Alerts This Week
Warning Icon 1 659
Alerts This Week
Warning Icon 1 659

openSUSE: 2013:0133-1 Critical: XEN Denial Of Service Issues

opensuse
Calendar Grey January 23, 2013
Dist Opensuse Esm H88
openSUSE Security Patch: xen addresses service interruption vulnerabilities; keep your system protected and current.
An update that fixes 6 vulnerabilities is now available

Description

XEN was updated to fix various denial of service issues.

- bnc#789945 - CVE-2012-5510: xen: Grant table version

switch list corruption vulnerability (XSA-26)

- bnc#789944 - CVE-2012-5511: xen: Several HVM operations

do not validate the range of their inputs (XSA-27)

- bnc#789940 - CVE-2012-5512: xen: HVMOP_get_mem_access

crash / HVMOP_set_mem_access information leak (XSA-28)

- bnc#789951 - CVE-2012-5513: xen: XENMEM_exchange may

overwrite hypervisor memory (XSA-29)

- bnc#789948 - CVE-2012-5514: xen: Missing unlock in

guest_physmap_mark_populate_on_demand() (XSA-30)

- bnc#789950 - CVE-2012-5515: xen: Several memory hypercall

operations allow invalid extent order values (XSA-31)

Topics%20covered

Topics Covered

security advisory denial of service security update critical xen openSUSE

Patch

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

- openSUSE 11.4/standard/i586/patchinfo.32:

zypper in -t patch 2012-25

To bring your system up-to-date, use "zypper patch".

Package List

- openSUSE 11.4/standard/i586/patchinfo.32 (i586 x86_64):

xen-4.0.3_05-49.1

xen-debugsource-4.0.3_05-49.1

xen-devel-4.0.3_05-49.1

xen-doc-html-4.0.3_05-49.1

xen-doc-pdf-4.0.3_05-49.1

xen-kmp-default-4.0.3_05_k2.6.37.6_24-49.1

xen-kmp-default-debuginfo-4.0.3_05_k2.6.37.6_24-49.1

xen-kmp-desktop-4.0.3_05_k2.6.37.6_24-49.1

xen-kmp-desktop-debuginfo-4.0.3_05_k2.6.37.6_24-49.1

xen-libs-4.0.3_05-49.1

xen-libs-debuginfo-4.0.3_05-49.1

xen-tools-4.0.3_05-49.1

xen-tools-debuginfo-4.0.3_05-49.1

xen-tools-domU-4.0.3_05-49.1

xen-tools-domU-debuginfo-4.0.3_05-49.1

- openSUSE 11.4/standard/i586/patchinfo.32 (i586):

xen-kmp-pae-4.0.3_05_k2.6.37.6_24-49.1

xen-kmp-pae-debuginfo-4.0.3_05_k2.6.37.6_24-49.1

References

https://www.suse.com/security/cve/CVE-2012-5510.html

https://www.suse.com/security/cve/CVE-2012-5511.html

https://www.suse.com/security/cve/CVE-2012-5512.html

https://www.suse.com/security/cve/CVE-2012-5513.html

https://www.suse.com/security/cve/CVE-2012-5514.html

https://www.suse.com/security/cve/CVE-2012-5515.html

Severity
critical
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2013:0133-1
Rating: important
Affected Products: openSUSE 11.4/standard/i586/patchinfo.32 .

Topics%20covered

Topics Covered

security advisory denial of service security update critical xen openSUSE

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here