openSUSE 12.1: 2012:1572-1 Important: XEN Out-Of-Memory DoS Fix
opensuse
November 26, 2012
An update that solves 16 vulnerabilities and has one errata is now available.
Description
This security update of XEN fixes various bugs and security
issues.
- Upstream patch 26088-xend-xml-filesize-check.patch
- bnc#787163 - CVE-2012-4544: xen: Domain builder Out-of- memory due to malicious kernel/ramdisk (XSA 25)
CVE-2012-4544-xsa25.patch
- bnc#779212 - CVE-2012-4411: XEN / qemu: guest
administrator can access qemu monitor console (XSA-19)
CVE-2012-4411-xsa19.patch
- bnc#786516 - CVE-2012-4535: xen: Timer overflow DoS
vulnerability CVE-2012-4535-xsa20.patch
- bnc#786518 - CVE-2012-4536: xen: pirq range check DoS
vulnerability CVE-2012-4536-xsa21.patch
- bnc#786517 - CVE-2012-4537: xen: Memory mapping failure
DoS vulnerability CVE-2012-4537-xsa22.patch
- bnc#786519 - CVE-2012-4538: xen: Unhooking empty PAE
entries DoS vulnerability CVE-2012-4538-xsa23.patch
- bnc#786520 - CVE-2012-4539: xen: Grant table hypercall
infinite loop DoS vulnerability CVE-2012-4539-xsa24.patch
- bnc#784087 - L3: Xen BUG at...
Read the Full Advisory
Patch
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 12.1:
zypper in -t patch openSUSE-2012-811
To bring your system up-to-date, use "zypper patch".
Package List
- openSUSE 12.1 (i586 x86_64):
xen-debugsource-4.1.3_04-1.21.1
xen-devel-4.1.3_04-1.21.1
xen-kmp-default-4.1.3_04_k3.1.10_1.16-1.21.1
xen-kmp-default-debuginfo-4.1.3_04_k3.1.10_1.16-1.21.1
xen-kmp-desktop-4.1.3_04_k3.1.10_1.16-1.21.1
xen-kmp-desktop-debuginfo-4.1.3_04_k3.1.10_1.16-1.21.1
xen-libs-4.1.3_04-1.21.1
xen-libs-debuginfo-4.1.3_04-1.21.1
xen-tools-domU-4.1.3_04-1.21.1
xen-tools-domU-debuginfo-4.1.3_04-1.21.1
- openSUSE 12.1 (x86_64):
xen-4.1.3_04-1.21.1
xen-doc-html-4.1.3_04-1.21.1
xen-doc-pdf-4.1.3_04-1.21.1
xen-libs-32bit-4.1.3_04-1.21.1
xen-libs-debuginfo-32bit-4.1.3_04-1.21.1
xen-tools-4.1.3_04-1.21.1
xen-tools-debuginfo-4.1.3_04-1.21.1
- openSUSE 12.1 (ia64):
xen-libs-debuginfo-x86-4.1.3_04-1.21.1
xen-libs-x86-4.1.3_04-1.21.1
- openSUSE 12.1 (i586):
xen-kmp-pae-4.1.3_04_k3.1.10_1.16-1.21.1
xen-kmp-pae-debuginfo-4.1.3_04_k3.1.10_1.16-1.21.1
References
https://www.suse.com/security/cve/CVE-2007-0998.html
https://www.suse.com/security/cve/CVE-2012-2625.html
https://www.suse.com/security/cve/CVE-2012-2934.html
https://www.suse.com/security/cve/CVE-2012-3494.html
https://www.suse.com/security/cve/CVE-2012-3495.html
https://www.suse.com/security/cve/CVE-2012-3496.html
https://www.suse.com/security/cve/CVE-2012-3497.html
https://www.suse.com/security/cve/CVE-2012-3498.html
https://www.suse.com/security/cve/CVE-2012-3515.html
https://www.suse.com/security/cve/CVE-2012-4411.html
https://www.suse.com/security/cve/CVE-2012-4535.html
https://www.suse.com/security/cve/CVE-2012-4536.html
https://www.suse.com/security/cve/CVE-2012-4537.html
https://www.suse.com/security/cve/CVE-2012-4538.html
https://www.suse.com/security/cve/CVE-2012-4539.html
https://www.suse.com/security/cve/CVE-2012-4544.html
--
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: openSUSE-SU-2012:1572-1
Rating: important
Affected Products:
openSUSE 12.1
le.
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!