https://bugzilla.novell.com/797031
   https://bugzilla.novell.com/797523
   https://bugzilla.novell.com/800275
   https://bugzilla.novell.com/805094
   https://bugzilla.novell.com/813673
   https://bugzilla.novell.com/813675
   https://bugzilla.novell.com/813677
   https://bugzilla.novell.com/816156
   https://bugzilla.novell.com/816159
   https://bugzilla.novell.com/816163
   https://bugzilla.novell.com/819416
   https://bugzilla.novell.com/820917
   https://bugzilla.novell.com/820919
   https://bugzilla.novell.com/823011
   https://bugzilla.novell.com/823608
   https://bugzilla.novell.com/826882
   https://bugzilla.novell.com/831120
   https://bugzilla.novell.com/839596
   https://bugzilla.novell.com/839618
   https://bugzilla.novell.com/840592
   https://bugzilla.novell.com/841766
   https://bugzilla.novell.com/842511
   https://bugzilla.novell.com/848657
   https://bugzilla.novell.com/849667
   https://bugzilla.novell.com/849668
   https://bugzilla.novell.com/853049
   https://bugzilla.novell.com/860163
   http://download.suse.com/patch/finder/?keywords=d46197780129fa94fee1eb1708143171



More information about the sle-security-updates mailing list