SUSE Security Update: Security update for Xen
______________________________________________________________________________

Announcement ID:    SUSE-SU-2014:0411-1
Rating:             important
References:         #787163 #813673 #813677 #823011 #840592 #842511 
                    #848657 #849668 #853049 
Cross-References:   CVE-2012-4544 CVE-2013-1917 CVE-2013-1920
                    CVE-2013-2194 CVE-2013-2195 CVE-2013-2196
                    CVE-2013-4355 CVE-2013-4368 CVE-2013-4494
                    CVE-2013-4554 CVE-2013-6885
Affected Products:
                    SUSE Linux Enterprise Server 10 SP4 LTSS
______________________________________________________________________________

   An update that fixes 11 vulnerabilities is now available.

Description:


   The SUSE Linux Enterprise Server 10 Service Pack 4 LTSS Xen
   hypervisor and  toolset have been updated to fix various
   security issues.

   The following security issues have been addressed:

   * XSA-82: CVE-2013-6885: The microcode on AMD 16h 00h
   through 0Fh processors does not properly handle the
   interaction between locked instructions and write-combined
   memory types, which allows local users to cause a denial of
   service (system hang) via a crafted application, aka the
   errata 793 issue. (bnc#853049)
   * XSA-76: CVE-2013-4554: Xen 3.0.3 through 4.1.x
   (possibly 4.1.6.1), 4.2.x (possibly 4.2.3), and 4.3.x
   (possibly 4.3.1) does not properly prevent access to
   hypercalls, which allows local guest users to gain
   privileges via a crafted application running in ring 1 or
   2. (bnc#849668)
   * XSA-73: CVE-2013-4494: Xen before 4.1.x, 4.2.x, and
   4.3.x does not take the page_alloc_lock and
   grant_table.lock in the same order, which allows local
   guest administrators with access to multiple vcpus to cause
   a denial of service (host deadlock) via unspecified
   vectors. (bnc#848657)
   * XSA-67: CVE-2013-4368: The outs instruction emulation
   in Xen 3.1.x, 4.2.x, 4.3.x, and earlier, when using FS: or
   GS: segment override, uses an uninitialized variable as a
   segment base, which allows local 64-bit PV guests to obtain
   sensitive information (hypervisor stack content) via
   unspecified vectors related to stale data in a segment
   register. (bnc#842511)
   * XSA-63: CVE-2013-4355: Xen 4.3.x and earlier does not
   properly handle certain errors, which allows local HVM
   guests to obtain hypervisor stack memory via a (1) port or
   (2) memory mapped I/O write or (3) other unspecified
   operations related to addresses without associated memory.
   (bnc#840592)
   * XSA-55: CVE-2013-2196: Multiple unspecified
   vulnerabilities in the Elf parser (libelf) in Xen 4.2.x and
   earlier allow local guest administrators with certain
   permissions to have an unspecified impact via a crafted
   kernel, related to "other problems" that are not
   CVE-2013-2194 or CVE-2013-2195. (bnc#823011)
   * XSA-55: CVE-2013-2195: The Elf parser (libelf) in Xen
   4.2.x and earlier allow local guest administrators with
   certain permissions to have an unspecified impact via a
   crafted kernel, related to "pointer dereferences" involving
   unexpected calculations. (bnc#823011)
   * XSA-55: CVE-2013-2194: Multiple integer overflows in
   the Elf parser (libelf) in Xen 4.2.x and earlier allow
   local guest administrators with certain permissions to have
   an unspecified impact via a crafted kernel. (bnc#823011)
   * XSA-47: CVE-2013-1920: Xen 4.2.x, 4.1.x, and earlier,
   when the hypervisor is running "under memory pressure" and
   the Xen Security Module (XSM) is enabled, uses the wrong
   ordering of operations when extending the per-domain event
   channel tracking table, which causes a use-after-free and
   allows local guest kernels to inject arbitrary events and
   gain privileges via unspecified vectors. (bnc#813677)
   * XSA-44: CVE-2013-1917: Xen 3.1 through 4.x, when
   running 64-bit hosts on Intel CPUs, does not clear the NT
   flag when using an IRET after a SYSENTER instruction, which
   allows PV guest users to cause a denial of service
   (hypervisor crash) by triggering a #GP fault, which is not
   properly handled by another IRET instruction. (bnc#813673)
   * XSA-25: CVE-2012-4544: The PV domain builder in Xen
   4.2 and earlier does not validate the size of the kernel or
   ramdisk (1) before or (2) after decompression, which allows
   local guest administrators to cause a denial of service
   (domain 0 memory consumption) via a crafted (a) kernel or
   (b) ramdisk. (bnc#787163)

   Security Issue references:

   * CVE-2012-4544
   
   * CVE-2013-1917
   
   * CVE-2013-1920
   
   * CVE-2013-2194
   
   * CVE-2013-2195
   
   * CVE-2013-2196
   
   * CVE-2013-4355
   
   * CVE-2013-4368
   
   * CVE-2013-4494
   
   * CVE-2013-4554
   
   * CVE-2013-6885
   

Indications:

   Everyone using the Xen hypervisor should update.

Special Instructions and Notes:

   Please reboot the system after installing this update.


