Security update for Xen (important)

XEN has been updated to 4.1.5 c/s 23509 to fix various bugs
and security issues.

The following security issues have been fixed:

CVE-2013-1918: Certain page table manipulation
operations in Xen 4.1.x, 4.2.x, and earlier were not
preemptible, which allowed local PV kernels to cause a
denial of service via vectors related to deep page table
traversal.

CVE-2013-1952: Xen 4.x, when using Intel VT-d for a
bus mastering capable PCI device, did not properly check
the source when accessing a bridge devices interrupt
remapping table entries for MSI interrupts, which allowed
local guest domains to cause a denial of service (interrupt
injection) via unspecified vectors.

CVE-2013-2076: A information leak in the XSAVE/XRSTOR
instructions could be used to determine state of floating
point operations in other domains.

CVE-2013-2077: A denial of service (hypervisor crash)
was possible due to missing exception recovery on XRSTOR,
that could be used to crash the machine by PV guest users.

CVE-2013-2078: A denial of service (hypervisor crash)
was possible due to missing exception recovery on XSETBV,
that could be used to crash the machine by PV guest users.

CVE-2013-2072: Systems which allow untrusted
administrators to configure guest vcpu affinity may be
exploited to trigger a buffer overrun and corrupt memory.

CVE-2013-1917: Xen 3.1 through 4.x, when running
64-bit hosts on Intel CPUs, did not clear the NT flag when
using an IRET after a SYSENTER instruction, which allowed
PV guest users to cause a denial of service (hypervisor
crash) by triggering a #GP fault, which is not properly
handled by another IRET instruction.

CVE-2013-1919: Xen 4.2.x and 4.1.x did not properly
restrict access to IRQs, which allowed local stub domain
clients to gain access to IRQs and cause a denial of
service via vectors related to "passed-through IRQs or PCI
devices."

CVE-2013-1920: Xen 4.2.x, 4.1.x, and earlier, when
the hypervisor is running "under memory pressure" and the
Xen Security Module (XSM) is enabled, used the wrong
ordering of operations when extending the per-domain event
channel tracking table, which caused a use-after-free and
allowed local guest kernels to inject arbitrary events and
gain privileges via unspecified vectors.

CVE-2013-1964: Xen 4.0.x and 4.1.x incorrectly
released a grant reference when releasing a non-v1,
non-transitive grant, which allowed local guest
administrators to cause a denial of service (host crash),
obtain sensitive information, or possible have other
impacts via unspecified vectors.

Bugfixes:

Upstream patches from Jan
26956-x86-mm-preemptible-cleanup.patch
27071-x86-IO-APIC-fix-guest-RTE-write-corner-cases.patch
27072-x86-shadow-fix-off-by-one-in-MMIO-permission-check.pat
ch 27079-fix-XSA-46-regression-with-xend-xm.patch
27083-AMD-iommu-SR56x0-Erratum-64-Reset-all-head-tail-pointe
rs.patch

Update to Xen 4.1.5 c/s 23509 There were many
xen.spec file patches dropped as now being included in the
4.1.5 tarball.

bnc#809662 - can’t use pv-grub to start domU (pygrub
does work) xen.spec

Upstream patches from Jan
26702-powernow-add-fixups-for-AMD-P-state-figures.patch
26704-x86-MCA-suppress-bank-clearing-for-certain-injected-ev
ents.patch
26731-AMD-IOMMU-Process-softirqs-while-building-dom0-iommu-m
appings.patch
26733-VT-d-Enumerate-IOMMUs-when-listing-capabilities.patch
26734-ACPI-ERST-Name-table-in-otherwise-opaque-error-message
s.patch
26736-ACPI-APEI-Unlock-apei_iomaps_lock-on-error-path.patch
26737-ACPI-APEI-Add-apei_exec_run_optional.patch
26742-IOMMU-properly-check-whether-interrupt-remapping-is-en
abled.patch 26743-VT-d-deal-with-5500-5520-X58-errata.patch
26744-AMD-IOMMU-allow-disabling-only-interrupt-remapping.pat
ch
26749-x86-reserve-pages-when-SandyBridge-integrated-graphics
.patch
26765-hvm-Clean-up-vlapic_reg_write-error-propagation.patch
26770-x86-irq_move_cleanup_interrupt-must-ignore-legacy-vect
ors.patch
26771-x86-S3-Restore-broken-vcpu-affinity-on-resume.patch
26772-VMX-Always-disable-SMEP-when-guest-is-in-non-paging-mo
de.patch
26773-x86-mm-shadow-spurious-warning-when-unmapping-xenheap-
pages.patch
26799-x86-don-t-pass-negative-time-to-gtime_to_gtsc.patch
26851-iommu-crash-Interrupt-remapping-is-also-disabled-on-cr
ash.patch

bnc#814709 - Unable to create XEN virtual machines in
SLED 11 SP2 on Kyoto xend-cpuinfo-model-name.patch

Upstream patches from Jan
26536-xenoprof-div-by-0.patch
26578-AMD-IOMMU-replace-BUG_ON.patch
26656-x86-fix-null-pointer-dereference-in-intel_get_extended
_msrs.patch 26659-AMD-IOMMU-erratum-746-workaround.patch
26660-x86-fix-CMCI-injection.patch
26672-vmx-fix-handling-of-NMI-VMEXIT.patch
26673-Avoid-stale-pointer-when-moving-domain-to-another-cpup
ool.patch
26676-fix-compat-memory-exchange-op-splitting.patch
26677-x86-make-certain-memory-sub-ops-return-valid-values.pa
tch 26678-SEDF-avoid-gathering-vCPU-s-on-pCPU0.patch
26679-x86-defer-processing-events-on-the-NMI-exit-path.patch
26683-credit1-Use-atomic-bit-operations-for-the-flags-struct
ure.patch 26692-x86-MSI-fully-protect-MSI-X-table.patch