SUSE-SU-2015:0944-1

See a problem?
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2015:0944-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2015:0944-1
Related
Published
2013-03-13T11:27:38Z
Modified
2013-03-13T11:27:38Z
Summary
Security update for Xen
Details

XEN has been updated to fix various bugs and security issues:

* 

  CVE-2013-0153: (XSA 36) To avoid an erratum in early hardware, the
  Xen AMD IOMMU code by default choose to use a single interrupt
  remapping table for the whole system. This sharing implied that any
  guest with a passed through PCI device that is bus mastering capable
  can inject interrupts into other guests, including domain 0. This has
  been disabled for AMD chipsets not capable of it.

* 

  CVE-2012-6075: qemu: The e1000 had overflows under some conditions,
  potentially corrupting memory.

* 

  CVE-2013-0154: (XSA 37) Hypervisor crash due to incorrect ASSERT
  (debug build only)

* 

  CVE-2012-5634: (XSA-33) A VT-d interrupt remapping source validation
  flaw was fixed.

Also the following bugs have been fixed:

* bnc#805094 - xen hot plug attach/detach fails
* bnc#802690 - domain locking can prevent a live migration from
  completing
* bnc#797014 - no way to control live migrations
      o fix logic error in stdiostream_progress
      o restore logging in xc_save
      o add options to control migration tunables
* bnc#806736: enabling xentrace crashes hypervisor
* Upstream patches from Jan 26287-sched-credit-pick-idle.patch
  26501-VMX-simplify-CR0-update.patch
  26502-VMX-disable-SMEP-when-not-paging.patch
  26516-ACPI-parse-table-retval.patch (Replaces
  CVE-2013-0153-xsa36.patch) 26517-AMD-IOMMU-clear-irtes.patch
  (Replaces CVE-2013-0153-xsa36.patch)
  26518-AMD-IOMMU-disable-if-SATA-combined-mode.patch (Replaces
  CVE-2013-0153-xsa36.patch)
  26519-AMD-IOMMU-perdev-intremap-default.patch (Replaces
  CVE-2013-0153-xsa36.patch) 26526-pvdrv-no-devinit.patch
  26531-AMD-IOMMU-IVHD-special-missing.patch (Replaces
  CVE-2013-0153-xsa36.patch)
* bnc#798188 - Add $network to xend initscript dependencies
* bnc#799694 - Unable to dvd or cdrom-boot DomU after xen-tools update
  Fixed with update to Xen version 4.1.4
* bnc#800156 - L3: HP iLo Generate NMI function not working in XEN
  kernel
* Upstream patches from Jan 26404-x86-forward-both-NMI-kinds.patch
  26427-x86-AMD-enable-WC+.patch
* bnc#793927 - Xen VMs with more than 2 disks randomly fail to start
* Upstream patches from Jan 26332-x86-compat-show-guest-stack-mfn.patch
  26333-x86-get_page_type-assert.patch (Replaces
  CVE-2013-0154-xsa37.patch)
  26340-VT-d-intremap-verify-legacy-bridge.patch (Replaces
  CVE-2012-5634-xsa33.patch) 26370-libxc-x86-initial-mapping-fit.patch
* Update to Xen 4.1.4 c/s 23432
* Update xenpaging.guest-memusage.patch add rule for xenmem to avoid
  spurious build failures
* Upstream patches from Jan 26179-PCI-find-next-cap.patch
  26183-x86-HPET-masking.patch 26188-x86-time-scale-asm.patch
  26200-IOMMU-debug-verbose.patch 26203-x86-HAP-dirty-vram-leak.patch
  26229-gnttab-version-switch.patch (Replaces
  CVE-2012-5510-xsa26.patch) 26230-x86-HVM-limit-batches.patch
  (Replaces CVE-2012-5511-xsa27.patch)
  26231-memory-exchange-checks.patch (Replaces
  CVE-2012-5513-xsa29.patch) 26232-x86-mark-PoD-error-path.patch
  (Replaces CVE-2012-5514-xsa30.patch) 26233-memop-order-checks.patch
  (Replaces CVE-2012-5515-xsa31.patch)
  26235-IOMMU-ATS-max-queue-depth.patch
  26272-x86-EFI-makefile-cflags-filter.patch
  26294-x86-AMD-Fam15-way-access-filter.patch CVE-2013-0154-xsa37.patch
* Restore c/s 25751 in 23614-x86_64-EFI-boot.patch. Modify the EFI
  Makefile to do additional filtering.

Security Issue references:

* CVE-2013-0153
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0153>
* CVE-2012-6075
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6075>
* CVE-2012-5634
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5634>
References

Affected packages