Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Patches » SUSE-2012:6400


Id SUSE-2012:6400
Name Novell SUSE 2012:6400 xen-201206 recommended update for SLE 11 SP2 i586
Vendor Name novell
Product None
Content Type Recommended Recommended
Operating System(s) Linux 
Released On 06 Jun 2012 12:00:00


Novell SUSE 2012:6400 xen-201206 recommended update for SLE 11 SP2 i586

Vendor Name




Released On

06 Jun 2012 12:00:00



This collective update for Xen 2012/06 on SUSE Linux Enterprise 11 SP2 provides the following fixes: Xen * 757537: xen: CVE-2012-0217 PV guest escalation * 757970: xen: CVE-2012-0218 guest denial of service on syscall GPF generation * 764077: xen: CVE-2012-2934 Report a denial of service issue on old, pre-SVM AMD CPUs (AMD Erratum 121). AMD Erratum #121 is described in "Revision Guide for AMD Athlon 64 and AMD Opteron Processors": The following 130nm and 90nm (DDR1-only) AMD processors are subject to this erratum: o First-generation AMD-Opteron(tm) single and dual core processors in either 939 or 940 packages: + AMD Opteron(tm) 100-Series Processors + AMD Opteron(tm) 200-Series Processors + AMD Opteron(tm) 800-Series Processors + AMD Athlon(tm) processors in either 754, 939 or 940 packages + AMD Sempron(tm) processor in either 754 or 939 packages + AMD Turion(tm) Mobile Technology in 754 package This issue does not effect Intel processors. The impact of this flaw is that a malicious PV guest user can halt the host system. As this is a hardware flaw, it is not fixable except by upgrading your hardware to a newer revision, or not allowing untrusted 64bit guestsystems. The patch changes the behaviour of the host system booting, which makes it unable to create guest machines until a specific boot option is set. There is a new XEN boot option "allow_unsafe" for GRUB which allows the host to start guests again. This is added to /boot/grub/menu.lst in the line looking like this: kernel /boot/xen.gz .... allow_unsafe or add this option to the XEN_APPEND line /etc/sysconfig/bootloader, like e.g.: XEN_APPEND="allow_unsafe" Note: .... in the first example represents the existing boot options for the host. * 753165: xen/scripts/network-bridge wont create bridge * 745880: cpuid setting is not preserved across xend restarts * 747331: standard "newburn" kernel QA stress test freezes the guest * 745367: MCE bank handling during migration * 744771: VM with passed through PCI card fails to reboot under dom0 load * 746702: Xen HVM DomU crash during Windows Server 2008 install, when maxmem > memory * 745005: Update vif configuration examples in xmexample* * 743414: using vifname is ignored when defining a xen virtual interface with xl/libxl * 739585: Xen block-attach fails after repeated attach/detach * Fate 310510: fix xenpaging vm-install * 760557: Fix error on two virtual discs with conflicting virtual names * 760023: Can't upgrade an OES 2 (64-bit) XEN Guest Server to OES 11 * 757346: XEN guest OS installation (SLES 11 SP2 guest) fails on SLED 11 SP2 * 742773: vm-install shows bogus error msg without defined installation source * KVM: Add 'unsafe' and 'directsync' as options to cache_mode * KVM: During installation set the target disk to 'unsafe' mode for better performance. * 761142: vm-install fails to create its new VM: bogus "Not enough space on device" message

Related Resources

Related Vulnerabilities

CVE-2012-0217   CVE-2012-0218   CVE-2012-2934  

Related Patches

Superseded Patches


Last Updated: 27 May 2016 11:14:10