SuSE 11.3 Security Update : Xen (SAT Patch Number 8588)

high Nessus Plugin ID 71562

Synopsis

The remote SuSE 11 host is missing one or more security updates.

Description

The Xen hypervisor and tool-suite have been updated to fix security issues and bugs :

- XSA-73: A lock order reversal between page allocation and grant table locks could lead to host crashes or even host code execution. (CVE-2013-4494)

- XSA-74: A lock order reversal between page_alloc_lock and mm_rwlock could lead to deadlocks. (CVE-2013-4553)

- XSA-76: Hypercalls exposed to privilege rings 1 and 2 of HVM guests which might lead to Hypervisor escalation under specific circumstances. (CVE-2013-4554)

- XSA-78: Insufficient TLB flushing in VT-d (iommu) code could lead to access of memory that was revoked.
(CVE-2013-6375)

- XSA-75: A host crash due to guest VMX instruction execution was fixed. Non-security bugs have also been fixed:. (CVE-2013-4551)

- It is possible to start a VM twice on the same node.
(bnc#840997)

- In HP's UEFI x86_64 platform and SLES 11-SP3, dom0 will could lock-up on multiple blades nPar. (bnc#842417)

- Xen Hypervisor panics on 8-blades nPar with 46-bit memory addressing. (bnc#848014)

- Soft lock-up with PCI pass-through and many VCPUs.
(bnc#846849)

- Boot Failure with Xen kernel in UEFI mode with error 'No memory for trampoline'. (bnc#833483)

- Increase the maximum supported CPUs in the Hypervisor to 512.

Solution

Apply SAT patch number 8588.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=833483

https://bugzilla.novell.com/show_bug.cgi?id=840997

https://bugzilla.novell.com/show_bug.cgi?id=842417

https://bugzilla.novell.com/show_bug.cgi?id=846849

https://bugzilla.novell.com/show_bug.cgi?id=848014

https://bugzilla.novell.com/show_bug.cgi?id=848657

https://bugzilla.novell.com/show_bug.cgi?id=849665

https://bugzilla.novell.com/show_bug.cgi?id=849667

https://bugzilla.novell.com/show_bug.cgi?id=849668

https://bugzilla.novell.com/show_bug.cgi?id=851386

http://support.novell.com/security/cve/CVE-2013-1922.html

http://support.novell.com/security/cve/CVE-2013-2007.html

http://support.novell.com/security/cve/CVE-2013-4375.html

http://support.novell.com/security/cve/CVE-2013-4416.html

http://support.novell.com/security/cve/CVE-2013-4494.html

http://support.novell.com/security/cve/CVE-2013-4551.html

http://support.novell.com/security/cve/CVE-2013-4553.html

http://support.novell.com/security/cve/CVE-2013-4554.html

http://support.novell.com/security/cve/CVE-2013-6375.html

Plugin Details

Severity: High

ID: 71562

File Name: suse_11_xen-201311-131127.nasl

Version: 1.3

Type: local

Agent: unix

Published: 12/20/2013

Updated: 1/19/2021

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.0

CVSS v2

Risk Factor: High

Base Score: 7.9

Vector: CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:11:xen, p-cpe:/a:novell:suse_linux:11:xen-doc-html, p-cpe:/a:novell:suse_linux:11:xen-doc-pdf, p-cpe:/a:novell:suse_linux:11:xen-kmp-default, p-cpe:/a:novell:suse_linux:11:xen-kmp-pae, p-cpe:/a:novell:suse_linux:11:xen-libs, p-cpe:/a:novell:suse_linux:11:xen-libs-32bit, p-cpe:/a:novell:suse_linux:11:xen-tools, p-cpe:/a:novell:suse_linux:11:xen-tools-domu, cpe:/o:novell:suse_linux:11

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 11/27/2013

Reference Information

CVE: CVE-2013-1922, CVE-2013-2007, CVE-2013-4375, CVE-2013-4416, CVE-2013-4494, CVE-2013-4551, CVE-2013-4553, CVE-2013-4554, CVE-2013-6375