SuSE 11.2 Security Update : Xen (SAT Patch Number 7798)

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.


Synopsis :

The remote SuSE 11 host is missing one or more security updates.

Description :

XEN has been updated to 4.1.5 c/s 23509 to fix various bugs and
security issues.

The following security issues have been fixed :

- Certain page table manipulation operations in Xen 4.1.x,
4.2.x, and earlier were not preemptible, which allowed
local PV kernels to cause a denial of service via
vectors related to deep page table traversal.
(CVE-2013-1918)

- Xen 4.x, when using Intel VT-d for a bus mastering
capable PCI device, did not properly check the source
when accessing a bridge devices interrupt remapping
table entries for MSI interrupts, which allowed local
guest domains to cause a denial of service (interrupt
injection) via unspecified vectors. (CVE-2013-1952)

- A information leak in the XSAVE/XRSTOR instructions
could be used to determine state of floating point
operations in other domains. (CVE-2013-2076)

- A denial of service (hypervisor crash) was possible due
to missing exception recovery on XRSTOR, that could be
used to crash the machine by PV guest users.
(CVE-2013-2077)

- A denial of service (hypervisor crash) was possible due
to missing exception recovery on XSETBV, that could be
used to crash the machine by PV guest users.
(CVE-2013-2078)

- Systems which allow untrusted administrators to
configure guest vcpu affinity may be exploited to
trigger a buffer overrun and corrupt memory.
(CVE-2013-2072)

- Xen 3.1 through 4.x, when running 64-bit hosts on Intel
CPUs, did not clear the NT flag when using an IRET after
a SYSENTER instruction, which allowed PV guest users to
cause a denial of service (hypervisor crash) by
triggering a #GP fault, which is not properly handled by
another IRET instruction. (CVE-2013-1917)

- Xen 4.2.x and 4.1.x did not properly restrict access to
IRQs, which allowed local stub domain clients to gain
access to IRQs and cause a denial of service via vectors
related to 'passed-through IRQs or PCI devices.'.
(CVE-2013-1919)

- Xen 4.2.x, 4.1.x, and earlier, when the hypervisor is
running 'under memory pressure' and the Xen Security
Module (XSM) is enabled, used the wrong ordering of
operations when extending the per-domain event channel
tracking table, which caused a use-after-free and
allowed local guest kernels to inject arbitrary events
and gain privileges via unspecified vectors.
(CVE-2013-1920)

- Xen 4.0.x and 4.1.x incorrectly released a grant
reference when releasing a non-v1, non-transitive grant,
which allowed local guest administrators to cause a
denial of service (host crash), obtain sensitive
information, or possible have other impacts via
unspecified vectors. (CVE-2013-1964)

Bugfixes :

- Upstream patches from Jan
26956-x86-mm-preemptible-cleanup.patch
27071-x86-IO-APIC-fix-guest-RTE-write-corner-cases.patch
27072-x86-shadow-fix-off-by-one-in-MMIO-permission-check
.patch 27079-fix-XSA-46-regression-with-xend-xm.patch
27083-AMD-iommu-SR56x0-Erratum-64-Reset-all-head-tail-po
inters.patch

- Update to Xen 4.1.5 c/s 23509 There were many xen.spec
file patches dropped as now being included in the 4.1.5
tarball.

- can't use pv-grub to start domU (pygrub does work)
xen.spec. (bnc#809662)

