Solution
Please Install the Updated Packages.
Insight
XEN was updated to fix various denial of service issues.
- bnc#789945 - CVE-2012-5510: xen: Grant table version switch list corruption vulnerability (XSA-26)
- bnc#789944 - CVE-2012-5511: xen: Several HVM operations do not validate the range of their inputs (XSA-27)
- bnc#789940 - CVE-2012-5512: xen: HVMOP_get_mem_access crash / HVMOP_set_mem_access information leak (XSA-28)
- bnc#789951 - CVE-2012-5513: xen: XENMEM_exchange may overwrite hypervisor memory (XSA-29)
- bnc#789948 - CVE-2012-5514: xen: Missing unlock in guest_physmap_mark_populate_on_demand() (XSA-30)
- bnc#789950 - CVE-2012-5515: xen: Several memory hypercall operations allow invalid extent order values (XSA-31)
- bnc#789988 - FATAL PAGE FAULT in hypervisor
(arch_do_domctl)
- Upstream patches from Jan
26132-tmem-save-NULL-check.patch
26134-x86-shadow-invlpg-check.patch
26148-vcpu-timer-overflow.patch (Replaces
CVE-2012-4535-xsa20.patch)
26149-x86-p2m-physmap-error-path.patch (Replaces
CVE-2012-4537-xsa22.patch)
26150-x86-shadow-unhook-toplevel-check.patch (Replaces CVE-2012-4538-xsa23.patch)
- bnc#777628 - guest "
disappears"
after live migration
Updated block-dmmd script
- Fix exception in balloon.py and osdep.py
xen-max-free-mem.diff
- bnc#792476 - efi files missing in latest XEN update Revert c/s 25751 EFI Makefile changes in
23614-x86_64-EFI-boot.patch
Affected
xen on openSUSE 12.1
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2012-4535, CVE-2012-4537, CVE-2012-4538, CVE-2012-5510, CVE-2012-5511, CVE-2012-5512, CVE-2012-5513, CVE-2012-5514, CVE-2012-5515 -
CVSS Base Score: 6.9
AV:L/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities