Overview

File _patchinfo of Package patchinfo.1526

<patchinfo incident="1526">
  <packager>charlesa</packager>
  <issue tracker="bnc" id="802690">domain locking can prevent a live migration from completing</issue>
  <issue tracker="bnc" id="797523">VUL-1: CVE-2012-6075: qemu / kvm-qemu / xen : e1000 overflows under some conditions (XSA-41)</issue>
  <issue tracker="bnc" id="794316">VUL-1: CVE-2012-5634: xen: VT-d interrupt remapping source validation flaw (XSA-33)</issue>
  <issue tracker="bnc" id="806736">enabling xentrace crashes hypervisor.</issue>
  <issue tracker="bnc" id="800156">HP iLo Generate NMI function not working in XEN kernel</issue>
  <issue tracker="bnc" id="798188">xen vm can't autoboot because of bridge network hasn't been start</issue>
  <issue tracker="bnc" id="799694">Unable to dvd or cdrom-boot DomU after xen-tools update</issue>
  <issue tracker="bnc" id="793927">Xen VMs with more than 2 disks randomly fail to start</issue>
  <issue tracker="bnc" id="805094">xen hot plug attach/detach fails</issue>
  <issue tracker="bnc" id="800275">VUL-0: XSA-36: CVE-2013-0153: xen: interrupt remap entries shared and old ones not cleared on AMD IOMMUs</issue>
  <issue tracker="bnc" id="797014">no way to control live migrations</issue>
  <issue tracker="bnc" id="797031">VUL-1: xen: XSA-37 (CVE-2013-0154) - Hypervisor crash due to incorrect ASSERT (debug build only)</issue>
  <issue tracker="cve" id="CVE-2012-5515"></issue>
  <issue tracker="cve" id="CVE-2012-5514"></issue>
  <issue tracker="cve" id="CVE-2012-5513"></issue>
  <issue tracker="cve" id="CVE-2012-5511"></issue>
  <issue tracker="cve" id="CVE-2012-5510"></issue>
  <issue tracker="cve" id="CVE-2013-0154"></issue>
  <issue tracker="cve" id="CVE-2013-0153"></issue>
  <issue tracker="cve" id="CVE-2012-5634"></issue>
  <issue tracker="cve" id="CVE-2012-6075"></issue>
  <category>security</category>
  <rating>moderate</rating>
  <summary>xen: security and bugfix update</summary>
  <description>
XEN was updated to fix various bugs and security issues:

Security issues fixed:
- bnc#800275 - CVE-2013-0153: xen: interrupt remap entries
  shared and old ones not cleared on AMD IOMMUs
- bnc#797523 - CVE-2012-6075: qemu / kvm-qemu: e1000
  overflows under some conditions
- bnc#797031 - Xen Security Advisory 37 (CVE-2013-0154) -
  Hypervisor crash due to incorrect ASSERT (debug build only)
- bnc#794316 - CVE-2012-5634: xen: VT-d interrupt remapping
  source validation flaw (XSA-33)

Bugs fixed:
  - Upstream patches from Jan
  26536-xenoprof-div-by-0.patch
  26578-AMD-IOMMU-replace-BUG_ON.patch
  26656-x86-fix-null-pointer-dereference-in-intel_get_extended_msrs.patch
  26659-AMD-IOMMU-erratum-746-workaround.patch
  26660-x86-fix-CMCI-injection.patch
  26672-vmx-fix-handling-of-NMI-VMEXIT.patch
  26673-Avoid-stale-pointer-when-moving-domain-to-another-cpupool.patch
  26676-fix-compat-memory-exchange-op-splitting.patch
  26677-x86-make-certain-memory-sub-ops-return-valid-values.patch
  26678-SEDF-avoid-gathering-vCPU-s-on-pCPU0.patch
  26679-x86-defer-processing-events-on-the-NMI-exit-path.patch
  26683-credit1-Use-atomic-bit-operations-for-the-flags-structure.patch
  26692-x86-MSI-fully-protect-MSI-X-table.patch

- bnc#805094 - xen hot plug attach/detach fails
  modified blktap-pv-cdrom.patch

- bnc#802690 - domain locking can prevent a live migration from
  completing
  modified xend-domain-lock.patch

