Sigurnosni nedostatak paketa Xen

Uočen je i ispravljen propust u radu programskog paketa Xen koji je zlonamjernim, lokalnim korisnicima omogućuvao dobivanje većih ovlasti.

Paket:	xen 4.x
Operacijski sustavi:	SUSE Linux Enterprise Server (SLES) 11
Kritičnost:	6.4
Problem:	pogreška u programskoj komponenti
Iskorištavanje:	lokalno
Posljedica:	dobivanje većih privilegija
Rješenje:	programska zakrpa proizvođača
CVE:	CVE-2011-1898
Izvorni ID preporuke:	SUSE-SU-2011:0942-1
Izvor:	SUSE

Problem:
Otkrivena ranjivost posljedica je korištenja opcije "PCI passthrough" na sklopovlju Intel VT-d koje ne podržava ponovno mapiranje prekida.
Posljedica:
Korisnici virtualnog operacijskog sustava opisani propust mogu iskoristiti za dobivanje ovlasti rada na pravom operacijskom sustavu na kojem je instaliran virtualni.
Rješenje:
Kao rješenje problema preporučuje se primjena uobičajene nadogradnje alata.

Izvorni tekst preporuke

   SUSE Security Update: Security update for Xen
______________________________________________________________________________

Announcement ID:    SUSE-SU-2011:0942-1
Rating:             important
References:         #582265 #670465 #684297 #684305 #689954 #692625 
                    #693472 #702025 #703924 #704160 #706574 
Cross-References:   CVE-2011-1898
Affected Products:
                    SUSE Linux Enterprise Software Development Kit 11 SP1
                    SUSE Linux Enterprise Server 11 SP1
                    SUSE Linux Enterprise Desktop 11 SP1
______________________________________________________________________________

   An update that solves one vulnerability and has 10 fixes is
   now available. It includes one version update.

Description:


   Security / Collective Update for Xen

   Xen:

   * bnc#702025 - VUL-0: xen: VT-d (PCI passthrough) MSI
   trap injection (CVE-2011-1898)
   * bnc#703924 - update block-npiv scripts to support BFA
   HBA
   * bnc#689954 - L3: Live migrations fail when guest
   crashes: domain_crash_sync called from entry.S
   * bnc#693472 - Bridge hangs cause redundant ring
   failures in SLE 11 SP1 HAE + XEN
   * bnc#582265 - xen-scsi.ko not supported
   * bnc#670465 - When connecting to Xen guest through
   vncviewer mouse tracking is off.
   * bnc#684305 - on_crash is being ignored with kdump now
   working in HVM
   * bnc#684297 - HVM taking too long to dump vmcore
   * bnc#704160 - crm resource migrate fails with xen
   machines
   * bnc#706574 - xm console DomUName hang after "xm
   save/restore" of PVM on the latest Xen

   vm-install:

   * bnc#692625 - virt-manager has problems to install
   guest from multiple CD

   Security Issue reference:

   * CVE-2011-1898
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1898
   >

Indications:

   Please install the update.

Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Software Development Kit 11 SP1:

      zypper in -t patch sdksp1-xen-201107-4977

   - SUSE Linux Enterprise Server 11 SP1:

      zypper in -t patch slessp1-xen-201107-4977

   - SUSE Linux Enterprise Desktop 11 SP1:

      zypper in -t patch sledsp1-xen-201107-4977

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 x86_64):

      xen-devel-4.0.2_21511_02-0.7.1

   - SUSE Linux Enterprise Server 11 SP1 (i586 x86_64) [New Version: 0.4.31]:

      vm-install-0.4.31-0.3.5
      xen-4.0.2_21511_02-0.7.1
      xen-doc-html-4.0.2_21511_02-0.7.1
      xen-doc-pdf-4.0.2_21511_02-0.7.1
      xen-kmp-default-4.0.2_21511_02_2.6.32.43_0.4-0.7.1
      xen-libs-4.0.2_21511_02-0.7.1
      xen-tools-4.0.2_21511_02-0.7.1
      xen-tools-domU-4.0.2_21511_02-0.7.1

   - SUSE Linux Enterprise Server 11 SP1 (i586):

      xen-kmp-pae-4.0.2_21511_02_2.6.32.43_0.4-0.7.1

   - SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64) [New Version: 0.4.31]:

      vm-install-0.4.31-0.3.5
      xen-4.0.2_21511_02-0.7.1
      xen-kmp-default-4.0.2_21511_02_2.6.32.43_0.4-0.7.1
      xen-libs-4.0.2_21511_02-0.7.1
      xen-tools-4.0.2_21511_02-0.7.1
      xen-tools-domU-4.0.2_21511_02-0.7.1

   - SUSE Linux Enterprise Desktop 11 SP1 (i586):

      xen-kmp-pae-4.0.2_21511_02_2.6.32.43_0.4-0.7.1


References:

   http://support.novell.com/security/cve/CVE-2011-1898.html
   https://bugzilla.novell.com/582265
   https://bugzilla.novell.com/670465
   https://bugzilla.novell.com/684297
   https://bugzilla.novell.com/684305
   https://bugzilla.novell.com/689954
   https://bugzilla.novell.com/692625
   https://bugzilla.novell.com/693472
   https://bugzilla.novell.com/702025
   https://bugzilla.novell.com/703924
   https://bugzilla.novell.com/704160
   https://bugzilla.novell.com/706574
  
http://download.novell.com/patch/finder/?keywords=27ded9fc531a0bd110fa31d01bf8bc06

-- 
To unsubscribe, e-mail: Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
For additional commands, e-mail: Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.

Sigurnosni nedostatak paketa Xen

Tražilica portala

Aktivnosti

O CIS-u

Posljednje vijesti

Posljednji dokumenti

Sigurnosni nedostatak paketa Xen

Tražilica portala

Aktivnosti

O CIS-u

Posljednje sigurnosne preporuke

Posljednje vijesti

Popularni članci

Posljednji dokumenti