Three security issues were found in XEN.
Two security issues are fixed by this update:
CVE-2012-0217: Due to incorrect fault handling in the
XEN hypervisor it was possible for a XEN guest domain
administrator to execute code in the XEN host environment.
CVE-2012-0218: Also a guest user could crash the
guest XEN kernel due to a protection fault bounce.
The third fix is changing the Xen behaviour on certain
hardware:
CVE-2012-2934: The issue is a denial of service issue
on older pre-SVM AMD CPUs (AMD Erratum 121).
AMD Erratum #121 is described in "Revision Guide for
AMD Athlon 64 and AMD Opteron Processors":
<a href=“http://support.amd.com/us/Processor_TechDocs/25759.pdf”>http://support.amd.com/us/Processor_TechDocs/25759.pdf</a>
<<a href=“http://support.amd.com/us/Processor_TechDocs/25759.pdf”>http://support.amd.com/us/Processor_TechDocs/25759.pdf</a>>
The following 130nm and 90nm (DDR1-only) AMD
processors are subject to this erratum:
o
First-generation AMD-Opteron™ single and
dual core processors in either 939 or 940 packages:
This issue does not effect Intel processors.
The impact of this flaw is that a malicious PV guest
user can halt the host system.
As this is a hardware flaw, it is not fixable except
by upgrading your hardware to a newer revision, or not
allowing untrusted 64bit guestsystems.
The patch changes the behaviour of the host system
booting, which makes it unable to create guest machines
until a specific boot option is set.
There is a new XEN boot option "allow_unsafe" for
GRUB which allows the host to start guests again.
This is added to /boot/grub/menu.lst in the line
looking like this:
kernel /boot/xen.gz … allow_unsafe
Note: … in this example represents the existing
boot options for the host.
download.novell.com/patch/finder/?keywords=1428153e4b377d6519b568fc4a847a50
download.novell.com/patch/finder/?keywords=1fd339d2b48672edeccbed4bd3b9dd9d
download.novell.com/patch/finder/?keywords=bbca71d17e042f39532a8e3060358202
download.novell.com/patch/finder/?keywords=c25fa3090bc865a8836ebaff073cd9b6
bugzilla.novell.com/757537
bugzilla.novell.com/757970
bugzilla.novell.com/764077