SB2013080906 - SUSE Linux update for Xen

Description

This security bulletin contains information about 7 secuirty vulnerabilities.

1) Information disclosure (CVE-ID: CVE-2013-2076)

The vulnerability allows a remote #AU# to gain access to sensitive information.

Xen 4.0.x, 4.1.x, and 4.2.x, when running on AMD64 processors, only save/restore the FOP, FIP, and FDP x87 registers in FXSAVE/FXRSTOR when an exception is pending, which allows one domain to determine portions of the state of floating point instructions of other domains, which can be leveraged to obtain sensitive information such as cryptographic keys, a similar vulnerability to CVE-2006-1056. NOTE: this is the documented behavior of AMD64 processors, but it is inconsistent with Intel processors in a security-relevant fashion that was not addressed by the kernels.

2) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2013-2077)

The vulnerability allows a remote #AU# to perform a denial of service (DoS) attack.

Xen 4.0.x, 4.1.x, and 4.2.x does not properly restrict the contents of a XRSTOR, which allows local PV guest users to cause a denial of service (unhandled exception and hypervisor crash) via unspecified vectors.

3) Input validation error (CVE-ID: CVE-2013-2078)

The vulnerability allows a local non-authenticated attacker to perform a denial of service (DoS) attack.

Xen 4.0.2 through 4.0.4, 4.1.x, and 4.2.x allows local PV guest users to cause a denial of service (hypervisor crash) via certain bit combinations to the XSETBV instruction.

4) Input validation error (CVE-ID: CVE-2013-2194)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

Multiple integer overflows in the Elf parser (libelf) in Xen 4.2.x and earlier allow local guest administrators with certain permissions to have an unspecified impact via a crafted kernel.

5) Input validation error (CVE-ID: CVE-2013-2195)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The Elf parser (libelf) in Xen 4.2.x and earlier allow local guest administrators with certain permissions to have an unspecified impact via a crafted kernel, related to "pointer dereferences" involving unexpected calculations.

6) Input validation error (CVE-ID: CVE-2013-2196)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

Multiple unspecified vulnerabilities in the Elf parser (libelf) in Xen 4.2.x and earlier allow local guest administrators with certain permissions to have an unspecified impact via a crafted kernel, related to "other problems" that are not CVE-2013-2194 or CVE-2013-2195.

7) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2013-2211)

The vulnerability allows a remote #AU# to execute arbitrary code.

The libxenlight (libxl) toolstack library in Xen 4.0.x, 4.1.x, and 4.2.x uses weak permissions for xenstore keys for paravirtualised and emulated serial console devices, which allows local guest administrators to modify the xenstore value via unspecified vectors.

Remediation

Install update from vendor's website.

References

• https://lists.opensuse.org/opensuse-security-announce/2013-08/msg00005.html