Security update for Xen
SUSE Security Update: Security update for Xen
The SUSE Linux Enterprise 11 Service Pack 3 Xen package was updated to fix
various bugs and security issues.
The following security issues have been fixed:
* XSA-108: CVE-2014-7188: Improper MSR range used for x2APIC emulation
(bnc#897657)
* XSA-106: CVE-2014-7156: Missing privilege level checks in x86
emulation of software interrupts (bnc#895802)
* XSA-105: CVE-2014-7155: Missing privilege level checks in x86 HLT,
LGDT, LIDT, and LMSW emulation (bnc#895799)
* XSA-104: CVE-2014-7154: Race condition in HVMOP_track_dirty_vram
(bnc#895798)
* XSA-100: CVE-2014-4021: Hypervisor heap contents leaked to guests
(bnc#880751)
* XSA-96: CVE-2014-3967, CVE-2014-3968: Vulnerabilities in HVM MSI
injection (bnc#878841)
* XSA-89: CVE-2014-2599: HVMOP_set_mem_access is not preemptible
(bnc#867910)
* XSA-65: CVE-2013-4344: qemu SCSI REPORT LUNS buffer overflow
(bnc#842006)
* CVE-2013-4540: qemu: zaurus: buffer overrun on invalid state load
(bnc#864801)
The following non-security issues have been fixed:
* xend: Fix netif convertToDeviceNumber for running domains
(bnc#891539)
* Installing SLES12 as a VM on SLES11 SP3 fails because of btrfs in
the VM (bnc#882092)
* XEN kernel panic do_device_not_available() (bnc#881900)
* Boot Failure with xen kernel in UEFI mode with error "No memory for
trampoline" (bnc#833483)
* SLES 11 SP3 vm-install should get RHEL 7 support when released
(bnc#862608)
* SLES 11 SP3 XEN kiso version cause softlockup on 8 blades npar(480
cpu) (bnc#858178)
* Local attach support for PHY backends using scripts
local_attach_support_for_phy.patch (bnc#865682)
* Improve multipath support for npiv devices block-npiv (bnc#798770)
Security Issues:
* CVE-2013-4344
* CVE-2013-4540
* CVE-2014-2599
* CVE-2014-3967
* CVE-2014-3968
* CVE-2014-4021
* CVE-2014-7154
* CVE-2014-7155
* CVE-2014-7156
* CVE-2014-7188
| Announcement ID: | SUSE-SU-2014:1318-1 |
| Rating: | moderate |
| References: | #798770 #833483 #842006 #858178 #862608 #864801 #865682 #867910 #878841 #880751 #881900 #882092 #891539 #895798 #895799 #895802 #897657 |
| Affected Products: |
An update that solves 10 vulnerabilities and has 7 fixes is now available.
Description:
The SUSE Linux Enterprise 11 Service Pack 3 Xen package was updated to fix
various bugs and security issues.
The following security issues have been fixed:
* XSA-108: CVE-2014-7188: Improper MSR range used for x2APIC emulation
(bnc#897657)
* XSA-106: CVE-2014-7156: Missing privilege level checks in x86
emulation of software interrupts (bnc#895802)
* XSA-105: CVE-2014-7155: Missing privilege level checks in x86 HLT,
LGDT, LIDT, and LMSW emulation (bnc#895799)
* XSA-104: CVE-2014-7154: Race condition in HVMOP_track_dirty_vram
(bnc#895798)
* XSA-100: CVE-2014-4021: Hypervisor heap contents leaked to guests
(bnc#880751)
* XSA-96: CVE-2014-3967, CVE-2014-3968: Vulnerabilities in HVM MSI
injection (bnc#878841)
* XSA-89: CVE-2014-2599: HVMOP_set_mem_access is not preemptible
(bnc#867910)
* XSA-65: CVE-2013-4344: qemu SCSI REPORT LUNS buffer overflow
(bnc#842006)
* CVE-2013-4540: qemu: zaurus: buffer overrun on invalid state load
(bnc#864801)
The following non-security issues have been fixed:
* xend: Fix netif convertToDeviceNumber for running domains
(bnc#891539)
* Installing SLES12 as a VM on SLES11 SP3 fails because of btrfs in
the VM (bnc#882092)
* XEN kernel panic do_device_not_available() (bnc#881900)
* Boot Failure with xen kernel in UEFI mode with error "No memory for
trampoline" (bnc#833483)
* SLES 11 SP3 vm-install should get RHEL 7 support when released
(bnc#862608)
* SLES 11 SP3 XEN kiso version cause softlockup on 8 blades npar(480
cpu) (bnc#858178)
* Local attach support for PHY backends using scripts
local_attach_support_for_phy.patch (bnc#865682)
* Improve multipath support for npiv devices block-npiv (bnc#798770)
Security Issues:
* CVE-2013-4344
* CVE-2013-4540
* CVE-2014-2599
* CVE-2014-3967
* CVE-2014-3968
* CVE-2014-4021
* CVE-2014-7154
* CVE-2014-7155
* CVE-2014-7156
* CVE-2014-7188
Indications:
Everyone using the Xen hypervisor should update.
