SB2012111907 - SUSE Linux update for libvirt

Description

This security bulletin contains information about 9 secuirty vulnerabilities.

1) NULL pointer dereference (CVE-ID: CVE-2012-3497)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error. A remote attacker can trigger denial of service conditions via a NULL client id.

2) Information disclosure (CVE-ID: CVE-2012-4411)

The vulnerability allows a local #AU# to gain access to sensitive information.

The graphical console in Xen 4.0, 4.1 and 4.2 allows local OS guest administrators to obtain sensitive host resource information via the qemu monitor. NOTE: this might be a duplicate of CVE-2007-0998.

3) NULL pointer dereference (CVE-ID: CVE-2012-4423)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error. A remote attacker can trigger denial of service conditions via an RPC call with (1) an event as the RPC number or (2) an RPC number whose value is in a "gap" in the RPC dispatch table.

4) Resource management error (CVE-ID: CVE-2012-4535)

The vulnerability allows a local non-authenticated attacker to perform service disruption.

Xen 3.4 through 4.2, and possibly earlier versions, allows local guest OS administrators to cause a denial of service (Xen infinite loop and physical CPU consumption) by setting a VCPU with an "inappropriate deadline."

5) Input validation error (CVE-ID: CVE-2012-4536)

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The (1) domain_pirq_to_emuirq and (2) physdev_unmap_pirq functions in Xen 2.2 allows local guest OS administrators to cause a denial of service (Xen crash) via a crafted pirq value that triggers an out-of-bounds read.

6) Configuration (CVE-ID: CVE-2012-4537)

The vulnerability allows a local non-authenticated attacker to perform service disruption.

Xen 3.4 through 4.2, and possibly earlier versions, does not properly synchronize the p2m and m2p tables when the set_p2m_entry function fails, which allows local HVM guest OS administrators to cause a denial of service (memory consumption and assertion failure), aka "Memory mapping failure DoS vulnerability."

7) Input validation error (CVE-ID: CVE-2012-4538)

The vulnerability allows a local non-authenticated attacker to perform a denial of service (DoS) attack.

The HVMOP_pagetable_dying hypercall in Xen 4.0, 4.1, and 4.2 does not properly check the pagetable state when running on shadow pagetables, which allows a local HVM guest OS to cause a denial of service (hypervisor crash) via unspecified vectors.

8) Resource management error (CVE-ID: CVE-2012-4539)

The vulnerability allows a local non-authenticated attacker to perform service disruption.

Xen 4.0 through 4.2, when running 32-bit x86 PV guests on 64-bit hypervisors, allows local guest OS administrators to cause a denial of service (infinite loop and hang or crash) via invalid arguments to GNTTABOP_get_status_frames, aka "Grant table hypercall infinite loop DoS vulnerability."

9) Input validation error (CVE-ID: CVE-2012-4544)

The vulnerability allows a local non-authenticated attacker to perform service disruption.

The PV domain builder in Xen 4.2 and earlier does not validate the size of the kernel or ramdisk (1) before or (2) after decompression, which allows local guest administrators to cause a denial of service (domain 0 memory consumption) via a crafted (a) kernel or (b) ramdisk.

Remediation

Install update from vendor's website.

References

• https://lists.opensuse.org/opensuse-security-announce/2012-11/msg00012.html