Xen 3.4.4 RPM Update (CVE-2012-3494 CVE-2012-3496)

Update RPM’s for Xen 3.4.4 are available from our repo http://wiki.solusvm.com/index.php?title=Software_Repositories

Changelog:

Security patches for CVE-2012-3494 & CVE-2012-3496

CVE-2012-3494

http://seclists.org/oss-sec/2012/q3/376

[quote] Xen Security Advisory CVE-2012-3494 / XSA-12
version 3

hypercall set_debugreg vulnerability

UPDATES IN VERSION 3
====================

Public release.

ISSUE DESCRIPTION
=================

set_debugreg allows writes to reserved bits of the DR7 debug control
register on x86-64.

IMPACT
======

A malicious guest can cause the host to crash, leading to a DoS.

If the vulnerable hypervisor is run on future hardware, the impact of
the vulnerability might be widened depending on the future assignment
of the currently-reserved debug register bits.

VULNERABLE SYSTEMS
==================

All systems running 64-bit paravirtualised guests.

The vulnerability dates back to at least Xen 4.0. 4.0, 4.1, the 4.2
RCs, and xen-unstable.hg are all vulnerable.

MITIGATION
==========

This issue can be mitigated by ensuring (inside the guest) that the
kernel is trustworthy, or by running only 32-bit or HVM guests.[/quote]

CVE-2012-3496

http://seclists.org/oss-sec/2012/q3/378

[quote] Xen Security Advisory CVE-2012-3496 / XSA-14
version 3

XENMEM_populate_physmap DoS vulnerability

UPDATES IN VERSION 3
====================

Public release. Credit Matthew Daley.

ISSUE DESCRIPTION
=================

XENMEM_populate_physmap can be called with invalid flags. By calling
it with MEMF_populate_on_demand flag set, a BUG can be triggered if a
translating paging mode is not being used.

IMPACT
======

A malicious guest kernel can crash the host.

VULNERABLE SYSTEMS
==================

All Xen systems running PV guests. Systems running only HVM guests
are not vulnerable.

The vulnerability dates back to at least Xen 4.0. 4.0, 4.1, the 4.2
RCs, and xen-unstable.hg are all vulnerable.

MITIGATION
==========

This issue can be mitigated by ensuring that the guest kernel is
trustworthy or by running only HVM guests.

RESOLUTION
==========

Applying the appropriate attached patch will resolve the issue.

CREDIT
======

Thanks to Matthew Daley for finding this vulnerability (and that in
XSA-12) and notifying the Xen.org security team.[/quote]

Menu