SUSE: 2012:0730-1 Critical: XEN Denial of Service and Fault Management
suse
June 12, 2012
An update that fixes three vulnerabilities is now available
Summary
Three security issues were found in XEN.
Two security issues are fixed by this update:
*
CVE-2012-0217: Due to incorrect fault handling in the
XEN hypervisor it was possible for a XEN guest domain
administrator to execute code in the XEN host environment.
*
CVE-2012-0218: Also a guest user could crash the
guest XEN kernel due to a protection fault bounce.
The third fix is changing the Xen behaviour on certain
hardware:
*
CVE-2012-2934: The issue is a denial of service issue
on older pre-SVM AMD CPUs (AMD Erratum 121).
AMD Erratum #121 is described in "Revision Guide for
AMD Athlon 64 and AMD Opteron Processors":
https://www.amd.com/en/support.html
Topics Covered
References
#757537 #757970 #764077
Cross- CVE-2012-0217 CVE-2012-0218 CVE-2012-2934
Affected Products:
SUSE Linux Enterprise Software Development Kit 11 SP1
SUSE Linux Enterprise Server 11 SP1 for VMware
SUSE Linux Enterprise Server 11 SP1
SUSE Linux Enterprise Server 10 SP4
SUSE Linux Enterprise Server 10 SP3 LTSS
SUSE Linux Enterprise Server 10 SP2
SUSE Linux Enterprise Desktop 11 SP1
SUSE Linux Enterprise Desktop 10 SP4
SLE SDK 10 SP4
https://www.suse.com/security/cve/CVE-2012-0217.html
https://www.suse.com/security/cve/CVE-2012-0218.html
https://www.suse.com/security/cve/CVE-2012-2934.html
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Announcement ID: SUSE-SU-2012:0730-1
Rating: critical
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!