SuSE 11 Security Update : KVM (SAT Patch Number 1166)

medium Nessus Plugin ID 41416

Synopsis

The remote SuSE 11 host is missing one or more security updates.

Description

The KVM technology available as Technical Preview in SUSE Linux Enterprise has been updated to version 0.10.5.

While a minor security issue was fixed, this mainly is a huge version update.

Changelog :

- 'info chardev' monitor command

- automatic port allocation for vnc and similar

- improved cdrom media change handling

- scsi improvements

- e1000 vlan offload

- fix interrupt loss when injecting an nmi

- SPT optimizations

- x86 emulator improvements

- fix amd->intel migration

- enable virtio zero-copy (Mark McLoughlin)

- uuid support

- hpet support

- '-drive serial=...' option

- improved tsc handling (Marcelo Tosatti)

- guest S3 sleep (Gleb Natapov)

- '-no-kvm-pit-reinjection' option to improve timing on RHEL 3 era guests (Marcelo Tosatti)

- fix xen-on-kvm

- enable ac97 audio by default

- add virtio-console device

- fix rtc time drift on Windows (-rtc-td-hack option)

- vnc improvements

- fix kvmclock on hosts with unstable tsc (Gerd Hoffman)

- fix cygwin on Windows x64

- enable nested paging again And the KVM kernel module was upgraded to 2.6.30.1 :

- check for CR3 set. (bnc#517671, CVE-2009-2287)

- fix cpuid

- fix guest reboot failures

- fix interrupt loss when injecting an nmi

- SPT optimizations

- x86 emulator improvements

- fix amd->intel migration

- improved tsc handling (Marcelo Tosatti)

- vnc improvements

- fix kvmclock on hosts with unstable tsc (Gerd Hoffman)

- fix cygwin on Windows x64

Solution

Apply SAT patch number 1166.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=517671

http://support.novell.com/security/cve/CVE-2009-2287.html

Plugin Details

Severity: Medium

ID: 41416

File Name: suse_11_kvm-090806.nasl

Version: 1.10

Type: local

Agent: unix

Published: 9/24/2009

Updated: 1/14/2021

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 4.9

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:11:kvm, p-cpe:/a:novell:suse_linux:11:kvm-kmp-default, p-cpe:/a:novell:suse_linux:11:kvm-kmp-pae, cpe:/o:novell:suse_linux:11

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 8/6/2009

Reference Information

CVE: CVE-2009-2287

CWE: 20