Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 568
Alerts This Week
Warning Icon 1 568

openSUSE: 2015:0256-1 Important: Xen Security Update and Resolved Issues

opensuse
Calendar Grey February 11, 2015
Dist Opensuse Esm H88
Crucial security patch for openSUSE addresses multiple concerns with Xen virtualization, enhancing both system reliability and safeguarding.
An update that solves 11 vulnerabilities and has 9 fixes is now available.

Description

The XEN virtualization was updated to fix bugs and security issues:

Security issues fixed: CVE-2015-0361: XSA-116: xen: xen crash due to use

after free on hvm guest teardown

CVE-2014-9065, CVE-2014-9066: XSA-114: xen: p2m lock starvation

CVE-2014-9030: XSA-113: Guest effectable page reference leak in

MMU_MACHPHYS_UPDATE handling

CVE-2014-8867: XSA-112: xen: Insufficient bounding of "REP MOVS" to MMIO

emulated inside the hypervisor

CVE-2014-8866: XSA-111: xen: Excessive checking in compatibility mode

hypercall argument translation

CVE-2014-8595: XSA-110: xen: Missing privilege level checks in x86

emulation of far branches

CVE-2014-8594: XSA-109: xen: Insufficient restrictions on certain MMU

update hypercalls

CVE-2013-3495: XSA-59: xen: Intel VT-d Interrupt Remapping engines can be

evaded by native NMI interrupts

CVE-2014-5146, CVE-2014-5149: xen: XSA-97 Long latency virtual-mmu

operations are not preemptible

Bugs...

Read the Full Advisory

Patch

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

- openSUSE 13.2:

zypper in -t patch openSUSE-2015-129=1

To bring your system up-to-date, use "zypper patch".

Package List

- openSUSE 13.2 (i586 x86_64):

xen-debugsource-4.4.1_08-9.1

xen-devel-4.4.1_08-9.1

xen-libs-4.4.1_08-9.1

xen-libs-debuginfo-4.4.1_08-9.1

xen-tools-domU-4.4.1_08-9.1

xen-tools-domU-debuginfo-4.4.1_08-9.1

- openSUSE 13.2 (x86_64):

xen-4.4.1_08-9.1

xen-doc-html-4.4.1_08-9.1

xen-kmp-default-4.4.1_08_k3.16.7_7-9.1

xen-kmp-default-debuginfo-4.4.1_08_k3.16.7_7-9.1

xen-kmp-desktop-4.4.1_08_k3.16.7_7-9.1

xen-kmp-desktop-debuginfo-4.4.1_08_k3.16.7_7-9.1

xen-libs-32bit-4.4.1_08-9.1

xen-libs-debuginfo-32bit-4.4.1_08-9.1

xen-tools-4.4.1_08-9.1

xen-tools-debuginfo-4.4.1_08-9.1

References

https://www.suse.com/security/cve/CVE-2013-3495.html

https://www.suse.com/security/cve/CVE-2014-5146.html

https://www.suse.com/security/cve/CVE-2014-5149.html

https://www.suse.com/security/cve/CVE-2014-8594.html

https://www.suse.com/security/cve/CVE-2014-8595.html

https://www.suse.com/security/cve/CVE-2014-8866.html

https://www.suse.com/security/cve/CVE-2014-8867.html

https://www.suse.com/security/cve/CVE-2014-9030.html

https://www.suse.com/security/cve/CVE-2014-9065.html

https://www.suse.com/security/cve/CVE-2014-9066.html

https://www.suse.com/security/cve/CVE-2015-0361.html

https://bugzilla.suse.com/show_bug.cgi?id=826717

https://bugzilla.suse.com/show_bug.cgi?id=866902

https://bugzilla.suse.com/show_bug.cgi?id=882089

https://bugzilla.suse.com/show_bug.cgi?id=889526

https://bugzilla.suse.com/show_bug.cgi?id=896023

https://bugzilla.suse.com/show_bug.cgi?id=897906

https://bugzilla.suse.com/show_bug.cgi?id=898772

https://bugzilla.suse.com/show_bug.cgi?id=900292

https://bugzilla.suse.com/show_bug.cgi?id=90...

Read the Full Advisory

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2015:0256-1
Rating: important
Affected Products: openSUSE 13.2 le.

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.