Security update for Xen and libvirt (important)

2012-08-27T17:08:36
ID SUSE-SU-2012:1043-1
Type suse
Reporter Suse
Modified 2012-08-27T17:08:36

Description

Xen was updated to fix several security issues:

*

CVE-2012-3433: A xen HVM guest destroy p2m teardown host DoS vulnerability was fixed, where malicious guest could lock/crash the host.

*

CVE-2012-3432: A xen HVM guest user mode MMIO emulation DoS was fixed.

*

CVE-2012-2625: The xen pv bootloader doesn't check the size of the bzip2 or lzma compressed kernel, leading to denial of service (crash).

Also the following bug in XEN has been fixed:

  • bnc#746702 - Xen HVM DomU crash during Windows Server 2008 R2 install, when maxmem > memory

This update also included bugfixes for:

*

vm-install: - bnc#762963 - ReaR: Unable to recover a paravirtualized XEN guest

*

virt-manager - SLE11-SP2 ONLY

  • bnc#764982 - virt-manager fails to start after upgrade to SLES11 SP2 from SLES10