SUSE-SU-2014:1318-1: moderate: Security update for Xen

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Wed Oct 22 17:04:51 MDT 2014


   SUSE Security Update: Security update for Xen
______________________________________________________________________________

Announcement ID:    SUSE-SU-2014:1318-1
Rating:             moderate
References:         #798770 #833483 #842006 #858178 #862608 #864801 
                    #865682 #867910 #878841 #880751 #881900 #882092 
                    #891539 #895798 #895799 #895802 #897657 
Cross-References:   CVE-2013-4344 CVE-2013-4540 CVE-2014-2599
                    CVE-2014-3967 CVE-2014-3968 CVE-2014-4021
                    CVE-2014-7154 CVE-2014-7155 CVE-2014-7156
                    CVE-2014-7188
Affected Products:
                    SUSE Linux Enterprise Software Development Kit 11 SP3
                    SUSE Linux Enterprise Server 11 SP3
                    SUSE Linux Enterprise Desktop 11 SP3
______________________________________________________________________________

   An update that solves 10 vulnerabilities and has 7 fixes is
   now available.

Description:


   The SUSE Linux Enterprise 11 Service Pack 3 Xen package was updated to fix
   various bugs and security issues.

   The following security issues have been fixed:

       * XSA-108: CVE-2014-7188: Improper MSR range used for x2APIC emulation
         (bnc#897657)
       * XSA-106: CVE-2014-7156: Missing privilege level checks in x86
         emulation of software interrupts (bnc#895802)
       * XSA-105: CVE-2014-7155: Missing privilege level checks in x86 HLT,
         LGDT, LIDT, and LMSW emulation (bnc#895799)
       * XSA-104: CVE-2014-7154: Race condition in HVMOP_track_dirty_vram
         (bnc#895798)
       * XSA-100: CVE-2014-4021: Hypervisor heap contents leaked to guests
         (bnc#880751)
       * XSA-96: CVE-2014-3967, CVE-2014-3968: Vulnerabilities in HVM MSI
         injection (bnc#878841)
       * XSA-89: CVE-2014-2599: HVMOP_set_mem_access is not preemptible
         (bnc#867910)
       * XSA-65: CVE-2013-4344: qemu SCSI REPORT LUNS buffer overflow
         (bnc#842006)
       * CVE-2013-4540: qemu: zaurus: buffer overrun on invalid state load
         (bnc#864801)

   The following non-security issues have been fixed:

       * xend: Fix netif convertToDeviceNumber for running domains
         (bnc#891539)
       * Installing SLES12 as a VM on SLES11 SP3 fails because of btrfs in
         the VM (bnc#882092)
       * XEN kernel panic do_device_not_available() (bnc#881900)
       * Boot Failure with xen kernel in UEFI mode with error "No memory for
         trampoline" (bnc#833483)
       * SLES 11 SP3 vm-install should get RHEL 7 support when released
         (bnc#862608)
       * SLES 11 SP3 XEN kiso version cause softlockup on 8 blades npar(480
         cpu) (bnc#858178)
       * Local attach support for PHY backends using scripts
         local_attach_support_for_phy.patch (bnc#865682)
       * Improve multipath support for npiv devices block-npiv (bnc#798770)

   Security Issues:

       * CVE-2013-4344
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4344>
       * CVE-2013-4540
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4540>
       * CVE-2014-2599
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2599>
       * CVE-2014-3967
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3967>
       * CVE-2014-3968
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3968>
       * CVE-2014-4021
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4021>
       * CVE-2014-7154
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7154>
       * CVE-2014-7155
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7155>
       * CVE-2014-7156
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7156>
       * CVE-2014-7188
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7188>

Indications:

   Everyone using the Xen hypervisor should update.

Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Software Development Kit 11 SP3:

      zypper in -t patch sdksp3-xen-201409-9828

   - SUSE Linux Enterprise Server 11 SP3:

      zypper in -t patch slessp3-xen-201409-9828

   - SUSE Linux Enterprise Desktop 11 SP3:

      zypper in -t patch sledsp3-xen-201409-9828

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 x86_64):

      xen-devel-4.2.4_04-0.9.1

   - SUSE Linux Enterprise Server 11 SP3 (i586 x86_64):

      xen-kmp-default-4.2.4_04_3.0.101_0.40-0.9.1
      xen-libs-4.2.4_04-0.9.1
      xen-tools-domU-4.2.4_04-0.9.1

   - SUSE Linux Enterprise Server 11 SP3 (x86_64):

      xen-4.2.4_04-0.9.1
      xen-doc-html-4.2.4_04-0.9.1
      xen-doc-pdf-4.2.4_04-0.9.1
      xen-libs-32bit-4.2.4_04-0.9.1
      xen-tools-4.2.4_04-0.9.1

   - SUSE Linux Enterprise Server 11 SP3 (i586):

      xen-kmp-pae-4.2.4_04_3.0.101_0.40-0.9.1

   - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64):

      xen-kmp-default-4.2.4_04_3.0.101_0.40-0.9.1
      xen-libs-4.2.4_04-0.9.1
      xen-tools-domU-4.2.4_04-0.9.1

   - SUSE Linux Enterprise Desktop 11 SP3 (x86_64):

      xen-4.2.4_04-0.9.1
      xen-doc-html-4.2.4_04-0.9.1
      xen-doc-pdf-4.2.4_04-0.9.1
      xen-libs-32bit-4.2.4_04-0.9.1
      xen-tools-4.2.4_04-0.9.1

   - SUSE Linux Enterprise Desktop 11 SP3 (i586):

      xen-kmp-pae-4.2.4_04_3.0.101_0.40-0.9.1


References:

   http://support.novell.com/security/cve/CVE-2013-4344.html
   http://support.novell.com/security/cve/CVE-2013-4540.html
   http://support.novell.com/security/cve/CVE-2014-2599.html
   http://support.novell.com/security/cve/CVE-2014-3967.html
   http://support.novell.com/security/cve/CVE-2014-3968.html
   http://support.novell.com/security/cve/CVE-2014-4021.html
   http://support.novell.com/security/cve/CVE-2014-7154.html
   http://support.novell.com/security/cve/CVE-2014-7155.html
   http://support.novell.com/security/cve/CVE-2014-7156.html
   http://support.novell.com/security/cve/CVE-2014-7188.html
   https://bugzilla.suse.com/show_bug.cgi?id=798770
   https://bugzilla.suse.com/show_bug.cgi?id=833483
   https://bugzilla.suse.com/show_bug.cgi?id=842006
   https://bugzilla.suse.com/show_bug.cgi?id=858178
   https://bugzilla.suse.com/show_bug.cgi?id=862608
   https://bugzilla.suse.com/show_bug.cgi?id=864801
   https://bugzilla.suse.com/show_bug.cgi?id=865682
   https://bugzilla.suse.com/show_bug.cgi?id=867910
   https://bugzilla.suse.com/show_bug.cgi?id=878841
   https://bugzilla.suse.com/show_bug.cgi?id=880751
   https://bugzilla.suse.com/show_bug.cgi?id=881900
   https://bugzilla.suse.com/show_bug.cgi?id=882092
   https://bugzilla.suse.com/show_bug.cgi?id=891539
   https://bugzilla.suse.com/show_bug.cgi?id=895798
   https://bugzilla.suse.com/show_bug.cgi?id=895799
   https://bugzilla.suse.com/show_bug.cgi?id=895802
   https://bugzilla.suse.com/show_bug.cgi?id=897657
   http://download.suse.com/patch/finder/?keywords=04044470a0f95da5c719e02715587524



More information about the sle-security-updates mailing list