SUSE: 2012:1045-1 Urgent: Xen Denial of Service Security Vulnerabilities
suse
August 27, 2012
An update that solves three vulnerabilities and has three An update that solves three vulnerabilities and has three An update that solves three vulnerabilities and has three fixes ...
Summary
Xen was updated to fix several security issues:
*
CVE-2012-3433: A xen HVM guest destroy p2m teardown
host DoS vulnerability was fixed, where malicious guest
could lock/crash the host.
*
CVE-2012-3432: A xen HVM guest user mode MMIO
emulation DoS was fixed.
*
CVE-2012-2625: The xen pv bootloader doesn't check
the size of the bzip2 or lzma compressed kernel, leading to
denial of service (crash).
Also the following bug in XEN was fixed:
* bnc#746702 - Xen HVM DomU crash during Windows Server
2008 R2 install, when maxmem > memory
This update also included bugfixes for:
* vm-install: - bnc#762963 - ReaR: Unable to recover a
paravirtualized XEN guest
Security Issue references:
* CVE-2012-3432
Topics Covered
References
#744771 #746702 #762484 #762963 #773393 #773401
Cross- CVE-2012-2625 CVE-2012-3432 CVE-2012-3433
Affected Products:
SUSE Linux Enterprise Software Development Kit 11 SP1
SUSE Linux Enterprise Server 11 SP1 for VMware
SUSE Linux Enterprise Server 11 SP1
SUSE Linux Enterprise Desktop 11 SP1
https://www.suse.com/security/cve/CVE-2012-2625.html
https://www.suse.com/security/cve/CVE-2012-3432.html
https://www.suse.com/security/cve/CVE-2012-3433.html
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: SUSE-SU-2012:1044-1
Rating: important
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!