Risks
Advisories
Browse
or
or
SUSE Security Update - Xen (SUSE-SU-2012:1615-1)
SUSE Security Update: Security update for Xen
______________________________________________________________________________

Announcement ID:    SUSE-SU-2012:1615-1
Rating:             important
References:         #777628 #789940 #789944 #789945 #789948 #789950
                    #789951 #789988 #792476
Cross-References:   CVE-2012-5510 CVE-2012-5511 CVE-2012-5512
                    CVE-2012-5513 CVE-2012-5514 CVE-2012-5515

Affected Products:
                    SUSE Linux Enterprise Software Development Kit 11 SP2
                    SUSE Linux Enterprise Server 11 SP2 for VMware
                    SUSE Linux Enterprise Server 11 SP2
                    SUSE Linux Enterprise Desktop 11 SP2
______________________________________________________________________________

   An update that solves 6 vulnerabilities and has three fixes
   is now available.

Description:


   This update fixes the following security issues in xen:

   * CVE-2012-5510: Grant table version switch list
   corruption vulnerability (XSA-26)
   * CVE-2012-5511: Several HVM operations do not validate
   the range of their inputs (XSA-27)
   * CVE-2012-5512: HVMOP_get_mem_access crash /
   HVMOP_set_mem_access information leak (XSA-28)
   * CVE-2012-5513: XENMEM_exchange may overwrite
   hypervisor memory (XSA-29)
   * CVE-2012-5514: Missing unlock in
   guest_physmap_mark_populate_on_demand() (XSA-30)
   * CVE-2012-5515: Several memory hypercall operations
   allow invalid extent order values (XSA-31)

   Also the following bugs have been fixed and upstream
   patches have been  applied:

   * FATAL PAGE FAULT in hypervisor (arch_do_domctl)
   * 25931-x86-domctl-iomem-mapping-checks.patch
   * 26132-tmem-save-NULL-check.patch
   * 26134-x86-shadow-invlpg-check.patch
   * 26148-vcpu-timer-overflow.patch (Replaces
   CVE-2012-4535-xsa20.patch)
   * 26149-x86-p2m-physmap-error-path.patch (Replaces
   CVE-2012-4537-xsa22.patch)
   * 26150-x86-shadow-unhook-toplevel-check.patch
   (Replaces CVE-2012-4538-xsa23.patch)
   * 26151-gnttab-compat-get-status-frames.patch (Replaces
   CVE-2012-4539-xsa24.patch)
   * bnc#792476 - efi files missing in latest XEN update

   Security Issue references:

   * CVE-2012-5512
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5512
   >
   * CVE-2012-5513
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5513
   >
   * CVE-2012-5514
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5514
   >
   * CVE-2012-5511
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5511
   >
   * CVE-2012-5510
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5510
   >
   * CVE-2012-5515
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5515
   >


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Software Development Kit 11 SP2:

      zypper in -t patch sdksp2-xen-7133

   - SUSE Linux Enterprise Server 11 SP2 for VMware:

      zypper in -t patch slessp2-xen-7133

   - SUSE Linux Enterprise Server 11 SP2:

      zypper in -t patch slessp2-xen-7133

   - SUSE Linux Enterprise Desktop 11 SP2:

      zypper in -t patch sledsp2-xen-7133

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Software Development Kit 11 SP2 (x86_64):

      xen-devel-4.1.3_06-0.7.1

   - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64):

      xen-kmp-trace-4.1.3_06_3.0.51_0.7.9-0.7.1

   - SUSE Linux Enterprise Server 11 SP2 (x86_64):

      xen-4.1.3_06-0.7.1
      xen-doc-html-4.1.3_06-0.7.1
      xen-doc-pdf-4.1.3_06-0.7.1
      xen-kmp-default-4.1.3_06_3.0.51_0.7.9-0.7.1
      xen-kmp-trace-4.1.3_06_3.0.51_0.7.9-0.7.1
      xen-libs-32bit-4.1.3_06-0.7.1
      xen-libs-4.1.3_06-0.7.1
      xen-tools-4.1.3_06-0.7.1
      xen-tools-domU-4.1.3_06-0.7.1

   - SUSE Linux Enterprise Desktop 11 SP2 (x86_64):

      xen-4.1.3_06-0.7.1
      xen-doc-html-4.1.3_06-0.7.1
      xen-doc-pdf-4.1.3_06-0.7.1
      xen-kmp-default-4.1.3_06_3.0.51_0.7.9-0.7.1
      xen-kmp-trace-4.1.3_06_3.0.51_0.7.9-0.7.1
      xen-libs-32bit-4.1.3_06-0.7.1
      xen-libs-4.1.3_06-0.7.1
      xen-tools-4.1.3_06-0.7.1
      xen-tools-domU-4.1.3_06-0.7.1


References:

   http://support.novell.com/security/cve/CVE-2012-5510.html
   http://support.novell.com/security/cve/CVE-2012-5511.html
   http://support.novell.com/security/cve/CVE-2012-5512.html
   http://support.novell.com/security/cve/CVE-2012-5513.html
   http://support.novell.com/security/cve/CVE-2012-5514.html
   http://support.novell.com/security/cve/CVE-2012-5515.html
   https://bugzilla.novell.com/777628
   https://bugzilla.novell.com/789940
   https://bugzilla.novell.com/789944
   https://bugzilla.novell.com/789945
   https://bugzilla.novell.com/789948
   https://bugzilla.novell.com/789950
   https://bugzilla.novell.com/789951
   https://bugzilla.novell.com/789988
   https://bugzilla.novell.com/792476
   http://download.novell.com/patch/finder/?keywords=d862e18d5680d7561000adc9e50779c8




Spotlight

The security threat of unsanctioned file sharing

Posted on 31 October 2014.  |  Organisational leadership is failing to respond to the escalating risk of ungoverned file sharing practices among their employees, and employees routinely breach IT policies.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Oct 31st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //