SuSE 11.3 Security Update : Xen (SAT Patch Number 8063)

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote SuSE 11 host is missing one or more security updates.

Description :

The Xen hypervisor and toolset has been updated to 4.2.2_06 to fix
various bugs and security issues :

The following security issues have been addressed :

- Various integer overflows in the ELF loader were fixed.
(XSA-55). (CVE-2013-2194)

- Various pointer dereferences issues in the ELF loader
were fixed. (XSA-55). (CVE-2013-2195)

- Various other problems in the ELF loader were fixed.
(XSA-55). (CVE-2013-2196)

- A Hypervisor crash due to missing exception recovery on
XSETBV was fixed. (XSA-54). (CVE-2013-2078)

- A Hypervisor crash due to missing exception recovery on
XRSTOR was fixed. (XSA-53). (CVE-2013-2077)

- libxl allowed guest write access to sensitive console
related xenstore keys. (XSA-57). (CVE-2013-2211)

- An information leak on XSAVE/XRSTOR capable AMD CPUs
(XSA-52) was fixed, where parts of this state could leak
to other VMs. (CVE-2013-2076)

Also the following bugs have been fixed :

- performance issues in mirror lvm. (bnc#801663)

- aacraid driver panics mapping INT A when booting
kernel-xen. (bnc#808085)

- Fully Virtualized Windows VM install failed on Ivy
Bridge platforms with Xen kernel. (bnc#808269)

- Did not boot with i915 graphics controller with VT-d
enabled (bnc#817210)

See also :

https://bugzilla.novell.com/show_bug.cgi?id=801663
https://bugzilla.novell.com/show_bug.cgi?id=808085
https://bugzilla.novell.com/show_bug.cgi?id=808269
https://bugzilla.novell.com/show_bug.cgi?id=817210
https://bugzilla.novell.com/show_bug.cgi?id=820917
https://bugzilla.novell.com/show_bug.cgi?id=820919
https://bugzilla.novell.com/show_bug.cgi?id=820920
https://bugzilla.novell.com/show_bug.cgi?id=823011
https://bugzilla.novell.com/show_bug.cgi?id=823608
http://support.novell.com/security/cve/CVE-2013-2076.html
http://support.novell.com/security/cve/CVE-2013-2077.html
http://support.novell.com/security/cve/CVE-2013-2078.html
http://support.novell.com/security/cve/CVE-2013-2194.html
http://support.novell.com/security/cve/CVE-2013-2195.html
http://support.novell.com/security/cve/CVE-2013-2196.html
http://support.novell.com/security/cve/CVE-2013-2211.html

Solution :

Apply SAT patch number 8063.

Risk factor :

High / CVSS Base Score : 7.4
(CVSS2#AV:A/AC:M/Au:S/C:C/I:C/A:C)

Family: SuSE Local Security Checks

Nessus Plugin ID: 69297 ()

Bugtraq ID:

CVE ID: CVE-2013-2076
CVE-2013-2077
CVE-2013-2078
CVE-2013-2194
CVE-2013-2195
CVE-2013-2196
CVE-2013-2211

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now