openSUSE 12.3: 2014:1279-1 Critical Xen Security Update Released
opensuse
October 9, 2014
An update that solves 10 vulnerabilities and has 8 fixes is An update that solves 10 vulnerabilities and has 8 fixes is An update that solves 10 vulnerabilities and has 8 fixes is ...
Description
XEN was updated to fix various bugs and security issues.
Security issues fixed:
- bnc#897657 - CVE-2014-7188: XSA-108 Improper MSR range used for x2APIC
emulation
- bnc#895802 - CVE-2014-7156: XSA-106: Missing privilege level checks in
x86 emulation of software interrupts
- bnc#895799 - CVE-2014-7155: XSA-105: Missing privilege level checks in
x86 HLT, LGDT, LIDT, and LMSW emulation
- bnc#895798 - CVE-2014-7154: XSA-104: Race condition in
HVMOP_track_dirty_vram
- bnc#864801 - CVE-2013-4540: qemu: zaurus: buffer overrun on invalid
state load
- bnc#880751 - CVE-2014-4021: XSA-100: Hypervisor heap contents leaked to
guests
- bnc#878841 - CVE-2014-3967,CVE-2014-3968: XSA-96: Vulnerabilities in HVM
MSI injection
- bnc#867910 - CVE-2014-2599: XSA-89: HVMOP_set_mem_access is not
preemptible
- bnc#842006 - CVE-2013-4344: XSA-65: xen: qemu SCSI REPORT LUNS buffer
overflow
Other bugs fixed:
- bnc#896023 -...
Read the Full Advisory
Topics Covered
Patch
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 12.3:
zypper in -t patch openSUSE-2014-579
To bring your system up-to-date, use "zypper patch".
Package List
- openSUSE 12.3 (i586 x86_64):
xen-debugsource-4.2.4_04-1.32.1
xen-devel-4.2.4_04-1.32.1
xen-kmp-default-4.2.4_04_k3.7.10_1.40-1.32.1
xen-kmp-default-debuginfo-4.2.4_04_k3.7.10_1.40-1.32.1
xen-kmp-desktop-4.2.4_04_k3.7.10_1.40-1.32.1
xen-kmp-desktop-debuginfo-4.2.4_04_k3.7.10_1.40-1.32.1
xen-libs-4.2.4_04-1.32.1
xen-libs-debuginfo-4.2.4_04-1.32.1
xen-tools-domU-4.2.4_04-1.32.1
xen-tools-domU-debuginfo-4.2.4_04-1.32.1
- openSUSE 12.3 (x86_64):
xen-4.2.4_04-1.32.1
xen-doc-html-4.2.4_04-1.32.1
xen-doc-pdf-4.2.4_04-1.32.1
xen-libs-32bit-4.2.4_04-1.32.1
xen-libs-debuginfo-32bit-4.2.4_04-1.32.1
xen-tools-4.2.4_04-1.32.1
xen-tools-debuginfo-4.2.4_04-1.32.1
- openSUSE 12.3 (i586):
xen-kmp-pae-4.2.4_04_k3.7.10_1.40-1.32.1
xen-kmp-pae-debuginfo-4.2.4_04_k3.7.10_1.40-1.32.1
References
https://www.suse.com/security/cve/CVE-2013-4344.html
https://www.suse.com/security/cve/CVE-2013-4540.html
https://www.suse.com/security/cve/CVE-2014-2599.html
https://www.suse.com/security/cve/CVE-2014-3967.html
https://www.suse.com/security/cve/CVE-2014-3968.html
https://www.suse.com/security/cve/CVE-2014-4021.html
https://www.suse.com/security/cve/CVE-2014-7154.html
https://www.suse.com/security/cve/CVE-2014-7155.html
https://www.suse.com/security/cve/CVE-2014-7156.html
https://www.suse.com/security/cve/CVE-2014-7188.html
https://bugzilla.suse.com/show_bug.cgi?id=798770
https://bugzilla.suse.com/show_bug.cgi?id=820873
https://bugzilla.suse.com/show_bug.cgi?id=833483
https://bugzilla.suse.com/show_bug.cgi?id=842006
https://bugzilla.suse.com/show_bug.cgi?id=858178
https://bugzilla.suse.com/show_bug.cgi?id=862608
https://bugzilla.suse.com/show_bug.cgi?id=864801
https://bugzilla.suse.com/show_bug.cgi?id=865682
https://bugzilla.suse.com/show_bug.cgi?id=867910
https://bugzilla.suse.com/show_bug.cgi?id=878841...
Read the Full Advisory
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: openSUSE-SU-2014:1279-1
Rating: important
Affected Products:
openSUSE 12.3
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!