- Upstream patches from Jan
26702-powernow-add-fixups-for-AMD-P-state-figures.patch
26704-x86-MCA-suppress-bank-clearing-for-certain-injecte
d-events.patch
26731-AMD-IOMMU-Process-softirqs-while-building-dom0-iom
mu-mappings.patch
26733-VT-d-Enumerate-IOMMUs-when-listing-capabilities.pa
tch
26734-ACPI-ERST-Name-table-in-otherwise-opaque-error-mes
sages.patch
26736-ACPI-APEI-Unlock-apei_iomaps_lock-on-error-path.pa
tch 26737-ACPI-APEI-Add-apei_exec_run_optional.patch
26742-IOMMU-properly-check-whether-interrupt-remapping-i
s-enabled.patch
26743-VT-d-deal-with-5500-5520-X58-errata.patch
26744-AMD-IOMMU-allow-disabling-only-interrupt-remapping
.patch
26749-x86-reserve-pages-when-SandyBridge-integrated-grap
hics.patch
26765-hvm-Clean-up-vlapic_reg_write-error-propagation.pa
tch
26770-x86-irq_move_cleanup_interrupt-must-ignore-legacy-
vectors.patch
26771-x86-S3-Restore-broken-vcpu-affinity-on-resume.patc
h
26772-VMX-Always-disable-SMEP-when-guest-is-in-non-pagin
g-mode.patch
26773-x86-mm-shadow-spurious-warning-when-unmapping-xenh
eap-pages.patch
26799-x86-don-t-pass-negative-time-to-gtime_to_gtsc.patc
h
26851-iommu-crash-Interrupt-remapping-is-also-disabled-o
n-crash.patch

- Unable to create XEN virtual machines in SLED 11 SP2 on
Kyoto xend-cpuinfo-model-name.patch. (bnc#814709)

- Upstream patches from Jan 26536-xenoprof-div-by-0.patch
26578-AMD-IOMMU-replace-BUG_ON.patch
26656-x86-fix-null-pointer-dereference-in-intel_get_exte
nded_msrs.patch
26659-AMD-IOMMU-erratum-746-workaround.patch
26660-x86-fix-CMCI-injection.patch
26672-vmx-fix-handling-of-NMI-VMEXIT.patch
26673-Avoid-stale-pointer-when-moving-domain-to-another-
cpupool.patch
26676-fix-compat-memory-exchange-op-splitting.patch
26677-x86-make-certain-memory-sub-ops-return-valid-value
s.patch 26678-SEDF-avoid-gathering-vCPU-s-on-pCPU0.patch
26679-x86-defer-processing-events-on-the-NMI-exit-path.p
atch
26683-credit1-Use-atomic-bit-operations-for-the-flags-st
ructure.patch
26692-x86-MSI-fully-protect-MSI-X-table.patch

See also :

https://bugzilla.novell.com/show_bug.cgi?id=801663
https://bugzilla.novell.com/show_bug.cgi?id=809662
https://bugzilla.novell.com/show_bug.cgi?id=813673
https://bugzilla.novell.com/show_bug.cgi?id=813675
https://bugzilla.novell.com/show_bug.cgi?id=813677
https://bugzilla.novell.com/show_bug.cgi?id=814709
https://bugzilla.novell.com/show_bug.cgi?id=816156
https://bugzilla.novell.com/show_bug.cgi?id=816159
https://bugzilla.novell.com/show_bug.cgi?id=816163
https://bugzilla.novell.com/show_bug.cgi?id=819416
https://bugzilla.novell.com/show_bug.cgi?id=820917
https://bugzilla.novell.com/show_bug.cgi?id=820919
https://bugzilla.novell.com/show_bug.cgi?id=820920
http://support.novell.com/security/cve/CVE-2013-1917.html
http://support.novell.com/security/cve/CVE-2013-1918.html
http://support.novell.com/security/cve/CVE-2013-1919.html
http://support.novell.com/security/cve/CVE-2013-1920.html
http://support.novell.com/security/cve/CVE-2013-1952.html
http://support.novell.com/security/cve/CVE-2013-1964.html
http://support.novell.com/security/cve/CVE-2013-2072.html
http://support.novell.com/security/cve/CVE-2013-2076.html
http://support.novell.com/security/cve/CVE-2013-2077.html
http://support.novell.com/security/cve/CVE-2013-2078.html

Solution :

Apply SAT patch number 7798.

Risk factor :

High / CVSS Base Score : 7.4
(CVSS2#AV:A/AC:M/Au:S/C:C/I:C/A:C)

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now