Jump to content
Compatible Support Forums
Sign in to follow this  
news

[security-announce] SUSE-SU-2012:1606-1: important: Security update for Xen

Recommended Posts

SUSE Security Update: Security update for Xen

______________________________________________________________________________

 

Announcement ID: SUSE-SU-2012:1606-1

Rating: important

References: #789950 #789951

Cross-References: CVE-2012-5513 CVE-2012-5515

Affected Products:

SUSE Linux Enterprise Server 10 SP4

SUSE Linux Enterprise Desktop 10 SP4

SLE SDK 10 SP4

______________________________________________________________________________

 

An update that fixes two vulnerabilities is now available.

 

Description:

 

 

This update fixes the following security issues in xen:

 

* CVE-2012-5513: XENMEM_exchange may overwrite

hypervisor memory (XSA-29)

* CVE-2012-5515: Several memory hypercall operations

allow invalid extent order values (XSA-31)

 

Also the following bugs have been fixed and upstream

patches have been applied:

26134-x86-shadow-invlpg-check.patch

 

Security Issue references:

 

* CVE-2012-5513

 

* CVE-2012-5515

 

 

 

Special Instructions and Notes:

 

Please reboot the system after installing this update.

 

 

Package List:

 

- SUSE Linux Enterprise Server 10 SP4 (i586 x86_64):

 

xen-3.2.3_17040_44-0.7.1

xen-devel-3.2.3_17040_44-0.7.1

xen-doc-html-3.2.3_17040_44-0.7.1

xen-doc-pdf-3.2.3_17040_44-0.7.1

xen-doc-ps-3.2.3_17040_44-0.7.1

xen-kmp-debug-3.2.3_17040_44_2.6.16.60_0.99.13-0.7.1

xen-kmp-default-3.2.3_17040_44_2.6.16.60_0.99.13-0.7.1

xen-kmp-kdump-3.2.3_17040_44_2.6.16.60_0.99.13-0.7.1

xen-kmp-smp-3.2.3_17040_44_2.6.16.60_0.99.13-0.7.1

xen-libs-3.2.3_17040_44-0.7.1

xen-tools-3.2.3_17040_44-0.7.1

xen-tools-domU-3.2.3_17040_44-0.7.1

xen-tools-ioemu-3.2.3_17040_44-0.7.1

 

- SUSE Linux Enterprise Server 10 SP4 (x86_64):

 

xen-libs-32bit-3.2.3_17040_44-0.7.1

 

- SUSE Linux Enterprise Server 10 SP4 (i586):

 

xen-kmp-bigsmp-3.2.3_17040_44_2.6.16.60_0.99.13-0.7.1

xen-kmp-kdumppae-3.2.3_17040_44_2.6.16.60_0.99.13-0.7.1

xen-kmp-vmi-3.2.3_17040_44_2.6.16.60_0.99.13-0.7.1

xen-kmp-vmipae-3.2.3_17040_44_2.6.16.60_0.99.13-0.7.1

 

- SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64):

 

xen-3.2.3_17040_44-0.7.1

xen-devel-3.2.3_17040_44-0.7.1

xen-doc-html-3.2.3_17040_44-0.7.1

xen-doc-pdf-3.2.3_17040_44-0.7.1

xen-doc-ps-3.2.3_17040_44-0.7.1

xen-kmp-default-3.2.3_17040_44_2.6.16.60_0.99.13-0.7.1

xen-kmp-smp-3.2.3_17040_44_2.6.16.60_0.99.13-0.7.1

xen-libs-3.2.3_17040_44-0.7.1

xen-tools-3.2.3_17040_44-0.7.1

xen-tools-domU-3.2.3_17040_44-0.7.1

xen-tools-ioemu-3.2.3_17040_44-0.7.1

 

- SUSE Linux Enterprise Desktop 10 SP4 (x86_64):

 

xen-libs-32bit-3.2.3_17040_44-0.7.1

 

- SUSE Linux Enterprise Desktop 10 SP4 (i586):

 

xen-kmp-bigsmp-3.2.3_17040_44_2.6.16.60_0.99.13-0.7.1

 

- SLE SDK 10 SP4 (i586 x86_64):

 

xen-3.2.3_17040_44-0.7.1

xen-devel-3.2.3_17040_44-0.7.1

xen-kmp-debug-3.2.3_17040_44_2.6.16.60_0.99.13-0.7.1

xen-kmp-kdump-3.2.3_17040_44_2.6.16.60_0.99.13-0.7.1

xen-libs-3.2.3_17040_44-0.7.1

xen-tools-3.2.3_17040_44-0.7.1

xen-tools-ioemu-3.2.3_17040_44-0.7.1

 

- SLE SDK 10 SP4 (x86_64):

 

xen-libs-32bit-3.2.3_17040_44-0.7.1

 

 

References:

 

http://support.novell.com/security/cve/CVE-2012-5513.html

http://support.novell.com/security/cve/CVE-2012-5515.html

https://bugzilla.novell.com/789950

https://bugzilla.novell.com/789951

http://download.novell.com/patch/finder/?keywords=193b206adfdaf6da1ce1c5ced79e9f29

 

--

To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org

For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org

 

 

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×