Alerts This Week
Warning Icon 1 664
Alerts This Week
Warning Icon 1 664

openSUSE 12.3: 2013-1709-1 Critical: Kernel Security Flaws Detected

opensuse
Calendar Grey December 23, 2012
Dist Opensuse Esm H88
Ubuntu has released crucial updates addressing several security risks in the kernel, including three critical flaws identified recently. Discover more.
An update that solves 6 vulnerabilities and has three fixes An update that solves 6 vulnerabilities and has three fixes An update that solves 6 vulnerabilities and has three fixes ...

Description

This update of XEN fixes various denial of service bugs.

- bnc#789945 - CVE-2012-5510: xen: Grant table version

switch list corruption vulnerability (XSA-26)

- bnc#789944 - CVE-2012-5511: xen: Several HVM operations

do not validate the range of their inputs (XSA-27)

- bnc#789940 - CVE-2012-5512: xen: HVMOP_get_mem_access

crash / HVMOP_set_mem_access information leak (XSA-28)

- bnc#789951 - CVE-2012-5513: xen: XENMEM_exchange may

overwrite hypervisor memory (XSA-29)

- bnc#789948 - CVE-2012-5514: xen: Missing unlock in

guest_physmap_mark_populate_on_demand() (XSA-30)

- bnc#789950 - CVE-2012-5515: xen: Several memory hypercall

operations allow invalid extent order values (XSA-31)

- bnc#789988 - FATAL PAGE FAULT in hypervisor

(arch_do_domctl)

25931-x86-domctl-iomem-mapping-checks.patch

- Upstream patches from Jan

26132-tmem-save-NULL-check.patch

26134-x86-shadow-invlpg-check.patch

26148-vcpu-timer-overflow.patch...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory denial of service software patch important update xen openSUSE CVE references

Patch

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

- openSUSE 12.2:

zypper in -t patch openSUSE-2012-870

To bring your system up-to-date, use "zypper patch".

Package List

- openSUSE 12.2 (i586 x86_64):

xen-debugsource-4.1.3_06-5.17.1

xen-devel-4.1.3_06-5.17.1

xen-kmp-default-4.1.3_06_k3.4.11_2.16-5.17.1

xen-kmp-default-debuginfo-4.1.3_06_k3.4.11_2.16-5.17.1

xen-kmp-desktop-4.1.3_06_k3.4.11_2.16-5.17.1

xen-kmp-desktop-debuginfo-4.1.3_06_k3.4.11_2.16-5.17.1

xen-libs-4.1.3_06-5.17.1

xen-libs-debuginfo-4.1.3_06-5.17.1

xen-tools-domU-4.1.3_06-5.17.1

xen-tools-domU-debuginfo-4.1.3_06-5.17.1

- openSUSE 12.2 (x86_64):

xen-4.1.3_06-5.17.1

xen-doc-html-4.1.3_06-5.17.1

xen-doc-pdf-4.1.3_06-5.17.1

xen-libs-32bit-4.1.3_06-5.17.1

xen-libs-debuginfo-32bit-4.1.3_06-5.17.1

xen-tools-4.1.3_06-5.17.1

xen-tools-debuginfo-4.1.3_06-5.17.1

- openSUSE 12.2 (i586):

xen-kmp-pae-4.1.3_06_k3.4.11_2.16-5.17.1

xen-kmp-pae-debuginfo-4.1.3_06_k3.4.11_2.16-5.17.1

References

https://www.suse.com/security/cve/CVE-2012-5510.html

https://www.suse.com/security/cve/CVE-2012-5511.html

https://www.suse.com/security/cve/CVE-2012-5512.html

https://www.suse.com/security/cve/CVE-2012-5513.html

https://www.suse.com/security/cve/CVE-2012-5514.html

https://www.suse.com/security/cve/CVE-2012-5515.html

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2012:1685-1
Rating: important
Affected Products: openSUSE 12.2

Topics%20covered

Topics Covered

security advisory denial of service software patch important update xen openSUSE CVE references

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here