Security update for Xen (important)

2012-08-27T17:08:38
ID SUSE-SU-2012:1044-1
Type suse
Reporter Suse
Modified 2012-08-27T17:08:38

Description

Xen was updated to fix several security issues:

*

CVE-2012-3433: A xen HVM guest destroy p2m teardown host DoS vulnerability was fixed, where malicious guest could lock/crash the host.

*

CVE-2012-3432: A xen HVM guest user mode MMIO emulation DoS was fixed.

*

CVE-2012-2625: The xen pv bootloader doesn't check the size of the bzip2 or lzma compressed kernel, leading to denial of service (crash).

Also the following bug in XEN was fixed:

  • bnc#746702 - Xen HVM DomU crash during Windows Server 2008 R2 install, when maxmem > memory

This update also included bugfixes for:

  • vm-install: - bnc#762963 - ReaR: Unable to recover a paravirtualized XEN guest