Detections
Analytics
openSUSE Security Update : xen (openSUSE-2017-563)
critical Nessus Plugin ID 100086
Language:
Synopsis
The remote openSUSE host is missing a security update.Description
This update for xen fixes several issues.These security issues were fixed :
- A malicious 64-bit PV guest may be able to access all of system memory, allowing for all of privilege escalation, host crashes, and information leaks by placing a IRET hypercall in the middle of a multicall batch (XSA-213, bsc#1034843)
- A malicious pair of guests may be able to access all of system memory, allowing for all of privilege escalation, host crashes, and information leaks because of a missing check when transfering pages via GNTTABOP_transfer (XSA-214, bsc#1034844).
- CVE-2017-7718: hw/display/cirrus_vga_rop.h allowed local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors related to copying VGA data via the cirrus_bitblt_rop_fwd_transp_ and cirrus_bitblt_rop_fwd_ functions (bsc#1034994).
- CVE-2016-9603: A privileged user within the guest VM could have caused a heap overflow in the device model process, potentially escalating their privileges to that of the device model process (bsc#1028655)
These non-security issues were fixed :
- bsc#1029827: Additional xenstore patch
- bsc#1036146: Xen VM dumped core to wrong path
- bsc#1022703: Prevent Xen HVM guest with OVMF to hang with unattached CDRom This update was imported from the SUSE:SLE-12-SP2:Update update project.
Solution
Update the affected xen packages.See Also
https://bugzilla.opensuse.org/show_bug.cgi?id=1022703
https://bugzilla.opensuse.org/show_bug.cgi?id=1028655
https://bugzilla.opensuse.org/show_bug.cgi?id=1029827
https://bugzilla.opensuse.org/show_bug.cgi?id=1030144
https://bugzilla.opensuse.org/show_bug.cgi?id=1034843
https://bugzilla.opensuse.org/show_bug.cgi?id=1034844
Plugin Details
Severity: Critical
ID: 100086
File Name: openSUSE-2017-563.nasl
Version: 3.5
Type: local
Agent: unix
Family: SuSE Local Security Checks
Published: 5/10/2017
Updated: 1/19/2021
Supported Sensors: Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.5
CVSS v2
Risk Factor: High
Base Score: 9
Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C
CVSS v3
Risk Factor: Critical
Base Score: 9.9
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Vulnerability Information
CPE: p-cpe:/a:novell:opensuse:xen, p-cpe:/a:novell:opensuse:xen-debugsource, p-cpe:/a:novell:opensuse:xen-devel, p-cpe:/a:novell:opensuse:xen-doc-html, p-cpe:/a:novell:opensuse:xen-libs, p-cpe:/a:novell:opensuse:xen-libs-32bit, p-cpe:/a:novell:opensuse:xen-libs-debuginfo, p-cpe:/a:novell:opensuse:xen-libs-debuginfo-32bit, p-cpe:/a:novell:opensuse:xen-tools, p-cpe:/a:novell:opensuse:xen-tools-debuginfo, p-cpe:/a:novell:opensuse:xen-tools-domu, p-cpe:/a:novell:opensuse:xen-tools-domu-debuginfo, cpe:/o:novell:opensuse:42.2
Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu
Patch Publication Date: 5/9/2017
Reference Information
CVE: CVE-2016-9603, CVE-2017-7718