SUSE: 2011:0925-1 Critical: Xen Crash Risk in Virtualization

Warning: Undefined array key "advisoryid" in /var/www/www.linuxsecurity.com-443/html/tmp/regularlabs/custom_php/3820727_1edcd913e2b52798c5b9126b8927230e on line 19

   SUSE Security Update: Security update for Xen
______________________________________________________________________________

Announcement ID:    SUSE-SU-2011:0925-1
Rating:             important
References:         #704380 
Cross-References:   CVE-2011-1936
Affected Products:
                    SUSE Linux Enterprise Server 10 SP4
                    SUSE Linux Enterprise Desktop 10 SP4
                    SLE SDK 10 SP4
______________________________________________________________________________

   An update that fixes one vulnerability is now available.

Description:


   A security bug was fixed in Xen

   * CVE-2011-1936 A bug was found in the way Xen handles
   CPUID instruction emulation during VM exits. An
   unprivileged guest user can potentially use this flaw to
   crash the guest.

   This issue only affected systems running on x86
   architecture with Intel  processor and VMX virtualization
   extension enabled.

   Security Issue references:

   * CVE-2011-1898
   
   * CVE-2011-1936
   

Indications:

   Please install this update.


Package List:

   - SUSE Linux Enterprise Server 10 SP4 (i586 x86_64):

      xen-3.2.3_17040_37-0.7.1
      xen-devel-3.2.3_17040_37-0.7.1
      xen-doc-html-3.2.3_17040_37-0.7.1
      xen-doc-pdf-3.2.3_17040_37-0.7.1
      xen-doc-ps-3.2.3_17040_37-0.7.1
      xen-kmp-debug-3.2.3_17040_37_2.6.16.60_0.87.9-0.7.1
      xen-kmp-default-3.2.3_17040_37_2.6.16.60_0.87.9-0.7.1
      xen-kmp-kdump-3.2.3_17040_37_2.6.16.60_0.87.9-0.7.1
      xen-kmp-smp-3.2.3_17040_37_2.6.16.60_0.87.9-0.7.1
      xen-libs-3.2.3_17040_37-0.7.1
      xen-tools-3.2.3_17040_37-0.7.1
      xen-tools-domU-3.2.3_17040_37-0.7.1
      xen-tools-ioemu-3.2.3_17040_37-0.7.1

   - SUSE Linux Enterprise Server 10 SP4 (x86_64):

      xen-libs-32bit-3.2.3_17040_37-0.7.1

   - SUSE Linux Enterprise Server 10 SP4 (i586):

      xen-kmp-bigsmp-3.2.3_17040_37_2.6.16.60_0.87.9-0.7.1
      xen-kmp-kdumppae-3.2.3_17040_37_2.6.16.60_0.87.9-0.7.1
      xen-kmp-vmi-3.2.3_17040_37_2.6.16.60_0.87.9-0.7.1
      xen-kmp-vmipae-3.2.3_17040_37_2.6.16.60_0.87.9-0.7.1

   - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64):

      xen-3.2.3_17040_37-0.7.1
      xen-devel-3.2.3_17040_37-0.7.1
      xen-doc-html-3.2.3_17040_37-0.7.1
      xen-doc-pdf-3.2.3_17040_37-0.7.1
      xen-doc-ps-3.2.3_17040_37-0.7.1
      xen-kmp-default-3.2.3_17040_37_2.6.16.60_0.87.9-0.7.1
      xen-kmp-smp-3.2.3_17040_37_2.6.16.60_0.87.9-0.7.1
      xen-libs-3.2.3_17040_37-0.7.1
      xen-tools-3.2.3_17040_37-0.7.1
      xen-tools-domU-3.2.3_17040_37-0.7.1
      xen-tools-ioemu-3.2.3_17040_37-0.7.1

   - SUSE Linux Enterprise Desktop 10 SP4 (x86_64):

      xen-libs-32bit-3.2.3_17040_37-0.7.1

   - SUSE Linux Enterprise Desktop 10 SP4 (i586):

      xen-kmp-bigsmp-3.2.3_17040_37_2.6.16.60_0.87.9-0.7.1

   - SLE SDK 10 SP4 (i586 x86_64):

      xen-3.2.3_17040_37-0.7.1
      xen-devel-3.2.3_17040_37-0.7.1
      xen-kmp-debug-3.2.3_17040_37_2.6.16.60_0.87.9-0.7.1
      xen-kmp-kdump-3.2.3_17040_37_2.6.16.60_0.87.9-0.7.1
      xen-libs-3.2.3_17040_37-0.7.1
      xen-tools-3.2.3_17040_37-0.7.1
      xen-tools-ioemu-3.2.3_17040_37-0.7.1

   - SLE SDK 10 SP4 (x86_64):

      xen-libs-32bit-3.2.3_17040_37-0.7.1


References:

   https://www.suse.com/security/cve/CVE-2011-1936.html