Package List:

   - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 x86_64):

      xen-3.2.3_17040_46-0.7.1
      xen-devel-3.2.3_17040_46-0.7.1
      xen-doc-html-3.2.3_17040_46-0.7.1
      xen-doc-pdf-3.2.3_17040_46-0.7.1
      xen-doc-ps-3.2.3_17040_46-0.7.1
      xen-kmp-debug-3.2.3_17040_46_2.6.16.60_0.103.13-0.7.1
      xen-kmp-default-3.2.3_17040_46_2.6.16.60_0.103.13-0.7.1
      xen-kmp-kdump-3.2.3_17040_46_2.6.16.60_0.103.13-0.7.1
      xen-kmp-smp-3.2.3_17040_46_2.6.16.60_0.103.13-0.7.1
      xen-libs-3.2.3_17040_46-0.7.1
      xen-tools-3.2.3_17040_46-0.7.1
      xen-tools-domU-3.2.3_17040_46-0.7.1
      xen-tools-ioemu-3.2.3_17040_46-0.7.1

   - SUSE Linux Enterprise Server 10 SP4 LTSS (x86_64):

      xen-libs-32bit-3.2.3_17040_46-0.7.1

   - SUSE Linux Enterprise Server 10 SP4 LTSS (i586):

      xen-kmp-bigsmp-3.2.3_17040_46_2.6.16.60_0.103.13-0.7.1
      xen-kmp-kdumppae-3.2.3_17040_46_2.6.16.60_0.103.13-0.7.1
      xen-kmp-vmi-3.2.3_17040_46_2.6.16.60_0.103.13-0.7.1
      xen-kmp-vmipae-3.2.3_17040_46_2.6.16.60_0.103.13-0.7.1


References:

   https://www.suse.com/security/cve/CVE-2012-4544.html
   https://www.suse.com/security/cve/CVE-2013-1917.html
   https://www.suse.com/security/cve/CVE-2013-1920.html
   https://www.suse.com/security/cve/CVE-2013-2194.html
   https://www.suse.com/security/cve/CVE-2013-2195.html
   https://www.suse.com/security/cve/CVE-2013-2196.html
   https://www.suse.com/security/cve/CVE-2013-4355.html
   https://www.suse.com/security/cve/CVE-2013-4368.html
   https://www.suse.com/security/cve/CVE-2013-4494.html
   https://www.suse.com/security/cve/CVE-2013-4554.html
   https://www.suse.com/security/cve/CVE-2013-6885.html
   https://bugzilla.novell.com/787163
   https://bugzilla.novell.com/813673
   https://bugzilla.novell.com/813677
   https://bugzilla.novell.com/823011
   https://bugzilla.novell.com/840592
   https://bugzilla.novell.com/842511
   https://bugzilla.novell.com/848657
   https://bugzilla.novell.com/849668
   https://bugzilla.novell.com/853049
   https://scc.suse.com:443/patches/

SuSE: 2014:0411-1: important: Xen

March 20, 2014
An update that fixes 11 vulnerabilities is now available

Summary

The SUSE Linux Enterprise Server 10 Service Pack 4 LTSS Xen hypervisor and toolset have been updated to fix various security issues. The following security issues have been addressed: * XSA-82: CVE-2013-6885: The microcode on AMD 16h 00h through 0Fh processors does not properly handle the interaction between locked instructions and write-combined memory types, which allows local users to cause a denial of service (system hang) via a crafted application, aka the errata 793 issue. (bnc#853049) * XSA-76: CVE-2013-4554: Xen 3.0.3 through 4.1.x (possibly 4.1.6.1), 4.2.x (possibly 4.2.3), and 4.3.x (possibly 4.3.1) does not properly prevent access to hypercalls, which allows local guest users to gain privileges via a crafted application running in ring 1 or 2. (bnc#849668) * XSA-73: CVE-2013-4494: Xen before 4.1.x, 4.2.x, and 4.3.x does not take the page_alloc_lock and grant_table.lock in the same order, which allows local ...

Read the Full Advisory

References

#787163 #813673 #813677 #823011 #840592 #842511

#848657 #849668 #853049

Cross- CVE-2012-4544 CVE-2013-1917 CVE-2013-1920

CVE-2013-2194 CVE-2013-2195 CVE-2013-2196

CVE-2013-4355 CVE-2013-4368 CVE-2013-4494

CVE-2013-4554 CVE-2013-6885

Affected Products:

SUSE Linux Enterprise Server 10 SP4 LTSS

https://www.suse.com/security/cve/CVE-2012-4544.html

https://www.suse.com/security/cve/CVE-2013-1917.html

https://www.suse.com/security/cve/CVE-2013-1920.html

https://www.suse.com/security/cve/CVE-2013-2194.html

https://www.suse.com/security/cve/CVE-2013-2195.html

https://www.suse.com/security/cve/CVE-2013-2196.html

https://www.suse.com/security/cve/CVE-2013-4355.html

https://www.suse.com/security/cve/CVE-2013-4368.html

https://www.suse.com/security/cve/CVE-2013-4494.html

https://www.suse.com/security/cve/CVE-2013-4554.html

https://www.suse.com/security/cve/CVE-2013-688...

Read the Full Advisory

Severity
Announcement ID: SUSE-SU-2014:0411-1
Rating: important

Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved