openSUSE Security Update : Xen (openSUSE-SU-2012:1174-1)

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

Security Update for Xen Following fixes were done :

- bnc#776995 - attaching scsi control luns with pvscsi

- xend/pvscsi: fix passing of SCSI control LUNs
xen-bug776995-pvscsi-no-devname.patch

- xend/pvscsi: fix usage of persistant device names for
SCSI devices xen-bug776995-pvscsi-persistent-names.patch

- xend/pvscsi: update sysfs parser for Linux 3.0
xen-bug776995-pvscsi-sysfs-parser.patch

- bnc#777090 - VUL-0: CVE-2012-3494: xen: hypercall
set_debugreg vulnerability (XSA-12)
CVE-2012-3494-xsa12.patch

- bnc#777091 - VUL-0: CVE-2012-3496: xen:
XENMEM_populate_physmap DoS vulnerability (XSA-14)
CVE-2012-3496-xsa14.patch

- bnc#777084 - VUL-0: CVE-2012-3515: xen: Qemu VT100
emulation vulnerability (XSA-17)
CVE-2012-3515-xsa17.patch

- bnc#744771 - VM with passed through PCI card fails to
reboot under dom0 load 24888-pci-release-devices.patch

- Upstream patches from Jan
25431-x86-EDD-MBR-sig-check.patch
25459-page-list-splice.patch
25478-x86-unknown-NMI-deadlock.patch
25480-x86_64-sysret-canonical.patch
25481-x86_64-AMD-erratum-121.patch
25485-x86_64-canonical-checks.patch
25587-param-parse-limit.patch
25617-vtd-qinval-addr.patch 25688-x86-nr_irqs_gsi.patch

- bnc#773393 - VUL-0: CVE-2012-3433: xen: HVM guest
destroy p2m teardown host DoS vulnerability
CVE-2012-3433-xsa11.patch

- bnc#773401 - VUL-1: CVE-2012-3432: xen: HVM guest user
mode MMIO emulation DoS
25682-x86-inconsistent-io-state.patch

- bnc#762484 - VUL-1: CVE-2012-2625: xen: pv bootloader
doesn't check the size of the bzip2 or lzma compressed
kernel, leading to denial of service
25589-pygrub-size-limits.patch

See also :

http://lists.opensuse.org/opensuse-updates/2012-09/msg00061.html
https://bugzilla.novell.com/show_bug.cgi?id=744771
https://bugzilla.novell.com/show_bug.cgi?id=762484
https://bugzilla.novell.com/show_bug.cgi?id=773393
https://bugzilla.novell.com/show_bug.cgi?id=773401
https://bugzilla.novell.com/show_bug.cgi?id=776995
https://bugzilla.novell.com/show_bug.cgi?id=777084
https://bugzilla.novell.com/show_bug.cgi?id=777090
https://bugzilla.novell.com/show_bug.cgi?id=777091

Solution :

Update the affected Xen packages.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

Family: SuSE Local Security Checks

Nessus Plugin ID: 74749 ()

Bugtraq ID:

CVE ID: CVE-2012-2625
CVE-2012-3432
CVE-2012-3433
CVE-2012-3494
CVE-2012-3496
CVE-2012-3515

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now