SuSE 10 Security Update : Xen (ZYPP Patch Number 8359)

This script is Copyright (C) 2012 Tenable Network Security, Inc.


Synopsis :

The remote SuSE 10 host is missing a security-related patch.

Description :

XEN received various security and bugfixes :

- xen: Timer overflow DoS vulnerability (XSA-20).
(CVE-2012-4535)

- xen: Memory mapping failure DoS vulnerability (XSA-22)
The following additional bugs have beenfixed:.
(CVE-2012-4537)

- L3: Xen BUG at io_apic.c:129
26102-x86-IOAPIC-legacy-not-first.patch. (bnc#784087)

- Upstream patches from Jan
25927-x86-domctl-ioport-mapping-range.patch
25931-x86-domctl-iomem-mapping-checks.patch
26061-x86-oprof-counter-range.patch
25431-x86-EDD-MBR-sig-check.patch
25480-x86_64-sysret-canonical.patch
25481-x86_64-AMD-erratum-121.patch
25485-x86_64-canonical-checks.patch
25587-param-parse-limit.patch
25589-pygrub-size-limits.patch
25744-hypercall-return-long.patch
25765-x86_64-allow-unsafe-adjust.patch
25773-x86-honor-no-real-mode.patch
25786-x86-prefer-multiboot-meminfo-over-e801.patch
25808-domain_create-return-value.patch
25814-x86_64-set-debugreg-guest.patch
24742-gnttab-misc.patch 25098-x86-emul-lock-UD.patch
25200-x86_64-trap-bounce-flags.patch
25271-x86_64-IST-index.patch

- win2k8 guests are unable to restore after saving the vms
state ept-novell-x64.patch
23800-x86_64-guest-addr-range.patch
24168-x86-vioapic-clear-remote_irr.patch
24453-x86-vIRQ-IRR-TMR-race.patch
24456-x86-emul-lea.patch. (bnc#651093)

- Unable to install RHEL 6.1 x86 as a paravirtualized
guest OS on SLES 10 SP4 x86 vm-install-0.2.19.tar.bz2.
(bnc#713555)

See also :

http://support.novell.com/security/cve/CVE-2012-4535.html
http://support.novell.com/security/cve/CVE-2012-4537.html

Solution :

Apply ZYPP patch number 8359.

Risk factor :

Low / CVSS Base Score : 2.1
(CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P)

Family: SuSE Local Security Checks

Nessus Plugin ID: 62963 ()

Bugtraq ID:

CVE ID: CVE-2012-4535
CVE-2012-4537

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now