Jump to content
Compatible Support Forums
Sign in to follow this  
news

[security-announce] SUSE-SU-2013:1075-1: important: Security update for Xen

Recommended Posts

SUSE Security Update: Security update for Xen

______________________________________________________________________________

 

Announcement ID: SUSE-SU-2013:1075-1

Rating: important

References: #801663 #809662 #813673 #813675 #813677 #814709

#816156 #816159 #816163 #819416 #820917 #820919

#820920

Cross-References: CVE-2013-1917 CVE-2013-1918 CVE-2013-1919

CVE-2013-1920 CVE-2013-1952 CVE-2013-1964

CVE-2013-2072 CVE-2013-2076 CVE-2013-2077

CVE-2013-2078

Affected Products:

SUSE Linux Enterprise Software Development Kit 11 SP2

SUSE Linux Enterprise Server 11 SP2 for VMware

SUSE Linux Enterprise Server 11 SP2

SUSE Linux Enterprise Desktop 11 SP2

______________________________________________________________________________

 

An update that solves 10 vulnerabilities and has three

fixes is now available.

 

Description:

 

 

XEN has been updated to 4.1.5 c/s 23509 to fix various bugs

and security issues.

 

The following security issues have been fixed:

 

*

 

CVE-2013-1918: Certain page table manipulation

operations in Xen 4.1.x, 4.2.x, and earlier were not

preemptible, which allowed local PV kernels to cause a

denial of service via vectors related to deep page table

traversal.

 

*

 

CVE-2013-1952: Xen 4.x, when using Intel VT-d for a

bus mastering capable PCI device, did not properly check

the source when accessing a bridge devices interrupt

remapping table entries for MSI interrupts, which allowed

local guest domains to cause a denial of service (interrupt

injection) via unspecified vectors.

 

*

 

CVE-2013-2076: A information leak in the XSAVE/XRSTOR

instructions could be used to determine state of floating

point operations in other domains.

 

*

 

CVE-2013-2077: A denial of service (hypervisor crash)

was possible due to missing exception recovery on XRSTOR,

that could be used to crash the machine by PV guest users.

 

*

 

CVE-2013-2078: A denial of service (hypervisor crash)

was possible due to missing exception recovery on XSETBV,

that could be used to crash the machine by PV guest users.

 

*

 

CVE-2013-2072: Systems which allow untrusted

administrators to configure guest vcpu affinity may be

exploited to trigger a buffer overrun and corrupt memory.

 

*

 

CVE-2013-1917: Xen 3.1 through 4.x, when running

64-bit hosts on Intel CPUs, did not clear the NT flag when

using an IRET after a SYSENTER instruction, which allowed

PV guest users to cause a denial of service (hypervisor

crash) by triggering a #GP fault, which is not properly

handled by another IRET instruction.

 

*

 

CVE-2013-1919: Xen 4.2.x and 4.1.x did not properly

restrict access to IRQs, which allowed local stub domain

clients to gain access to IRQs and cause a denial of

service via vectors related to "passed-through IRQs or PCI

devices."

 

*

 

CVE-2013-1920: Xen 4.2.x, 4.1.x, and earlier, when

the hypervisor is running "under memory pressure" and the

Xen Security Module (XSM) is enabled, used the wrong

ordering of operations when extending the per-domain event

channel tracking table, which caused a use-after-free and

allowed local guest kernels to inject arbitrary events and

gain privileges via unspecified vectors.

 

*

 

CVE-2013-1964: Xen 4.0.x and 4.1.x incorrectly

released a grant reference when releasing a non-v1,

non-transitive grant, which allowed local guest

administrators to cause a denial of service (host crash),

obtain sensitive information, or possible have other

impacts via unspecified vectors.

