openSUSE Security Update : Xen (openSUSE-SU-2012:1172-1)

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

Security Update for Xen

Following bug and security fixes were applied :

- bnc#776995 - attaching scsi control luns with pvscsi

- xend/pvscsi: fix passing of SCSI control LUNs
xen-bug776995-pvscsi-no-devname.patch

- xend/pvscsi: fix usage of persistant device names for
SCSI devices xen-bug776995-pvscsi-persistent-names.patch

- xend/pvscsi: update sysfs parser for Linux 3.0
xen-bug776995-pvscsi-sysfs-parser.patch

- bnc#777090 - CVE-2012-3494: xen: hypercall set_debugreg
vulnerability (XSA-12) CVE-2012-3494-xsa12.patch

- bnc#777088 - CVE-2012-3495: xen: hypercall
physdev_get_free_pirq vulnerability (XSA-13)
CVE-2012-3495-xsa13.patch

- bnc#777091 - CVE-2012-3496: xen: XENMEM_populate_physmap
DoS vulnerability (XSA-14) CVE-2012-3496-xsa14.patch

- bnc#777086 - CVE-2012-3498: xen: PHYSDEVOP_map_pirq
index vulnerability (XSA-16) CVE-2012-3498-xsa16.patch

- bnc#777084 - CVE-2012-3515: xen: Qemu VT100 emulation
vulnerability (XSA-17) CVE-2012-3515-xsa17.patch

- Upstream patches from Jan
25734-x86-MCG_CTL-default.patch
25735-x86-cpuid-masking-XeonE5.patch
25744-hypercall-return-long.patch

- Update to Xen 4.1.3 c/s 23336

- Upstream or pending upstream patches from Jan
25587-fix-off-by-one-parsing-error.patch
25616-x86-MCi_CTL-default.patch
25617-vtd-qinval-addr.patch 25688-x86-nr_irqs_gsi.patch

- bnc#773393 - VUL-0: CVE-2012-3433: xen: HVM guest
destroy p2m teardown host DoS vulnerability
CVE-2012-3433-xsa11.patch

- bnc#773401 - VUL-1: CVE-2012-3432: xen: HVM guest user
mode MMIO emulation DoS
25682-x86-inconsistent-io-state.patch

- bnc#762484 - VUL-1: CVE-2012-2625: xen: pv bootloader
doesn't check the size of the bzip2 or lzma compressed
kernel, leading to denial of service
25589-pygrub-size-limits.patch

- bnc#767273 - unsupported /var/lock/subsys is still used
by xendomains init.xendomains

- bnc#766283 - opensuse 12.2 pv guests can not start after
installation due to lack of grub2 support in the host
23686-pygrub-solaris.patch 23697-pygrub-grub2.patch
23944-pygrub-debug.patch 23998-pygrub-GPT.patch
23999-pygrub-grub2.patch 24000-pygrub-grub2.patch
24001-pygrub-grub2.patch 24002-pygrub-grub2.patch
24064-pygrub-HybridISO.patch
24401-pygrub-scrolling.patch 24402-pygrub-edit-fix.patch
24460-pygrub-extlinux.patch 24706-pygrub-extlinux.patch

See also :

http://lists.opensuse.org/opensuse-updates/2012-09/msg00059.html
https://bugzilla.novell.com/show_bug.cgi?id=762484
https://bugzilla.novell.com/show_bug.cgi?id=766283
https://bugzilla.novell.com/show_bug.cgi?id=767273
https://bugzilla.novell.com/show_bug.cgi?id=773393
https://bugzilla.novell.com/show_bug.cgi?id=773401
https://bugzilla.novell.com/show_bug.cgi?id=776995
https://bugzilla.novell.com/show_bug.cgi?id=777084
https://bugzilla.novell.com/show_bug.cgi?id=777086
https://bugzilla.novell.com/show_bug.cgi?id=777088
https://bugzilla.novell.com/show_bug.cgi?id=777090
https://bugzilla.novell.com/show_bug.cgi?id=777091

Solution :

Update the affected Xen packages.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

Family: SuSE Local Security Checks

Nessus Plugin ID: 74750 ()

Bugtraq ID:

CVE ID: CVE-2012-2625
CVE-2012-3432
CVE-2012-3433
CVE-2012-3494
CVE-2012-3495
CVE-2012-3496
CVE-2012-3498
CVE-2012-3515

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now