openSUSE Security Update : xen (openSUSE-SU-2012:1685-1)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Synopsis :

The remote openSUSE host is missing a security update.

Description :

This update of XEN fixes various denial of service bugs.

- bnc#789945 - CVE-2012-5510: xen: Grant table version
switch list corruption vulnerability (XSA-26)

- bnc#789944 - CVE-2012-5511: xen: Several HVM operations
do not validate the range of their inputs (XSA-27)

- bnc#789940 - CVE-2012-5512: xen: HVMOP_get_mem_access
crash / HVMOP_set_mem_access information leak (XSA-28)

- bnc#789951 - CVE-2012-5513: xen: XENMEM_exchange may
overwrite hypervisor memory (XSA-29)

- bnc#789948 - CVE-2012-5514: xen: Missing unlock in
guest_physmap_mark_populate_on_demand() (XSA-30)

- bnc#789950 - CVE-2012-5515: xen: Several memory
hypercall operations allow invalid extent order values

- bnc#789988 - FATAL PAGE FAULT in hypervisor

- Upstream patches from Jan
26148-vcpu-timer-overflow.patch (Replaces
26149-x86-p2m-physmap-error-path.patch (Replaces
26150-x86-shadow-unhook-toplevel-check.patch (Replaces
26151-gnttab-compat-get-status-frames.patch (Replaces

- bnc#777628 - guest 'disappears' after live migration
Updated block-dmmd script

- Fix exception in and

- bnc#792476 - efi files missing in latest XEN update
Revert c/s 25751 EFI Makefile changes in

See also :

Solution :

Update the affected xen packages.

Risk factor :

Medium / CVSS Base Score : 6.9

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now