 

Bugfixes:

 

*

 

Upstream patches from Jan

26956-x86-mm-preemptible-cleanup.patch

27071-x86-IO-APIC-fix-guest-RTE-write-corner-cases.patch

27072-x86-shadow-fix-off-by-one-in-MMIO-permission-check.pat

ch 27079-fix-XSA-46-regression-with-xend-xm.patch

27083-AMD-iommu-SR56x0-Erratum-64-Reset-all-head-tail-pointe

rs.patch

 

*

 

Update to Xen 4.1.5 c/s 23509 There were many

xen.spec file patches dropped as now being included in the

4.1.5 tarball.

 

*

 

bnc#809662 - can't use pv-grub to start domU (pygrub

does work) xen.spec

 

*

 

Upstream patches from Jan

26702-powernow-add-fixups-for-AMD-P-state-figures.patch

26704-x86-MCA-suppress-bank-clearing-for-certain-injected-ev

ents.patch

26731-AMD-IOMMU-Process-softirqs-while-building-dom0-iommu-m

appings.patch

26733-VT-d-Enumerate-IOMMUs-when-listing-capabilities.patch

26734-ACPI-ERST-Name-table-in-otherwise-opaque-error-message

s.patch

26736-ACPI-APEI-Unlock-apei_iomaps_lock-on-error-path.patch

26737-ACPI-APEI-Add-apei_exec_run_optional.patch

26742-IOMMU-properly-check-whether-interrupt-remapping-is-en

abled.patch 26743-VT-d-deal-with-5500-5520-X58-errata.patch

26744-AMD-IOMMU-allow-disabling-only-interrupt-remapping.pat

ch

26749-x86-reserve-pages-when-SandyBridge-integrated-graphics

.patch

26765-hvm-Clean-up-vlapic_reg_write-error-propagation.patch

26770-x86-irq_move_cleanup_interrupt-must-ignore-legacy-vect

ors.patch

26771-x86-S3-Restore-broken-vcpu-affinity-on-resume.patch

26772-VMX-Always-disable-SMEP-when-guest-is-in-non-paging-mo

de.patch

26773-x86-mm-shadow-spurious-warning-when-unmapping-xenheap-

pages.patch

26799-x86-don-t-pass-negative-time-to-gtime_to_gtsc.patch

26851-iommu-crash-Interrupt-remapping-is-also-disabled-on-cr

ash.patch

 

*

 

bnc#814709 - Unable to create XEN virtual machines in

SLED 11 SP2 on Kyoto xend-cpuinfo-model-name.patch

 

*

 

Upstream patches from Jan

26536-xenoprof-div-by-0.patch

26578-AMD-IOMMU-replace-BUG_ON.patch

26656-x86-fix-null-pointer-dereference-in-intel_get_extended

_msrs.patch 26659-AMD-IOMMU-erratum-746-workaround.patch

26660-x86-fix-CMCI-injection.patch

26672-vmx-fix-handling-of-NMI-VMEXIT.patch

26673-Avoid-stale-pointer-when-moving-domain-to-another-cpup

ool.patch

26676-fix-compat-memory-exchange-op-splitting.patch

26677-x86-make-certain-memory-sub-ops-return-valid-values.pa

tch 26678-SEDF-avoid-gathering-vCPU-s-on-pCPU0.patch

26679-x86-defer-processing-events-on-the-NMI-exit-path.patch

26683-credit1-Use-atomic-bit-operations-for-the-flags-struct

ure.patch 26692-x86-MSI-fully-protect-MSI-X-table.patch

 

Security Issue references:

 

* CVE-2013-1917

 

* CVE-2013-1918

 

* CVE-2013-1919

 

* CVE-2013-1920

 

* CVE-2013-1952

 

* CVE-2013-1964

 

* CVE-2013-2072

 

* CVE-2013-2076

 

* CVE-2013-2077

 

* CVE-2013-2078

 

 

 

Special Instructions and Notes:

 

Please reboot the system after installing this update.

