SUSE-SU-2014:1318-1: moderate: Security update for Xen
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Wed Oct 22 17:04:51 MDT 2014
SUSE Security Update: Security update for Xen
______________________________________________________________________________
Announcement ID: SUSE-SU-2014:1318-1
Rating: moderate
References: #798770 #833483 #842006 #858178 #862608 #864801
#865682 #867910 #878841 #880751 #881900 #882092
#891539 #895798 #895799 #895802 #897657
Cross-References: CVE-2013-4344 CVE-2013-4540 CVE-2014-2599
CVE-2014-3967 CVE-2014-3968 CVE-2014-4021
CVE-2014-7154 CVE-2014-7155 CVE-2014-7156
CVE-2014-7188
Affected Products:
SUSE Linux Enterprise Software Development Kit 11 SP3
SUSE Linux Enterprise Server 11 SP3
SUSE Linux Enterprise Desktop 11 SP3
______________________________________________________________________________
An update that solves 10 vulnerabilities and has 7 fixes is
now available.
Description:
The SUSE Linux Enterprise 11 Service Pack 3 Xen package was updated to fix
various bugs and security issues.
The following security issues have been fixed:
* XSA-108: CVE-2014-7188: Improper MSR range used for x2APIC emulation
(bnc#897657)
* XSA-106: CVE-2014-7156: Missing privilege level checks in x86
emulation of software interrupts (bnc#895802)
* XSA-105: CVE-2014-7155: Missing privilege level checks in x86 HLT,
LGDT, LIDT, and LMSW emulation (bnc#895799)
* XSA-104: CVE-2014-7154: Race condition in HVMOP_track_dirty_vram
(bnc#895798)
* XSA-100: CVE-2014-4021: Hypervisor heap contents leaked to guests
(bnc#880751)
* XSA-96: CVE-2014-3967, CVE-2014-3968: Vulnerabilities in HVM MSI
injection (bnc#878841)
* XSA-89: CVE-2014-2599: HVMOP_set_mem_access is not preemptible
(bnc#867910)
* XSA-65: CVE-2013-4344: qemu SCSI REPORT LUNS buffer overflow
(bnc#842006)
* CVE-2013-4540: qemu: zaurus: buffer overrun on invalid state load
(bnc#864801)
The following non-security issues have been fixed:
* xend: Fix netif convertToDeviceNumber for running domains
(bnc#891539)
* Installing SLES12 as a VM on SLES11 SP3 fails because of btrfs in
the VM (bnc#882092)
* XEN kernel panic do_device_not_available() (bnc#881900)
* Boot Failure with xen kernel in UEFI mode with error "No memory for
trampoline" (bnc#833483)
* SLES 11 SP3 vm-install should get RHEL 7 support when released
(bnc#862608)
* SLES 11 SP3 XEN kiso version cause softlockup on 8 blades npar(480
cpu) (bnc#858178)
* Local attach support for PHY backends using scripts
local_attach_support_for_phy.patch (bnc#865682)
* Improve multipath support for npiv devices block-npiv (bnc#798770)
Security Issues:
* CVE-2013-4344
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4344>
* CVE-2013-4540
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4540>
* CVE-2014-2599
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2599>
* CVE-2014-3967
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3967>
* CVE-2014-3968
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3968>
* CVE-2014-4021
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4021>
* CVE-2014-7154
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7154>
* CVE-2014-7155
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7155>
* CVE-2014-7156
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7156>
* CVE-2014-7188
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7188>
Indications:
Everyone using the Xen hypervisor should update.
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 11 SP3:
zypper in -t patch sdksp3-xen-201409-9828
- SUSE Linux Enterprise Server 11 SP3:
zypper in -t patch slessp3-xen-201409-9828
- SUSE Linux Enterprise Desktop 11 SP3:
zypper in -t patch sledsp3-xen-201409-9828
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 x86_64):
xen-devel-4.2.4_04-0.9.1
- SUSE Linux Enterprise Server 11 SP3 (i586 x86_64):
xen-kmp-default-4.2.4_04_3.0.101_0.40-0.9.1
xen-libs-4.2.4_04-0.9.1
xen-tools-domU-4.2.4_04-0.9.1
- SUSE Linux Enterprise Server 11 SP3 (x86_64):
xen-4.2.4_04-0.9.1
xen-doc-html-4.2.4_04-0.9.1
xen-doc-pdf-4.2.4_04-0.9.1
xen-libs-32bit-4.2.4_04-0.9.1
xen-tools-4.2.4_04-0.9.1
- SUSE Linux Enterprise Server 11 SP3 (i586):
xen-kmp-pae-4.2.4_04_3.0.101_0.40-0.9.1
- SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64):
xen-kmp-default-4.2.4_04_3.0.101_0.40-0.9.1
xen-libs-4.2.4_04-0.9.1
xen-tools-domU-4.2.4_04-0.9.1
- SUSE Linux Enterprise Desktop 11 SP3 (x86_64):
xen-4.2.4_04-0.9.1
xen-doc-html-4.2.4_04-0.9.1
xen-doc-pdf-4.2.4_04-0.9.1
xen-libs-32bit-4.2.4_04-0.9.1
xen-tools-4.2.4_04-0.9.1
- SUSE Linux Enterprise Desktop 11 SP3 (i586):
xen-kmp-pae-4.2.4_04_3.0.101_0.40-0.9.1
References:
http://support.novell.com/security/cve/CVE-2013-4344.html
http://support.novell.com/security/cve/CVE-2013-4540.html
http://support.novell.com/security/cve/CVE-2014-2599.html
http://support.novell.com/security/cve/CVE-2014-3967.html
http://support.novell.com/security/cve/CVE-2014-3968.html
http://support.novell.com/security/cve/CVE-2014-4021.html
http://support.novell.com/security/cve/CVE-2014-7154.html
http://support.novell.com/security/cve/CVE-2014-7155.html
http://support.novell.com/security/cve/CVE-2014-7156.html
http://support.novell.com/security/cve/CVE-2014-7188.html
https://bugzilla.suse.com/show_bug.cgi?id=798770
https://bugzilla.suse.com/show_bug.cgi?id=833483
https://bugzilla.suse.com/show_bug.cgi?id=842006
https://bugzilla.suse.com/show_bug.cgi?id=858178
https://bugzilla.suse.com/show_bug.cgi?id=862608
https://bugzilla.suse.com/show_bug.cgi?id=864801
https://bugzilla.suse.com/show_bug.cgi?id=865682
https://bugzilla.suse.com/show_bug.cgi?id=867910
https://bugzilla.suse.com/show_bug.cgi?id=878841
https://bugzilla.suse.com/show_bug.cgi?id=880751
https://bugzilla.suse.com/show_bug.cgi?id=881900
https://bugzilla.suse.com/show_bug.cgi?id=882092
https://bugzilla.suse.com/show_bug.cgi?id=891539
https://bugzilla.suse.com/show_bug.cgi?id=895798
https://bugzilla.suse.com/show_bug.cgi?id=895799
https://bugzilla.suse.com/show_bug.cgi?id=895802
https://bugzilla.suse.com/show_bug.cgi?id=897657
http://download.suse.com/patch/finder/?keywords=04044470a0f95da5c719e02715587524
More information about the sle-security-updates
mailing list