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 11 SP3:
zypper in -t patch sdksp3-xen-201409-9828 - SUSE Linux Enterprise Server 11 SP3:
zypper in -t patch slessp3-xen-201409-9828 - SUSE Linux Enterprise Desktop 11 SP3:
zypper in -t patch sledsp3-xen-201409-9828
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 x86_64):
- xen-devel-4.2.4_04-0.9.1
- SUSE Linux Enterprise Server 11 SP3 (i586 x86_64):
- xen-kmp-default-4.2.4_04_3.0.101_0.40-0.9.1
- xen-libs-4.2.4_04-0.9.1
- xen-tools-domU-4.2.4_04-0.9.1
- SUSE Linux Enterprise Server 11 SP3 (x86_64):
- xen-4.2.4_04-0.9.1
- xen-doc-html-4.2.4_04-0.9.1
- xen-doc-pdf-4.2.4_04-0.9.1
- xen-libs-32bit-4.2.4_04-0.9.1
- xen-tools-4.2.4_04-0.9.1
- SUSE Linux Enterprise Server 11 SP3 (i586):
- xen-kmp-pae-4.2.4_04_3.0.101_0.40-0.9.1
- SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64):
- xen-kmp-default-4.2.4_04_3.0.101_0.40-0.9.1
- xen-libs-4.2.4_04-0.9.1
- xen-tools-domU-4.2.4_04-0.9.1
- SUSE Linux Enterprise Desktop 11 SP3 (x86_64):
- xen-4.2.4_04-0.9.1
- xen-doc-html-4.2.4_04-0.9.1
- xen-doc-pdf-4.2.4_04-0.9.1
- xen-libs-32bit-4.2.4_04-0.9.1
- xen-tools-4.2.4_04-0.9.1
- SUSE Linux Enterprise Desktop 11 SP3 (i586):
- xen-kmp-pae-4.2.4_04_3.0.101_0.40-0.9.1
References:
- http://support.novell.com/security/cve/CVE-2013-4344.html
- http://support.novell.com/security/cve/CVE-2013-4540.html
- http://support.novell.com/security/cve/CVE-2014-2599.html
- http://support.novell.com/security/cve/CVE-2014-3967.html
- http://support.novell.com/security/cve/CVE-2014-3968.html
- http://support.novell.com/security/cve/CVE-2014-4021.html
- http://support.novell.com/security/cve/CVE-2014-7154.html
- http://support.novell.com/security/cve/CVE-2014-7155.html
- http://support.novell.com/security/cve/CVE-2014-7156.html
- http://support.novell.com/security/cve/CVE-2014-7188.html
- https://bugzilla.suse.com/show_bug.cgi?id=798770
- https://bugzilla.suse.com/show_bug.cgi?id=833483
- https://bugzilla.suse.com/show_bug.cgi?id=842006
- https://bugzilla.suse.com/show_bug.cgi?id=858178
- https://bugzilla.suse.com/show_bug.cgi?id=862608
- https://bugzilla.suse.com/show_bug.cgi?id=864801
- https://bugzilla.suse.com/show_bug.cgi?id=865682
- https://bugzilla.suse.com/show_bug.cgi?id=867910
- https://bugzilla.suse.com/show_bug.cgi?id=878841
- https://bugzilla.suse.com/show_bug.cgi?id=880751
- https://bugzilla.suse.com/show_bug.cgi?id=881900
- https://bugzilla.suse.com/show_bug.cgi?id=882092
- https://bugzilla.suse.com/show_bug.cgi?id=891539
- https://bugzilla.suse.com/show_bug.cgi?id=895798
- https://bugzilla.suse.com/show_bug.cgi?id=895799
- https://bugzilla.suse.com/show_bug.cgi?id=895802
- https://bugzilla.suse.com/show_bug.cgi?id=897657
- http://download.suse.com/patch/finder/?keywords=04044470a0f95da5c719e02715587524