 

Patch Instructions:

 

To install this SUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

 

- SUSE Linux Enterprise Software Development Kit 11 SP2:

 

zypper in -t patch sdksp2-xen-201305-7798

 

- SUSE Linux Enterprise Server 11 SP2 for VMware:

 

zypper in -t patch slessp2-xen-201305-7798

 

- SUSE Linux Enterprise Server 11 SP2:

 

zypper in -t patch slessp2-xen-201305-7798

 

- SUSE Linux Enterprise Desktop 11 SP2:

 

zypper in -t patch sledsp2-xen-201305-7798

 

To bring your system up-to-date, use "zypper patch".

 

 

Package List:

 

- SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 x86_64):

 

xen-devel-4.1.5_02-0.5.1

 

- SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64):

 

xen-kmp-trace-4.1.5_02_3.0.74_0.6.10-0.5.1

 

- SUSE Linux Enterprise Server 11 SP2 (i586 x86_64):

 

xen-kmp-default-4.1.5_02_3.0.74_0.6.10-0.5.1

xen-kmp-trace-4.1.5_02_3.0.74_0.6.10-0.5.1

xen-libs-4.1.5_02-0.5.1

xen-tools-domU-4.1.5_02-0.5.1

 

- SUSE Linux Enterprise Server 11 SP2 (x86_64):

 

xen-4.1.5_02-0.5.1

xen-doc-html-4.1.5_02-0.5.1

xen-doc-pdf-4.1.5_02-0.5.1

xen-libs-32bit-4.1.5_02-0.5.1

xen-tools-4.1.5_02-0.5.1

 

- SUSE Linux Enterprise Server 11 SP2 (i586):

 

xen-kmp-pae-4.1.5_02_3.0.74_0.6.10-0.5.1

 

- SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64):

 

xen-kmp-default-4.1.5_02_3.0.74_0.6.10-0.5.1

xen-kmp-trace-4.1.5_02_3.0.74_0.6.10-0.5.1

xen-libs-4.1.5_02-0.5.1

xen-tools-domU-4.1.5_02-0.5.1

 

- SUSE Linux Enterprise Desktop 11 SP2 (x86_64):

 

xen-4.1.5_02-0.5.1

xen-doc-html-4.1.5_02-0.5.1

xen-doc-pdf-4.1.5_02-0.5.1

xen-libs-32bit-4.1.5_02-0.5.1

xen-tools-4.1.5_02-0.5.1

 

- SUSE Linux Enterprise Desktop 11 SP2 (i586):

 

xen-kmp-pae-4.1.5_02_3.0.74_0.6.10-0.5.1

 

 

References:

 

http://support.novell.com/security/cve/CVE-2013-1917.html

http://support.novell.com/security/cve/CVE-2013-1918.html

http://support.novell.com/security/cve/CVE-2013-1919.html

http://support.novell.com/security/cve/CVE-2013-1920.html

http://support.novell.com/security/cve/CVE-2013-1952.html

http://support.novell.com/security/cve/CVE-2013-1964.html

http://support.novell.com/security/cve/CVE-2013-2072.html

http://support.novell.com/security/cve/CVE-2013-2076.html

http://support.novell.com/security/cve/CVE-2013-2077.html

http://support.novell.com/security/cve/CVE-2013-2078.html

https://bugzilla.novell.com/801663

https://bugzilla.novell.com/809662

https://bugzilla.novell.com/813673

https://bugzilla.novell.com/813675

https://bugzilla.novell.com/813677

https://bugzilla.novell.com/814709

https://bugzilla.novell.com/816156

https://bugzilla.novell.com/816159

https://bugzilla.novell.com/816163

https://bugzilla.novell.com/819416

https://bugzilla.novell.com/820917

https://bugzilla.novell.com/820919

https://bugzilla.novell.com/820920

http://download.novell.com/patch/finder/?keywords=2f3309c493da194384ed2eba64f84f0d

 

--

To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org

For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org

 

 

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×