SUSE Security Update: Security update for Xen
______________________________________________________________________________
Announcement ID: SUSE-SU-2011:1057-1
Rating: important
References: #654798 #659070 #679344 #684297 #704380 #712038
Cross-References: CVE-2011-1166 CVE-2011-1936 CVE-2011-2901
Affected Products:
SUSE Linux Enterprise Server 10 SP3
SLE SDK 10 SP3
______________________________________________________________________________
An update that solves three vulnerabilities and has three
fixes is now available.
Description:
This update fixes various bugs in XEN:
The following security issues have been fixed:
* A denial of service (Host Crash) in the XEN
hypervisor. (CVE-2011-2901)
* A bug was found in the way Xen handles CPUID
instruction emulation during VM exits. An unprivileged
guest user can potentially use this flaw to crash the
guest. (CVE-2011-1936)
* A 64-bit guest can get one of its vcpus into
non-kernel mode without first providing a valid non-kernel
pagetable. The observed failure mode was usually a hard
lockup of the host (host denial of service). (CVE-2011-1166)
It fixes also the following bugs:
* bnc#654798 - SLES 10 SP3 XEN: Device /dev/xvdp is
already connected error when starting multiple vm's
* bnc#684297 - HVM taking too long to dump vmcore
Security Issue references:
* CVE-2011-2901
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2901
>
* CVE-2011-1166
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1166
>
* CVE-2011-1936
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1936
>
Indications:
Please install this update.
Package List:
- SUSE Linux Enterprise Server 10 SP3 (i586 x86_64):
xen-3.2.3_17040_26-0.6.2.1
xen-devel-3.2.3_17040_26-0.6.2.1
xen-doc-html-3.2.3_17040_26-0.6.2.1
xen-doc-pdf-3.2.3_17040_26-0.6.2.1
xen-doc-ps-3.2.3_17040_26-0.6.2.1
xen-kmp-debug-3.2.3_17040_26_2.6.16.60_0.81.11-0.6.2.1
xen-kmp-default-3.2.3_17040_26_2.6.16.60_0.81.11-0.6.2.1
xen-kmp-kdump-3.2.3_17040_26_2.6.16.60_0.81.11-0.6.2.1
xen-kmp-smp-3.2.3_17040_26_2.6.16.60_0.81.11-0.6.2.1
xen-libs-3.2.3_17040_26-0.6.2.1
xen-tools-3.2.3_17040_26-0.6.2.1
xen-tools-domU-3.2.3_17040_26-0.6.2.1
xen-tools-ioemu-3.2.3_17040_26-0.6.2.1
- SUSE Linux Enterprise Server 10 SP3 (x86_64):
xen-libs-32bit-3.2.3_17040_26-0.6.2.1
- SUSE Linux Enterprise Server 10 SP3 (i586):
xen-kmp-bigsmp-3.2.3_17040_26_2.6.16.60_0.81.11-0.6.2.1
xen-kmp-kdumppae-3.2.3_17040_26_2.6.16.60_0.81.11-0.6.2.1
xen-kmp-vmi-3.2.3_17040_26_2.6.16.60_0.81.11-0.6.2.1
xen-kmp-vmipae-3.2.3_17040_26_2.6.16.60_0.81.11-0.6.2.1
- SLE SDK 10 SP3 (i586 x86_64):
xen-3.2.3_17040_26-0.6.2.1
xen-devel-3.2.3_17040_26-0.6.2.1
xen-kmp-debug-3.2.3_17040_26_2.6.16.60_0.81.11-0.6.2.1
xen-kmp-kdump-3.2.3_17040_26_2.6.16.60_0.81.11-0.6.2.1
xen-libs-3.2.3_17040_26-0.6.2.1
xen-tools-3.2.3_17040_26-0.6.2.1
xen-tools-ioemu-3.2.3_17040_26-0.6.2.1
- SLE SDK 10 SP3 (x86_64):
xen-libs-32bit-3.2.3_17040_26-0.6.2.1
References:
http://support.novell.com/security/cve/CVE-2011-1166.html
http://support.novell.com/security/cve/CVE-2011-1936.html
http://support.novell.com/security/cve/CVE-2011-2901.html
https://bugzilla.novell.com/654798
https://bugzilla.novell.com/659070
https://bugzilla.novell.com/679344
https://bugzilla.novell.com/684297
https://bugzilla.novell.com/704380
https://bugzilla.novell.com/712038
http://download.novell.com/patch/finder/?keywords=8cb29b577c0a831bd5c0067789950f17
--
To unsubscribe, e-mail: Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
For additional commands, e-mail: Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
Posljednje sigurnosne preporuke