openSUSE Security Update : xen (openSUSE-2017-563)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

This update for xen fixes several issues.

These security issues were fixed :

- A malicious 64-bit PV guest may be able to access all of
system memory, allowing for all of privilege escalation,
host crashes, and information leaks by placing a IRET
hypercall in the middle of a multicall batch (XSA-213,
bsc#1034843)

- A malicious pair of guests may be able to access all of
system memory, allowing for all of privilege escalation,
host crashes, and information leaks because of a missing
check when transfering pages via GNTTABOP_transfer
(XSA-214, bsc#1034844).

- CVE-2017-7718: hw/display/cirrus_vga_rop.h allowed local
guest OS privileged users to cause a denial of service
(out-of-bounds read and QEMU process crash) via vectors
related to copying VGA data via the
cirrus_bitblt_rop_fwd_transp_ and cirrus_bitblt_rop_fwd_
functions (bsc#1034994).

- CVE-2016-9603: A privileged user within the guest VM
could have caused a heap overflow in the device model
process, potentially escalating their privileges to that
of the device model process (bsc#1028655)

These non-security issues were fixed :

- bsc#1029827: Additional xenstore patch

- bsc#1036146: Xen VM dumped core to wrong path

- bsc#1022703: Prevent Xen HVM guest with OVMF to hang
with unattached CDRom This update was imported from the
SUSE:SLE-12-SP2:Update update project.

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=1022703
https://bugzilla.opensuse.org/show_bug.cgi?id=1028655
https://bugzilla.opensuse.org/show_bug.cgi?id=1029827
https://bugzilla.opensuse.org/show_bug.cgi?id=1030144
https://bugzilla.opensuse.org/show_bug.cgi?id=1034843
https://bugzilla.opensuse.org/show_bug.cgi?id=1034844
https://bugzilla.opensuse.org/show_bug.cgi?id=1034994
https://bugzilla.opensuse.org/show_bug.cgi?id=1036146

Solution :

Update the affected xen packages.

Risk factor :

Low / CVSS Base Score : 2.1
(CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P)

Family: SuSE Local Security Checks

Nessus Plugin ID: 100086 ()

Bugtraq ID:

CVE ID: CVE-2016-9603
CVE-2017-7718

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now