Security update for Xen
SUSE Security Update: Security update for Xen
The Xen hypervisor and tool-suite have been updated to fix
security issues and bugs:
* CVE-2013-4494: XSA-73: A lock order reversal between
page allocation and grant table locks could lead to host
crashes or even host code execution.
* CVE-2013-4553: XSA-74: A lock order reversal between
page_alloc_lock and mm_rwlock could lead to deadlocks.
* CVE-2013-4554: XSA-76: Hypercalls exposed to
privilege rings 1 and 2 of HVM guests which might lead to
Hypervisor escalation under specific circumstances.
* CVE-2013-6375: XSA-78: Insufficient TLB flushing in
VT-d (iommu) code could lead to access of memory that was
revoked.
* CVE-2013-4551: XSA-75: A host crash due to guest VMX
instruction execution was fixed.
Non-security bugs have also been fixed:
* bnc#840997: It is possible to start a VM twice on the
same node.
* bnc#842417: In HP's UEFI x86_64 platform and SLES
11-SP3, dom0 will could lock-up on multiple blades nPar.
* bnc#848014: Xen Hypervisor panics on 8-blades nPar
with 46-bit memory addressing.
* bnc#846849: Soft lock-up with PCI pass-through and
many VCPUs.
* bnc#833483: Boot Failure with Xen kernel in UEFI mode
with error "No memory for trampoline".
* Increase the maximum supported CPUs in the Hypervisor
to 512.
Security Issues:
* CVE-2013-1922
>
* CVE-2013-2007
>
* CVE-2013-4375
>
* CVE-2013-4416
>
* CVE-2013-4494
>
* CVE-2013-4551
>
* CVE-2013-4553
>
* CVE-2013-4554
>
| Announcement ID: | SUSE-SU-2013:1923-1 |
| Rating: | moderate |
| References: | #833483 #840997 #842417 #846849 #848014 #848657 #849665 #849667 #849668 #851386 |
| Affected Products: |
An update that solves 8 vulnerabilities and has two fixes is now available.
Description:
The Xen hypervisor and tool-suite have been updated to fix
security issues and bugs:
* CVE-2013-4494: XSA-73: A lock order reversal between
page allocation and grant table locks could lead to host
crashes or even host code execution.
* CVE-2013-4553: XSA-74: A lock order reversal between
page_alloc_lock and mm_rwlock could lead to deadlocks.
* CVE-2013-4554: XSA-76: Hypercalls exposed to
privilege rings 1 and 2 of HVM guests which might lead to
Hypervisor escalation under specific circumstances.
* CVE-2013-6375: XSA-78: Insufficient TLB flushing in
VT-d (iommu) code could lead to access of memory that was
revoked.
* CVE-2013-4551: XSA-75: A host crash due to guest VMX
instruction execution was fixed.
Non-security bugs have also been fixed:
* bnc#840997: It is possible to start a VM twice on the
same node.
* bnc#842417: In HP's UEFI x86_64 platform and SLES
11-SP3, dom0 will could lock-up on multiple blades nPar.
* bnc#848014: Xen Hypervisor panics on 8-blades nPar
with 46-bit memory addressing.
* bnc#846849: Soft lock-up with PCI pass-through and
many VCPUs.
* bnc#833483: Boot Failure with Xen kernel in UEFI mode
with error "No memory for trampoline".
* Increase the maximum supported CPUs in the Hypervisor
to 512.
Security Issues:
* CVE-2013-1922
* CVE-2013-2007
* CVE-2013-4375
* CVE-2013-4416
* CVE-2013-4494
* CVE-2013-4551
* CVE-2013-4553
* CVE-2013-4554
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 11 SP3:
zypper in -t patch sdksp3-xen-201311-8588 - SUSE Linux Enterprise Server 11 SP3:
zypper in -t patch slessp3-xen-201311-8588 - SUSE Linux Enterprise Desktop 11 SP3:
zypper in -t patch sledsp3-xen-201311-8588
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 x86_64):
- xen-devel-4.2.3_08-0.7.1
- SUSE Linux Enterprise Server 11 SP3 (i586 x86_64):
- xen-kmp-default-4.2.3_08_3.0.101_0.8-0.7.1
- xen-libs-4.2.3_08-0.7.1
- xen-tools-domU-4.2.3_08-0.7.1
- SUSE Linux Enterprise Server 11 SP3 (x86_64):
- xen-4.2.3_08-0.7.1
- xen-doc-html-4.2.3_08-0.7.1
- xen-doc-pdf-4.2.3_08-0.7.1
- xen-libs-32bit-4.2.3_08-0.7.1
- xen-tools-4.2.3_08-0.7.1
- SUSE Linux Enterprise Server 11 SP3 (i586):
- xen-kmp-pae-4.2.3_08_3.0.101_0.8-0.7.1
- SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64):
- xen-kmp-default-4.2.3_08_3.0.101_0.8-0.7.1
- xen-libs-4.2.3_08-0.7.1
- xen-tools-domU-4.2.3_08-0.7.1
- SUSE Linux Enterprise Desktop 11 SP3 (x86_64):
- xen-4.2.3_08-0.7.1
- xen-doc-html-4.2.3_08-0.7.1
- xen-doc-pdf-4.2.3_08-0.7.1
- xen-libs-32bit-4.2.3_08-0.7.1
- xen-tools-4.2.3_08-0.7.1
- SUSE Linux Enterprise Desktop 11 SP3 (i586):
- xen-kmp-pae-4.2.3_08_3.0.101_0.8-0.7.1
References:
- http://support.novell.com/security/cve/CVE-2013-1922.html
- http://support.novell.com/security/cve/CVE-2013-2007.html
- http://support.novell.com/security/cve/CVE-2013-4375.html
- http://support.novell.com/security/cve/CVE-2013-4416.html
- http://support.novell.com/security/cve/CVE-2013-4494.html
- http://support.novell.com/security/cve/CVE-2013-4551.html
- http://support.novell.com/security/cve/CVE-2013-4553.html
- http://support.novell.com/security/cve/CVE-2013-4554.html
- https://bugzilla.novell.com/833483
- https://bugzilla.novell.com/840997
- https://bugzilla.novell.com/842417
- https://bugzilla.novell.com/846849
- https://bugzilla.novell.com/848014
- https://bugzilla.novell.com/848657
- https://bugzilla.novell.com/849665
- https://bugzilla.novell.com/849667
- https://bugzilla.novell.com/849668
- https://bugzilla.novell.com/851386
- http://download.suse.com/patch/finder/?keywords=08d096221c1d89c9a950f559d38dccd0