- bnc#797014 - no way to control live migrations
  26547-tools-xc_fix_logic_error_in_stdiostream_progress.patch
  26548-tools-xc_handle_tty_output_differently_in_stdiostream_progress.patch
  26549-tools-xc_turn_XCFLAGS__into_shifts.patch
  26550-tools-xc_restore_logging_in_xc_save.patch
  26551-tools-xc_log_pid_in_xc_save-xc_restore_output.patch
  26675-tools-xentoollog_update_tty_detection_in_stdiostream_progress.patch
  xen.migrate.tools-xc_print_messages_from_xc_save_with_xc_report.patch
  xen.migrate.tools-xc_document_printf_calls_in_xc_restore.patch
  xen.migrate.tools-xc_rework_xc_save.cswitch_qemu_logdirty.patch
  xen.migrate.tools_set_migration_constraints_from_cmdline.patch
  xen.migrate.tools_add_xm_migrate_--log_progress_option.patch
- remove old patches:  
  xen.xc.progress.patch
  xen.xc_save.details.patch
  xen.migration.abort_if_busy.patch

- bnc#806736: enabling xentrace crashes hypervisor
  26686-xentrace_fix_off-by-one_in_calculate_tbuf_size.patch

- Upstream patches from Jan
  26287-sched-credit-pick-idle.patch
  26501-VMX-simplify-CR0-update.patch
  26502-VMX-disable-SMEP-when-not-paging.patch
  26516-ACPI-parse-table-retval.patch (Replaces CVE-2013-0153-xsa36.patch)
  26517-AMD-IOMMU-clear-irtes.patch (Replaces CVE-2013-0153-xsa36.patch)
  26518-AMD-IOMMU-disable-if-SATA-combined-mode.patch (Replaces CVE-2013-0153-xsa36.patch)
  26519-AMD-IOMMU-perdev-intremap-default.patch (Replaces CVE-2013-0153-xsa36.patch)
  26526-pvdrv-no-devinit.patch
  26531-AMD-IOMMU-IVHD-special-missing.patch (Replaces CVE-2013-0153-xsa36.patch)

- bnc#798188 - Add $network to xend initscript dependencies

- bnc#797014 - no way to control live migrations
  * fix logic error in stdiostream_progress
  xen.xc.progress.patch
  * restore logging in xc_save
  xen.xc_save.details.patch
  * add options to control migration tunables
  --max_iters, --max_factor, --abort_if_busy
  xen.migration.abort_if_busy.patch

- bnc#799694 - Unable to dvd or cdrom-boot DomU after xen-tools update 
  Fixed with update to Xen version 4.1.4

- bnc#800156 - L3: HP iLo Generate NMI function not working in XEN
  kernel
  26440-x86-forward-SERR.patch
- Upstream patches from Jan
  26404-x86-forward-both-NMI-kinds.patch
  26427-x86-AMD-enable-WC+.patch 

- bnc#793927 - Xen VMs with more than 2 disks randomly fail to start 
  25590-hotplug-locking.patch
  25595-hotplug-locking.patch
  26079-hotplug-locking.patch

- Upstream patches from Jan
  26332-x86-compat-show-guest-stack-mfn.patch
  26333-x86-get_page_type-assert.patch (Replaces CVE-2013-0154-xsa37.patch)
  26340-VT-d-intremap-verify-legacy-bridge.patch (Replaces CVE-2012-5634-xsa33.patch)
  26370-libxc-x86-initial-mapping-fit.patch


- Update to Xen 4.1.4 c/s 23432

- Update xenpaging.guest-memusage.patch
  add rule for xenmem to avoid spurious build failures

- Upstream patches from Jan
  26179-PCI-find-next-cap.patch
  26183-x86-HPET-masking.patch
  26188-x86-time-scale-asm.patch
  26200-IOMMU-debug-verbose.patch
  26203-x86-HAP-dirty-vram-leak.patch
  26229-gnttab-version-switch.patch (Replaces CVE-2012-5510-xsa26.patch)
  26230-x86-HVM-limit-batches.patch (Replaces CVE-2012-5511-xsa27.patch)
  26231-memory-exchange-checks.patch (Replaces CVE-2012-5513-xsa29.patch)
  26232-x86-mark-PoD-error-path.patch (Replaces CVE-2012-5514-xsa30.patch)
  26233-memop-order-checks.patch (Replaces CVE-2012-5515-xsa31.patch)
  26235-IOMMU-ATS-max-queue-depth.patch
  26272-x86-EFI-makefile-cflags-filter.patch
  26294-x86-AMD-Fam15-way-access-filter.patch
  CVE-2013-0154-xsa37.patch

- Restore c/s 25751 in 23614-x86_64-EFI-boot.patch. Modify the EFI
  Makefile to do additional filtering.
  EFI-makefile-cflags-filter.patch
</description>
  <reboot_needed/>
</patchinfo>
openSUSE Build Service is sponsored by
Places